WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Cleanups and updates to align with wolfSSL PR 6636.

pull/392/head
Bill Phipps 2023-07-21 09:55:32 -04:00
parent 4420cce5c4
commit 14321a7a19
5 changed files with 311 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ccb_vaultic/Makefile
View File

@ -17,7 +17,8 @@ OBJS=ccb_vaultic.o
# Uncomment to enable verbose debug logging
CFLAGS+=-DCCBVAULTIC_DEBUG
CFLAGS+=-DCCBVAULTIC_DEBUG_ALL
CFLAGS+=-DCCBVAULTIC_DEBUG_TIMING
#CFLAGS+=-DCCBVAULTIC_DEBUG_ALL
#CFLAGS+=-DSPI_TRACE_ERRORS
# Optionally disable certain kinds of offload
@ -46,7 +47,7 @@ CFLAGS+=-I$(VAULTIC_TLS)
LDFLAGS+=-L$(VAULTIC_TLS)/VaultIC_420_TLS_Lib-SPI-Release -lvaultic420_tls
#Test and Benchmark targets
CFLAGS+=-DFORCE_DEVID=0x56490420 -DBENCH_EMBEDDED -DNO_MAIN_DRIVER
CFLAGS+=-DWC_USE_DEVID=0x56490420 -DBENCH_EMBEDDED -DNO_MAIN_DRIVER
TEST_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/test/test.o main-test.o
BENCH_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/benchmark/benchmark.o main-bench.o
@ -59,6 +60,10 @@ wolfcrypt-test: $(OBJS) $(TEST_OBJS)
wolfcrypt-benchmark: $(OBJS) $(BENCH_OBJS)
$(CC) -o $@ $^ $(LDFLAGS)
lib: $(OBJS)
cp $(VAULTIC_TLS)/VaultIC_420_TLS_Lib-SPI-Release/libvaultic420_tls.a libccbvaultic.a
$(AR) -r libccbvaultic.a $(OBJS)
clean:
rm -f *.o *.d wolfcrypt-test wolfcrypt-benchmark
rm -f $(WOLFSSL_DIR)/wolfcrypt/benchmark/*.o

2
ccb_vaultic/README.md
View File

@ -30,7 +30,7 @@ To enable hardware offload support via cryptocb, configure wolfSSL to include cr
```
git clone git@github.com:wolfssl/wolfssl.git
cd wolfssl
./configure --host aarch64-linux-android CC=$NDK_CC AS=$NDK_AS RANLIB=$NDK_RANLIB AR=$NDK_AR LD=$NDK_LD STRIP=$NDK_STRIP CXX=$NDK_CXX --enable-cryptocb --enable-static --disable-shared
./configure --host aarch64-linux-android CC=$NDK_CC AS=$NDK_AS RANLIB=$NDK_RANLIB AR=$NDK_AR LD=$NDK_LD STRIP=$NDK_STRIP CXX=$NDK_CXX CFLAGS=-DWOLF_CRYPTO_CB_CMD --enable-cryptocb --enable-static --disable-shared
make
```

454
ccb_vaultic/ccb_vaultic.c
View File

@ -21,7 +21,6 @@
/* System includes */
#include <stdlib.h> /* For NULL */
#include <string.h> /* For memset/cpy */
#include <time.h> /* For clock_gettime */
/* wolfSSL configuration */
#include "wolfssl/options.h"
@ -43,25 +42,50 @@
#include "vaultic_api.h"
#include "vaultic_structs.h"
#define VAULTIC_KP_ALL 0xFF /* Allow all users all privileges */
#define VAULTIC_PKV_ASSURED VLT_PKV_ASSURED_EXPLICIT_VALIDATION
/* Local include */
#include "ccb_vaultic.h"
/* Defined options:
* CCBVAULTIC_DEBUG: Print copious callback info using printf
* CCBVAULTIC_DEBUG: Print useful callback info using printf
* CCBVAULTIC_DEBUG_TIMING: Print useful timing info using printf
* CCBVAULTIC_DEBUG_ALL: Print copious info using printf
* NO_CCBVIC_SHA: Do not handle SHA256 callback
* NO_CCBVIC_RSA: Do not handle RSA callback
* NO_CCBVIC_AES: Do not handle AES callback
*/
/* Provide global singleton context to avoid allocation */
static ccbVaultIc_Context localContext = {0};
#ifdef CCBVAULTIC_DEBUG_ALL
#ifndef CCBVAULTIC_DEBUG
#define CCBVAULTIC_DEBUG
#endif
#ifndef CCBVAULTIC_DEBUG_TIMING
#define CCBVAULTIC_DEBUG_TIMING
#endif
#endif
#ifdef CCBVAULTIC_DEBUG_TIMING
#include <time.h> /* For clock_gettime */
#endif
/* Forward declarations */
static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c);
static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c);
static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c);
static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c);
static int HandlePkCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c);
static int HandleHashCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c);
static int HandleCipherCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c);
#ifdef WOLF_CRYPTO_CB_CMD
/* Provide global singleton context to avoid allocation */
static ccbVaultIc_Context localContext = {0};
static int HandleCmdCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c);
#endif
#ifdef CCBVAULTIC_DEBUG
static void hexdump(const unsigned char* p, size_t len)
{
printf(" HD:%p for %lu bytes\n",p, len);
@ -75,55 +99,93 @@ static void hexdump(const unsigned char* p, size_t len)
}
if(off%16 !=15) printf("\n");
}
#endif
#ifdef CCBVAULTIC_DEBUG_TIMING
static uint64_t now(void)
{
struct timespec t;
clock_gettime(CLOCK_MONOTONIC, &t);
return (uint64_t)t.tv_sec * 1000000000ull + t.tv_nsec;
}
#endif
int ccbVaultIc_Init(ccbVaultIc_Context *c)
{
if(!c) {
return BAD_FUNC_ARG;
int rc = 0;
if (c == NULL) {
rc = BAD_FUNC_ARG;
}
memset(c, 0, sizeof(*c));
c->vlt_rc=vlt_tls_init();
if(c->vlt_rc!=0) {
return WC_INIT_E;
/* Already Initialized? */
if ((rc == 0 ) && (c->initialized >0)) {
/* Increment use count */
c->initialized++;
return 0;
}
c->initialized=1;
return 0;
if (rc == 0) {
memset(c, 0, sizeof(*c));
c->vlt_rc = vlt_tls_init();
if (c->vlt_rc != 0) {
rc = WC_INIT_E;
}
else {
c->initialized = 1;
}
}
#ifdef CCBVAULTIC_DEBUG
printf("ccbVaultIc_Init: c:%p c->initialized:%d rc:%d vlt_rc:%d\n",
c,
(c == NULL) ? -1 : c->initialized,
rc,
(c == NULL) ? -1 : c->vlt_rc);
#endif
return rc;
}
int ccbVaultIc_Cleanup(ccbVaultIc_Context *c)
void ccbVaultIc_Cleanup(ccbVaultIc_Context *c)
{
if(!c) {
return BAD_FUNC_ARG;
#ifdef CCBVAULTIC_DEBUG
printf("ccbVaultIc_Cleanup c:%p c->initialized:%d\n", c,
(c == NULL) ? -1 : c->initialized);
#endif
if (c == NULL) {
return;
}
if (c->initialized == 0)
return;
/* Decrement use count */
c->initialized--;
if (c->initialized > 0)
return;
/* Free allocated buffers */
if(c->m) free(c->m);
if(c->aescbc_key) free(c->aescbc_key);
if (c->m)
free(c->m);
if (c->aescbc_key)
free(c->aescbc_key);
memset(c, 0, sizeof(*c));
c->vlt_rc=vlt_tls_close();
if(c->vlt_rc!=0) {
return WC_CLEANUP_E;
}
return 0;
/* Set the return value in the struct */
c->vlt_rc = vlt_tls_close();
}
int ccbVaultIc_CryptoDevCb(int devId,
wc_CryptoInfo* info,
void* ctx)
{
ccbVaultIc_Context *c=(ccbVaultIc_Context*)ctx;
ccbVaultIc_Context *c = (ccbVaultIc_Context*)ctx;
int rc = CRYPTOCB_UNAVAILABLE;
(void)devId;
if(!info ||
(info->algo_type != WC_ALGO_TYPE_NONE &&
if( !info ||
#ifdef WOLF_CRYPTO_CB_CMD
((info->algo_type != WC_ALGO_TYPE_NONE) &&
#else
(1 &&
#endif
(!c || !c->initialized))) {
/* Invalid info or context */
#if defined(CCBVAULTIC_DEBUG)
@ -132,13 +194,21 @@ int ccbVaultIc_CryptoDevCb(int devId,
#endif
return rc;
}
switch(info->algo_type) {
case WC_ALGO_TYPE_NONE:
#ifdef WOLF_CRYPTO_CB_CMD
#if defined(CCBVAULTIC_DEBUG)
printf(" CryptoDevCb NONE-Command: %d %p\n", info->cmd.type, info->cmd.ctx);
printf(" CryptoDevCb NONE-Command: %d %p\n",
info->cmd.type, info->cmd.ctx);
#endif
rc = HandleCmdCallback(devId, info, ctx);
#else
#if defined(CCBVAULTIC_DEBUG)
printf(" CryptoDevCb NONE:\n");
#endif
/* Nothing to do */
#endif
break;
case WC_ALGO_TYPE_HASH:
@ -214,7 +284,9 @@ int ccbVaultIc_CryptoDevCb(int devId,
return rc;
}
static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c)
#ifdef WOLF_CRYPTO_CB_CMD
static int HandleCmdCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c)
{
int rc = CRYPTOCB_UNAVAILABLE;
/* Ok to have null context at this point*/
@ -233,19 +305,25 @@ static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
{
/* Is the current context not set? Nothing to do*/
if(c == NULL) break;
rc = ccbVaultIc_Cleanup(c);
ccbVaultIc_Cleanup(c);
/* Return success */
rc = 0;
}; break;
default:
break;
}
return rc;
}
#endif
static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c)
static int HandlePkCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c)
{
int rc = CRYPTOCB_UNAVAILABLE;
#ifdef CCBVAULTIC_DEBUG_TIMING
uint64_t ts[6]={0};
#endif
switch(info->pk.type) {
case WC_PK_TYPE_NONE:
#if defined(CCBVAULTIC_DEBUG_ALL)
@ -263,7 +341,6 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
if((info->pk.rsa.type == RSA_PUBLIC_DECRYPT) || /* RSA Verify */
(info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) /* RSA Encrypt */
{
byte e[sizeof(uint32_t)] = {0};
byte n[RSA_MAX_SIZE / 8] = {0};
word32 eSz = sizeof(e);
@ -276,42 +353,50 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
memcpy(&e_pad[(sizeof(e_pad)-eSz)],e,eSz);
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" RSA Flatten Pub Key:%d, eSz:%u nSz:%u\n", rc, eSz, nSz);
printf(" RSA Flatten Pub Key:%d, eSz:%u nSz:%u\n",
rc, eSz, nSz);
hexdump(e,sizeof(e));
hexdump(e_pad,sizeof(e_pad));
hexdump(n,sizeof(n));
#endif
/* Allow all privileges */
VLT_FILE_PRIVILEGES keyPrivileges = {
.u8Read=0xFF,
.u8Write=0xFF,
.u8Delete=0xFF,
.u8Execute=0xFF,
};
VLT_KEY_OBJECT tmpRsaKey= {
.enKeyID=VLT_KEY_RSAES_PUB,
.data.RsaPubKey.u16NLen=nSz,
.data.RsaPubKey.pu8N=n,
.data.RsaPubKey.u16ELen=sizeof(e_pad),
.data.RsaPubKey.pu8E=e_pad,
.data.RsaPubKey.enAssurance=VLT_PKV_ASSURED_EXPLICIT_VALIDATION,
};
VLT_FILE_PRIVILEGES keyPrivileges = {0};
keyPrivileges.u8Read = VAULTIC_KP_ALL;
keyPrivileges.u8Write = VAULTIC_KP_ALL;
keyPrivileges.u8Delete = VAULTIC_KP_ALL;
keyPrivileges.u8Execute = VAULTIC_KP_ALL;
VLT_KEY_OBJECT tmpRsaKey= {0};
tmpRsaKey.enKeyID = VLT_KEY_RSAES_PUB;
tmpRsaKey.data.RsaPubKey.u16NLen = nSz;
tmpRsaKey.data.RsaPubKey.pu8N = n;
tmpRsaKey.data.RsaPubKey.u16ELen = sizeof(e_pad);
tmpRsaKey.data.RsaPubKey.pu8E = e_pad;
tmpRsaKey.data.RsaPubKey.enAssurance = VAULTIC_PKV_ASSURED;
/* Try to delete the tmp rsa key. Ignore errors here */
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[0]=now();
#endif
VltDeleteKey(
CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPRSA_KEYID);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[1]=now();
#endif
int vlt_rc=0;
vlt_rc=VltPutKey(
CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPRSA_KEYID,
&keyPrivileges,
&tmpRsaKey);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[2]=now();
#endif
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT PutKey:%x\n", vlt_rc);
#endif
@ -327,7 +412,10 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPRSA_KEYID,
VLT_ENCRYPT_MODE,&rsapub_algo_params);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[3]=now();
#endif
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT InitAlgo:%x\n", vlt_rc);
#endif
@ -335,19 +423,19 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
&out_len,
info->pk.rsa.inLen, info->pk.rsa.out);
if(info->pk.rsa.outLen) *(info->pk.rsa.outLen)=out_len;
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[4]=now();
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT Encrypt:%x inSz:%u outSz:%lu\n", vlt_rc, info->pk.rsa.inLen, out_len);
#endif
#if 0
/* Delete the tmp aes key */
VltDeleteKey(
CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPRSA_KEYID);
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT Encrypt:%x inSz:%u outSz:%lu\n",
vlt_rc, info->pk.rsa.inLen, out_len);
#endif
#if defined(CCBVAULTIC_DEBUG)
printf(" RSA Encrypt Times(us): DltKey:%lu PutKey:%lu InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu KeySize:%u\n",
#ifdef CCBVAULTIC_DEBUG_TIMING
printf(" RSA Encrypt Times(us): DltKey:%lu PutKey:%lu "
"InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu "
"KeySize:%u\n",
(ts[1]-ts[0])/1000,
(ts[2]-ts[1])/1000,
(ts[3]-ts[2])/1000,
@ -469,16 +557,13 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
return rc;
}
static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c)
static int HandleHashCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c)
{
int rc = CRYPTOCB_UNAVAILABLE;
#ifdef CCBVAULTIC_DEBUG_TIMING
uint64_t ts[3]={0};
int finalize=0;
/* Finalize sha? */
if((info->hash.in == NULL) && (info->hash.inSz==0)) {
finalize=1;
}
#endif
switch(info->hash.type) {
case WC_HASH_TYPE_NONE:
#if defined(CCBVAULTIC_DEBUG_ALL)
@ -497,51 +582,60 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
break;
case WC_HASH_TYPE_SHA256:
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" HandleHashCallback SHA256. In:%p InSz:%u Digest:%p c->m:%p c->m_len:%lu c->t:%d\n",
info->hash.in, info->hash.inSz, info->hash.digest, c->m, c->m_len, c->hash_type);
printf(" HandleHashCallback SHA256. In:%p InSz:%u Digest:%p "
"c->m:%p c->m_len:%lu c->t:%d\n",
info->hash.in, info->hash.inSz, info->hash.digest,
c->m, c->m_len, c->hash_type);
#endif
#if !defined(NO_CCBVIC_SHA)
/*
* info->hash.flag | WC_HASH_FLAGS_WILL_COPY --> Must buffer entire message
* info->hash.flag | WC_HASH_FLAGS_WILL_COPY --> Buffer entire message
* info->hash.in != NULL --> Update
* info->hash.digest != NULL --> Final
*/
{
/* III Buffer all messages */
if(c->hash_type != info->hash.type) {
/* New/different hashtype than last time? */
if (c->hash_type != info->hash.type) {
/* New/different hash than last time. Erase state */
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" New Hash\n");
#endif
if(c->m) free(c->m);
c->m=NULL;
c->m_len=0;
if (c->m)
free(c->m);
c->m = NULL;
c->m_len = 0;
c->hash_type = info->hash.type;
}
/* Update needed? */
if(info->hash.in && (info->hash.inSz > 0)) {
/* III Buffering ALL messages, not just WILL_COPY */
if ( (info->hash.in != NULL) &&
(info->hash.inSz > 0)) {
/* Buffer data */
if(c->m) {
if (c->m) {
/* Realloc and add new data in */
void *new_buf=realloc(c->m,c->m_len + info->hash.inSz);
if(!new_buf) {
void *new_buf = realloc(c->m, c->m_len + info->hash.inSz);
if (new_buf == NULL) {
/* Failure to allocate. Must return error */
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Failed to realloc. New size:%lu\n", c->m_len+info->hash.inSz);
printf(" Failed to realloc. New size:%lu\n",
c->m_len + info->hash.inSz);
#endif
rc = MEMORY_E;
break;
}
c->m=new_buf;
c->m = new_buf;
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Realloc to %p. New size:%lu\n", c->m, c->m_len+info->hash.inSz);
printf(" Realloc to %p. New size:%lu\n",
c->m, c->m_len + info->hash.inSz);
#endif
} else {
c->m = malloc(info->hash.inSz);
if(!c->m) {
if (!c->m) {
/* Failure to allocate. Must return error */
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Failed to alloc. Size:%u\n", info->hash.inSz);
printf(" Failed to alloc. Size:%u\n",
info->hash.inSz);
#endif
rc = MEMORY_E;
break;
@ -549,7 +643,7 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Alloc to %p. Size:%u\n", c->m, info->hash.inSz);
#endif
c->m_len=0;
c->m_len = 0;
}
memcpy(c->m + c->m_len, info->hash.in, info->hash.inSz);
c->m_len += info->hash.inSz;
@ -558,31 +652,40 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
#endif
rc = 0;
}
/* Finalize needed? */
if(info->hash.digest) {
if (info->hash.digest) {
/* Initialize for Hashing */
VLT_U8 sha_out_len=0;
VLT_ALGO_PARAMS sha256_algo_params = {
.u8AlgoID=VLT_ALG_DIG_SHA256,
};
VLT_ALGO_PARAMS sha256_algo_params = {0};
sha256_algo_params.u8AlgoID = VLT_ALG_DIG_SHA256;
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[0]=now();
#endif
int vlt_rc=0;
vlt_rc=VltInitializeAlgorithm(0,0, VLT_DIGEST_MODE, &sha256_algo_params);
vlt_rc=VltInitializeAlgorithm(
0,
0,
VLT_DIGEST_MODE,
&sha256_algo_params);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[1]=now();
#endif
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VltInit SHA256:%x\n", vlt_rc);
memset(info->hash.digest, 0, WC_SHA256_DIGEST_SIZE);
#endif
/* No data sent? Likely test case. Needs 2 steps */
if(c->m == NULL)
/* No data buffered? Likely test case. Needs 2 steps */
if (c->m == NULL)
{
vlt_rc=VltUpdateMessageDigest(c->m_len,
vlt_rc = VltUpdateMessageDigest(
c->m_len,
c->m);
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VltUpdate SHA256:%x\n", vlt_rc);
#endif
vlt_rc=VltComputeMessageDigestFinal(
vlt_rc = VltComputeMessageDigestFinal(
&sha_out_len,
WC_SHA256_DIGEST_SIZE,
info->hash.digest);
@ -591,39 +694,48 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
#endif
}
else {
vlt_rc=VltComputeMessageDigest(c->m_len,
c->m,
&sha_out_len,
WC_SHA256_DIGEST_SIZE,
info->hash.digest);
vlt_rc=VltComputeMessageDigest(
c->m_len,
c->m,
&sha_out_len,
WC_SHA256_DIGEST_SIZE,
info->hash.digest);
}
ts[2]=now();
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VltCompute SHA256:%x\n", vlt_rc);
hexdump(info->hash.digest, WC_SHA256_DIGEST_SIZE);
#endif
/* Deallocate/clear if this hash was NOT a copy */
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Hash flags:%x\n", info->hash.sha256 ? info->hash.sha256->flags : -1);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[2]=now();
#endif
#if defined(CCBVAULTIC_DEBUG)
printf(" SHA256 Compute Times(us): InitAlgo:%lu Digest:%lu InSize:%lu OutSize:%u\n",
#ifdef CCBVAULTIC_DEBUG_TIMING
printf(" SHA256 Compute Times(us): InitAlgo:%lu Digest:%lu "
"InSize:%lu OutSize:%u\n",
(ts[1]-ts[0])/1000,
(ts[2]-ts[1])/1000,
c->m_len, sha_out_len);
#endif
if( !info->hash.sha256 ||
!(info->hash.sha256->flags&WC_HASH_FLAG_ISCOPY)) {
/* Deallocate/clear if this hash was NOT a copy*/
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Hash flags:%x\n",
(info->hash.sha256 != NULL) ?
info->hash.sha256->flags :
-1);
#endif
if((info->hash.sha256 == NULL) ||
!(info->hash.sha256->flags & WC_HASH_FLAG_ISCOPY)) {
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Freeing hash state\n");
#endif
if(c->m) free(c->m);
c->m = NULL;
c->m_len = 0;
if (c->m)
free(c->m);
c->m = NULL;
c->m_len = 0;
c->hash_type = WC_HASH_TYPE_NONE;
}
rc=0;
}
}
@ -645,7 +757,8 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
return rc;
}
static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c)
static int HandleCipherCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c)
{
int rc = CRYPTOCB_UNAVAILABLE;
switch(info->cipher.type) {
@ -667,11 +780,13 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
#endif
#if !defined(NO_CCBVIC_AES)
{
Aes* aes=info->cipher.aescbc.aes;
int encrypt=info->cipher.enc;
VLT_U32 out_len=0;
int vlt_rc=0;
uint64_t ts[6]={0};
Aes* aes = info->cipher.aescbc.aes;
int encrypt = info->cipher.enc;
VLT_U32 out_len = 0;
int vlt_rc = 0;
#ifdef CCBVAULTIC_DEBUG_TIMING
uint64_t ts[6] = {0};
#endif
if(!aes) break;
/* Support AES128 for now */
@ -682,14 +797,15 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
if(blocks == 0) break;
/* Check if key is not he same as last time */
if( (c->aescbc_key == NULL) ||
(c->aescbc_keylen != aes->keylen) ||
(memcmp(c->aescbc_key, aes->devKey, aes->keylen))) {
if( (c->aescbc_key == NULL) ||
(c->aescbc_keylen != aes->keylen) ||
(memcmp(c->aescbc_key, aes->devKey, aes->keylen))) {
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" New AES Key: ckey:%p clen:%lu akey:%p alen:%u\n",
c->aescbc_key,c->aescbc_keylen, aes->devKey, aes->keylen);
hexdump((void*)aes->devKey, aes->keylen);
#endif
/* Free the current key buffer if necessary */
if(c->aescbc_key != NULL) {
free(c->aescbc_key);
c->aescbc_key=NULL;
@ -709,27 +825,29 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
memcpy(c->aescbc_key,aes->devKey,aes->keylen);
/* Allow all privileges */
VLT_FILE_PRIVILEGES keyPrivileges = {
.u8Read=0xFF,
.u8Write=0xFF,
.u8Delete=0xFF,
.u8Execute=0xFF,
};
VLT_FILE_PRIVILEGES keyPrivileges = {0};
keyPrivileges.u8Read= VAULTIC_KP_ALL;
keyPrivileges.u8Write= VAULTIC_KP_ALL;
keyPrivileges.u8Delete= VAULTIC_KP_ALL;
keyPrivileges.u8Execute= VAULTIC_KP_ALL;
VLT_KEY_OBJECT tmpAesKey= {
.enKeyID=VLT_KEY_AES_128,
.data.SecretKey.u8Mask=0,
.data.SecretKey.u16KeyLength=c->aescbc_keylen,
.data.SecretKey.pu8Key=(VLT_PU8)(c->aescbc_key),
};
VLT_KEY_OBJECT tmpAesKey= {0};
tmpAesKey.enKeyID=VLT_KEY_AES_128;
tmpAesKey.data.SecretKey.u8Mask=0;
tmpAesKey.data.SecretKey.u16KeyLength=c->aescbc_keylen;
tmpAesKey.data.SecretKey.pu8Key=(VLT_PU8)(c->aescbc_key);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[0]=now();
#endif
/* Try to delete the tmp aes key. Ignore errors here */
VltDeleteKey(
CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPAES_KEYID);
ts[1]=now();
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[1]=now();
#endif
/* Putkey aes->devKey, aes->keylen */
vlt_rc=VltPutKey(
CCBVAULTIC_WOLFSSL_GRPID,
@ -741,18 +859,18 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
hexdump(c->aescbc_key, c->aescbc_keylen);
#endif
}
ts[2]=now();
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[2]=now();
#endif
/* Initialize Algo for AES-CBC */
VLT_ALGO_PARAMS aescbc_algo_params = {
.u8AlgoID=VLT_ALG_CIP_AES,
.data.SymCipher.enMode= BLOCK_MODE_CBC,
.data.SymCipher.enPadding= PADDING_NONE,
.data.SymCipher.u8IvLength= AES_BLOCK_SIZE,
.data.SymCipher.u8Iv={0},
};
memcpy(aescbc_algo_params.data.SymCipher.u8Iv,aes->reg,
AES_BLOCK_SIZE);
VLT_ALGO_PARAMS aescbc_algo_params = {0};
aescbc_algo_params.u8AlgoID = VLT_ALG_CIP_AES;
aescbc_algo_params.data.SymCipher.enMode = BLOCK_MODE_CBC;
aescbc_algo_params.data.SymCipher.enPadding = PADDING_NONE;
aescbc_algo_params.data.SymCipher.u8IvLength = AES_BLOCK_SIZE;
memcpy(aescbc_algo_params.data.SymCipher.u8Iv,
aes->reg,AES_BLOCK_SIZE);
/* Perform encrypt/decrypt*/
if(encrypt) {
@ -764,16 +882,26 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT InitAlgo:%x\n", vlt_rc);
#endif
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[3]=now();
vlt_rc=VltEncrypt(info->cipher.aescbc.sz, info->cipher.aescbc.in,
&out_len,
info->cipher.aescbc.sz, info->cipher.aescbc.out);
#endif
vlt_rc=VltEncrypt(
info->cipher.aescbc.sz,
info->cipher.aescbc.in,
&out_len,
info->cipher.aescbc.sz,
info->cipher.aescbc.out);
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT Encrypt:%x\n", vlt_rc);
#endif
ts[4]=now();
const byte *last_block = info->cipher.aescbc.out + (blocks -1) * AES_BLOCK_SIZE;
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[4]=now();
#endif
/* Update CBC state in AES */
const byte *last_block = info->cipher.aescbc.out +
(blocks - 1) * AES_BLOCK_SIZE;
memcpy(aes->reg, last_block, AES_BLOCK_SIZE);
} else {
vlt_rc=VltInitializeAlgorithm(
@ -784,26 +912,32 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT InitAlgo:%x\n", vlt_rc);
#endif
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[3]=now();
vlt_rc=VltDecrypt(info->cipher.aescbc.sz, info->cipher.aescbc.in,
&out_len,
info->cipher.aescbc.sz, info->cipher.aescbc.out);
#endif
vlt_rc=VltDecrypt(
info->cipher.aescbc.sz,
info->cipher.aescbc.in,
&out_len,
info->cipher.aescbc.sz,
info->cipher.aescbc.out);
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT Decrypt:%x\n", vlt_rc);
#endif
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[4]=now();
const byte *last_block = info->cipher.aescbc.in + (blocks -1) * AES_BLOCK_SIZE;
#endif
/* Update CBC state in AES */
const byte *last_block = info->cipher.aescbc.in +
(blocks - 1) * AES_BLOCK_SIZE;
memcpy(aes->reg, last_block, AES_BLOCK_SIZE);
}
#if 0
/* Delete the tmp aes key */
VltDeleteKey(
CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPAES_KEYID);
#endif
#if defined(CCBVAULTIC_DEBUG)
printf(" AES Encrypt(%d) Times(us): DltKey:%lu PutKey:%lu InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu\n",
#ifdef CCBVAULTIC_DEBUG_TIMING
printf(" AES Encrypt(%d) Times(us): DltKey:%lu PutKey:%lu "
"InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu\n",
encrypt,
(ts[1]-ts[0])/1000,
(ts[2]-ts[1])/1000,

15
ccb_vaultic/ccb_vaultic.h
View File

@ -31,7 +31,7 @@
#include "wolfssl/wolfcrypt/cryptocb.h"
/*
* Implementation of wolfCrypt devcrypto callbacks
* Implementation of wolfCrypt cryptocb callbacks
*
* The wolfSSL port of the Wisekey VaultIC provides a wrapper library to allow
* the VaultIC to be used as an external crypto provider. This library depends
@ -56,10 +56,14 @@ typedef struct {
/* Initialize the Wisekey VaultIC library and clear the context.
* Returns: 0 on success
* BAD_FUNC_ARGS with NULL context
* WC_INIT_E on error initializing the VaultIC
* */
* WC_INIT_E on error initializing the VaultIC.
* c->vlt_rc will have error code
*/
int ccbVaultIc_Init(ccbVaultIc_Context *c);
/* Close the Wisekey VaultIC library. */
void ccbVaultIc_Cleanup(ccbVaultIc_Context *c);
/* Register this callback and associate with a context using:
* ccbVaultIc_Context ctx={0};
* ccbVaultIc_Init(&ctx);
@ -71,13 +75,10 @@ int ccbVaultIc_Init(ccbVaultIc_Context *c);
* wc_AesInit(&aes, NULL, CCBVAULTIC420_DEVID);
* Returns: 0 on success
* CRYPTOCB_UNAVAILABLE if not initialized or not implemented
*
* MEMORY_E if memory allocation fails
*/
int ccbVaultIc_CryptoDevCb(int devId,
wc_CryptoInfo* info,
void* ctx);
/* Close the Wisekey VaultIC library. */
int ccbVaultIc_Cleanup(ccbVaultIc_Context *c);
#endif /* CCB_VAULTIC_H_ */

16
ccb_vaultic/main-bench.c
View File

@ -31,8 +31,6 @@ int main(int argc, char **argv)
int rc=0;
ccbVaultIc_Context ctx;
/* Initialize wolfSSL and wolfCrypt */
rc=wolfSSL_Init();
if(rc!=WOLFSSL_SUCCESS) {
@ -40,22 +38,11 @@ int main(int argc, char **argv)
return(rc);
}
/* Initialize VaultIC */
rc= ccbVaultIc_Init(&ctx);
if(rc) {
fprintf(stderr, "Failed to initialize the VaultIC: %d\n",rc);
wolfSSL_Cleanup();
return(rc);
}
/* Register VaultIC as cryptocb */
rc = wc_CryptoCb_RegisterDevice(CCBVAULTIC420_DEVID,
ccbVaultIc_CryptoDevCb, &ctx);
ccbVaultIc_CryptoDevCb, NULL);
if(rc) {
fprintf(stderr, "Failed to register cryptocb: %d\n", rc);
ccbVaultIc_Cleanup(&ctx);
wolfSSL_Cleanup();
return(rc);
}
@ -64,7 +51,6 @@ int main(int argc, char **argv)
benchmark_test(NULL);
wc_CryptoCb_UnRegisterDevice(CCBVAULTIC420_DEVID);
ccbVaultIc_Cleanup(&ctx);
wolfSSL_Cleanup();
return 0;