diff --git a/ccb_vaultic/Makefile b/ccb_vaultic/Makefile index a4918ebf..00242f2b 100644 --- a/ccb_vaultic/Makefile +++ b/ccb_vaultic/Makefile @@ -17,7 +17,8 @@ OBJS=ccb_vaultic.o # Uncomment to enable verbose debug logging CFLAGS+=-DCCBVAULTIC_DEBUG -CFLAGS+=-DCCBVAULTIC_DEBUG_ALL +CFLAGS+=-DCCBVAULTIC_DEBUG_TIMING +#CFLAGS+=-DCCBVAULTIC_DEBUG_ALL #CFLAGS+=-DSPI_TRACE_ERRORS # Optionally disable certain kinds of offload @@ -46,7 +47,7 @@ CFLAGS+=-I$(VAULTIC_TLS) LDFLAGS+=-L$(VAULTIC_TLS)/VaultIC_420_TLS_Lib-SPI-Release -lvaultic420_tls #Test and Benchmark targets -CFLAGS+=-DFORCE_DEVID=0x56490420 -DBENCH_EMBEDDED -DNO_MAIN_DRIVER +CFLAGS+=-DWC_USE_DEVID=0x56490420 -DBENCH_EMBEDDED -DNO_MAIN_DRIVER TEST_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/test/test.o main-test.o BENCH_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/benchmark/benchmark.o main-bench.o @@ -59,6 +60,10 @@ wolfcrypt-test: $(OBJS) $(TEST_OBJS) wolfcrypt-benchmark: $(OBJS) $(BENCH_OBJS) $(CC) -o $@ $^ $(LDFLAGS) +lib: $(OBJS) + cp $(VAULTIC_TLS)/VaultIC_420_TLS_Lib-SPI-Release/libvaultic420_tls.a libccbvaultic.a + $(AR) -r libccbvaultic.a $(OBJS) + clean: rm -f *.o *.d wolfcrypt-test wolfcrypt-benchmark rm -f $(WOLFSSL_DIR)/wolfcrypt/benchmark/*.o diff --git a/ccb_vaultic/README.md b/ccb_vaultic/README.md index 104ff1ba..258ab519 100644 --- a/ccb_vaultic/README.md +++ b/ccb_vaultic/README.md @@ -30,7 +30,7 @@ To enable hardware offload support via cryptocb, configure wolfSSL to include cr ``` git clone git@github.com:wolfssl/wolfssl.git cd wolfssl -./configure --host aarch64-linux-android CC=$NDK_CC AS=$NDK_AS RANLIB=$NDK_RANLIB AR=$NDK_AR LD=$NDK_LD STRIP=$NDK_STRIP CXX=$NDK_CXX --enable-cryptocb --enable-static --disable-shared +./configure --host aarch64-linux-android CC=$NDK_CC AS=$NDK_AS RANLIB=$NDK_RANLIB AR=$NDK_AR LD=$NDK_LD STRIP=$NDK_STRIP CXX=$NDK_CXX CFLAGS=-DWOLF_CRYPTO_CB_CMD --enable-cryptocb --enable-static --disable-shared make ``` diff --git a/ccb_vaultic/ccb_vaultic.c b/ccb_vaultic/ccb_vaultic.c index 395158c8..c57942c1 100644 --- a/ccb_vaultic/ccb_vaultic.c +++ b/ccb_vaultic/ccb_vaultic.c @@ -21,7 +21,6 @@ /* System includes */ #include /* For NULL */ #include /* For memset/cpy */ -#include /* For clock_gettime */ /* wolfSSL configuration */ #include "wolfssl/options.h" @@ -43,25 +42,50 @@ #include "vaultic_api.h" #include "vaultic_structs.h" +#define VAULTIC_KP_ALL 0xFF /* Allow all users all privileges */ +#define VAULTIC_PKV_ASSURED VLT_PKV_ASSURED_EXPLICIT_VALIDATION + /* Local include */ #include "ccb_vaultic.h" /* Defined options: - * CCBVAULTIC_DEBUG: Print copious callback info using printf + * CCBVAULTIC_DEBUG: Print useful callback info using printf + * CCBVAULTIC_DEBUG_TIMING: Print useful timing info using printf + * CCBVAULTIC_DEBUG_ALL: Print copious info using printf * NO_CCBVIC_SHA: Do not handle SHA256 callback * NO_CCBVIC_RSA: Do not handle RSA callback * NO_CCBVIC_AES: Do not handle AES callback */ -/* Provide global singleton context to avoid allocation */ -static ccbVaultIc_Context localContext = {0}; +#ifdef CCBVAULTIC_DEBUG_ALL + #ifndef CCBVAULTIC_DEBUG + #define CCBVAULTIC_DEBUG + #endif + #ifndef CCBVAULTIC_DEBUG_TIMING + #define CCBVAULTIC_DEBUG_TIMING + #endif +#endif + +#ifdef CCBVAULTIC_DEBUG_TIMING +#include /* For clock_gettime */ +#endif /* Forward declarations */ -static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c); -static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c); -static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c); -static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c); +static int HandlePkCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c); +static int HandleHashCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c); +static int HandleCipherCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c); +#ifdef WOLF_CRYPTO_CB_CMD +/* Provide global singleton context to avoid allocation */ +static ccbVaultIc_Context localContext = {0}; +static int HandleCmdCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c); +#endif + +#ifdef CCBVAULTIC_DEBUG static void hexdump(const unsigned char* p, size_t len) { printf(" HD:%p for %lu bytes\n",p, len); @@ -75,55 +99,93 @@ static void hexdump(const unsigned char* p, size_t len) } if(off%16 !=15) printf("\n"); } +#endif +#ifdef CCBVAULTIC_DEBUG_TIMING static uint64_t now(void) { struct timespec t; clock_gettime(CLOCK_MONOTONIC, &t); return (uint64_t)t.tv_sec * 1000000000ull + t.tv_nsec; } +#endif int ccbVaultIc_Init(ccbVaultIc_Context *c) { - if(!c) { - return BAD_FUNC_ARG; + int rc = 0; + if (c == NULL) { + rc = BAD_FUNC_ARG; } - memset(c, 0, sizeof(*c)); - c->vlt_rc=vlt_tls_init(); - if(c->vlt_rc!=0) { - return WC_INIT_E; + + /* Already Initialized? */ + if ((rc == 0 ) && (c->initialized >0)) { + /* Increment use count */ + c->initialized++; + return 0; } - c->initialized=1; - return 0; + if (rc == 0) { + memset(c, 0, sizeof(*c)); + c->vlt_rc = vlt_tls_init(); + if (c->vlt_rc != 0) { + rc = WC_INIT_E; + } + else { + c->initialized = 1; + } + } +#ifdef CCBVAULTIC_DEBUG + printf("ccbVaultIc_Init: c:%p c->initialized:%d rc:%d vlt_rc:%d\n", + c, + (c == NULL) ? -1 : c->initialized, + rc, + (c == NULL) ? -1 : c->vlt_rc); +#endif + return rc; } -int ccbVaultIc_Cleanup(ccbVaultIc_Context *c) +void ccbVaultIc_Cleanup(ccbVaultIc_Context *c) { - if(!c) { - return BAD_FUNC_ARG; +#ifdef CCBVAULTIC_DEBUG + printf("ccbVaultIc_Cleanup c:%p c->initialized:%d\n", c, + (c == NULL) ? -1 : c->initialized); +#endif + if (c == NULL) { + return; } + if (c->initialized == 0) + return; + + /* Decrement use count */ + c->initialized--; + if (c->initialized > 0) + return; /* Free allocated buffers */ - if(c->m) free(c->m); - if(c->aescbc_key) free(c->aescbc_key); + if (c->m) + free(c->m); + if (c->aescbc_key) + free(c->aescbc_key); memset(c, 0, sizeof(*c)); - c->vlt_rc=vlt_tls_close(); - if(c->vlt_rc!=0) { - return WC_CLEANUP_E; - } - return 0; + + /* Set the return value in the struct */ + c->vlt_rc = vlt_tls_close(); } int ccbVaultIc_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) { - ccbVaultIc_Context *c=(ccbVaultIc_Context*)ctx; + ccbVaultIc_Context *c = (ccbVaultIc_Context*)ctx; int rc = CRYPTOCB_UNAVAILABLE; (void)devId; - if(!info || - (info->algo_type != WC_ALGO_TYPE_NONE && + + if( !info || +#ifdef WOLF_CRYPTO_CB_CMD + ((info->algo_type != WC_ALGO_TYPE_NONE) && +#else + (1 && +#endif (!c || !c->initialized))) { /* Invalid info or context */ #if defined(CCBVAULTIC_DEBUG) @@ -132,13 +194,21 @@ int ccbVaultIc_CryptoDevCb(int devId, #endif return rc; } + switch(info->algo_type) { case WC_ALGO_TYPE_NONE: +#ifdef WOLF_CRYPTO_CB_CMD #if defined(CCBVAULTIC_DEBUG) - printf(" CryptoDevCb NONE-Command: %d %p\n", info->cmd.type, info->cmd.ctx); + printf(" CryptoDevCb NONE-Command: %d %p\n", + info->cmd.type, info->cmd.ctx); #endif rc = HandleCmdCallback(devId, info, ctx); +#else +#if defined(CCBVAULTIC_DEBUG) + printf(" CryptoDevCb NONE:\n"); +#endif /* Nothing to do */ +#endif break; case WC_ALGO_TYPE_HASH: @@ -214,7 +284,9 @@ int ccbVaultIc_CryptoDevCb(int devId, return rc; } -static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) +#ifdef WOLF_CRYPTO_CB_CMD +static int HandleCmdCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c) { int rc = CRYPTOCB_UNAVAILABLE; /* Ok to have null context at this point*/ @@ -233,19 +305,25 @@ static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context { /* Is the current context not set? Nothing to do*/ if(c == NULL) break; - rc = ccbVaultIc_Cleanup(c); + ccbVaultIc_Cleanup(c); + /* Return success */ + rc = 0; }; break; default: break; } return rc; } +#endif - -static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) +static int HandlePkCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c) { int rc = CRYPTOCB_UNAVAILABLE; +#ifdef CCBVAULTIC_DEBUG_TIMING uint64_t ts[6]={0}; +#endif + switch(info->pk.type) { case WC_PK_TYPE_NONE: #if defined(CCBVAULTIC_DEBUG_ALL) @@ -263,7 +341,6 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context * if((info->pk.rsa.type == RSA_PUBLIC_DECRYPT) || /* RSA Verify */ (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) /* RSA Encrypt */ { - byte e[sizeof(uint32_t)] = {0}; byte n[RSA_MAX_SIZE / 8] = {0}; word32 eSz = sizeof(e); @@ -276,42 +353,50 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context * memcpy(&e_pad[(sizeof(e_pad)-eSz)],e,eSz); #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" RSA Flatten Pub Key:%d, eSz:%u nSz:%u\n", rc, eSz, nSz); + printf(" RSA Flatten Pub Key:%d, eSz:%u nSz:%u\n", + rc, eSz, nSz); hexdump(e,sizeof(e)); hexdump(e_pad,sizeof(e_pad)); hexdump(n,sizeof(n)); #endif /* Allow all privileges */ - VLT_FILE_PRIVILEGES keyPrivileges = { - .u8Read=0xFF, - .u8Write=0xFF, - .u8Delete=0xFF, - .u8Execute=0xFF, - }; - VLT_KEY_OBJECT tmpRsaKey= { - .enKeyID=VLT_KEY_RSAES_PUB, - .data.RsaPubKey.u16NLen=nSz, - .data.RsaPubKey.pu8N=n, - .data.RsaPubKey.u16ELen=sizeof(e_pad), - .data.RsaPubKey.pu8E=e_pad, - .data.RsaPubKey.enAssurance=VLT_PKV_ASSURED_EXPLICIT_VALIDATION, - }; + VLT_FILE_PRIVILEGES keyPrivileges = {0}; + keyPrivileges.u8Read = VAULTIC_KP_ALL; + keyPrivileges.u8Write = VAULTIC_KP_ALL; + keyPrivileges.u8Delete = VAULTIC_KP_ALL; + keyPrivileges.u8Execute = VAULTIC_KP_ALL; + + + VLT_KEY_OBJECT tmpRsaKey= {0}; + tmpRsaKey.enKeyID = VLT_KEY_RSAES_PUB; + tmpRsaKey.data.RsaPubKey.u16NLen = nSz; + tmpRsaKey.data.RsaPubKey.pu8N = n; + tmpRsaKey.data.RsaPubKey.u16ELen = sizeof(e_pad); + tmpRsaKey.data.RsaPubKey.pu8E = e_pad; + tmpRsaKey.data.RsaPubKey.enAssurance = VAULTIC_PKV_ASSURED; /* Try to delete the tmp rsa key. Ignore errors here */ +#ifdef CCBVAULTIC_DEBUG_TIMING ts[0]=now(); +#endif VltDeleteKey( CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_TMPRSA_KEYID); +#ifdef CCBVAULTIC_DEBUG_TIMING ts[1]=now(); +#endif int vlt_rc=0; vlt_rc=VltPutKey( CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_TMPRSA_KEYID, &keyPrivileges, &tmpRsaKey); +#ifdef CCBVAULTIC_DEBUG_TIMING ts[2]=now(); +#endif + #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VLT PutKey:%x\n", vlt_rc); #endif @@ -327,7 +412,10 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context * CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_TMPRSA_KEYID, VLT_ENCRYPT_MODE,&rsapub_algo_params); +#ifdef CCBVAULTIC_DEBUG_TIMING ts[3]=now(); +#endif + #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VLT InitAlgo:%x\n", vlt_rc); #endif @@ -335,19 +423,19 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context * &out_len, info->pk.rsa.inLen, info->pk.rsa.out); if(info->pk.rsa.outLen) *(info->pk.rsa.outLen)=out_len; +#ifdef CCBVAULTIC_DEBUG_TIMING ts[4]=now(); -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT Encrypt:%x inSz:%u outSz:%lu\n", vlt_rc, info->pk.rsa.inLen, out_len); #endif -#if 0 - /* Delete the tmp aes key */ - VltDeleteKey( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPRSA_KEYID); +#if defined(CCBVAULTIC_DEBUG_ALL) + printf(" VLT Encrypt:%x inSz:%u outSz:%lu\n", + vlt_rc, info->pk.rsa.inLen, out_len); #endif -#if defined(CCBVAULTIC_DEBUG) - printf(" RSA Encrypt Times(us): DltKey:%lu PutKey:%lu InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu KeySize:%u\n", + +#ifdef CCBVAULTIC_DEBUG_TIMING + printf(" RSA Encrypt Times(us): DltKey:%lu PutKey:%lu " + "InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu " + "KeySize:%u\n", (ts[1]-ts[0])/1000, (ts[2]-ts[1])/1000, (ts[3]-ts[2])/1000, @@ -469,16 +557,13 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context * return rc; } -static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) +static int HandleHashCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c) { int rc = CRYPTOCB_UNAVAILABLE; +#ifdef CCBVAULTIC_DEBUG_TIMING uint64_t ts[3]={0}; - int finalize=0; - /* Finalize sha? */ - if((info->hash.in == NULL) && (info->hash.inSz==0)) { - finalize=1; - } - +#endif switch(info->hash.type) { case WC_HASH_TYPE_NONE: #if defined(CCBVAULTIC_DEBUG_ALL) @@ -497,51 +582,60 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context break; case WC_HASH_TYPE_SHA256: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleHashCallback SHA256. In:%p InSz:%u Digest:%p c->m:%p c->m_len:%lu c->t:%d\n", - info->hash.in, info->hash.inSz, info->hash.digest, c->m, c->m_len, c->hash_type); + printf(" HandleHashCallback SHA256. In:%p InSz:%u Digest:%p " + "c->m:%p c->m_len:%lu c->t:%d\n", + info->hash.in, info->hash.inSz, info->hash.digest, + c->m, c->m_len, c->hash_type); #endif #if !defined(NO_CCBVIC_SHA) /* - * info->hash.flag | WC_HASH_FLAGS_WILL_COPY --> Must buffer entire message + * info->hash.flag | WC_HASH_FLAGS_WILL_COPY --> Buffer entire message * info->hash.in != NULL --> Update * info->hash.digest != NULL --> Final */ { - /* III Buffer all messages */ - if(c->hash_type != info->hash.type) { + /* New/different hashtype than last time? */ + if (c->hash_type != info->hash.type) { /* New/different hash than last time. Erase state */ #if defined(CCBVAULTIC_DEBUG_ALL) printf(" New Hash\n"); #endif - if(c->m) free(c->m); - c->m=NULL; - c->m_len=0; + if (c->m) + free(c->m); + c->m = NULL; + c->m_len = 0; c->hash_type = info->hash.type; } + /* Update needed? */ - if(info->hash.in && (info->hash.inSz > 0)) { + /* III Buffering ALL messages, not just WILL_COPY */ + if ( (info->hash.in != NULL) && + (info->hash.inSz > 0)) { /* Buffer data */ - if(c->m) { + if (c->m) { /* Realloc and add new data in */ - void *new_buf=realloc(c->m,c->m_len + info->hash.inSz); - if(!new_buf) { + void *new_buf = realloc(c->m, c->m_len + info->hash.inSz); + if (new_buf == NULL) { /* Failure to allocate. Must return error */ #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Failed to realloc. New size:%lu\n", c->m_len+info->hash.inSz); + printf(" Failed to realloc. New size:%lu\n", + c->m_len + info->hash.inSz); #endif rc = MEMORY_E; break; } - c->m=new_buf; + c->m = new_buf; #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Realloc to %p. New size:%lu\n", c->m, c->m_len+info->hash.inSz); + printf(" Realloc to %p. New size:%lu\n", + c->m, c->m_len + info->hash.inSz); #endif } else { c->m = malloc(info->hash.inSz); - if(!c->m) { + if (!c->m) { /* Failure to allocate. Must return error */ #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Failed to alloc. Size:%u\n", info->hash.inSz); + printf(" Failed to alloc. Size:%u\n", + info->hash.inSz); #endif rc = MEMORY_E; break; @@ -549,7 +643,7 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context #if defined(CCBVAULTIC_DEBUG_ALL) printf(" Alloc to %p. Size:%u\n", c->m, info->hash.inSz); #endif - c->m_len=0; + c->m_len = 0; } memcpy(c->m + c->m_len, info->hash.in, info->hash.inSz); c->m_len += info->hash.inSz; @@ -558,31 +652,40 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context #endif rc = 0; } + /* Finalize needed? */ - if(info->hash.digest) { + if (info->hash.digest) { /* Initialize for Hashing */ VLT_U8 sha_out_len=0; - VLT_ALGO_PARAMS sha256_algo_params = { - .u8AlgoID=VLT_ALG_DIG_SHA256, - }; + VLT_ALGO_PARAMS sha256_algo_params = {0}; + sha256_algo_params.u8AlgoID = VLT_ALG_DIG_SHA256; +#ifdef CCBVAULTIC_DEBUG_TIMING ts[0]=now(); +#endif int vlt_rc=0; - vlt_rc=VltInitializeAlgorithm(0,0, VLT_DIGEST_MODE, &sha256_algo_params); + vlt_rc=VltInitializeAlgorithm( + 0, + 0, + VLT_DIGEST_MODE, + &sha256_algo_params); +#ifdef CCBVAULTIC_DEBUG_TIMING ts[1]=now(); +#endif #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VltInit SHA256:%x\n", vlt_rc); memset(info->hash.digest, 0, WC_SHA256_DIGEST_SIZE); #endif - /* No data sent? Likely test case. Needs 2 steps */ - if(c->m == NULL) + /* No data buffered? Likely test case. Needs 2 steps */ + if (c->m == NULL) { - vlt_rc=VltUpdateMessageDigest(c->m_len, + vlt_rc = VltUpdateMessageDigest( + c->m_len, c->m); #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VltUpdate SHA256:%x\n", vlt_rc); #endif - vlt_rc=VltComputeMessageDigestFinal( + vlt_rc = VltComputeMessageDigestFinal( &sha_out_len, WC_SHA256_DIGEST_SIZE, info->hash.digest); @@ -591,39 +694,48 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context #endif } else { - vlt_rc=VltComputeMessageDigest(c->m_len, - c->m, - &sha_out_len, - WC_SHA256_DIGEST_SIZE, - info->hash.digest); + vlt_rc=VltComputeMessageDigest( + c->m_len, + c->m, + &sha_out_len, + WC_SHA256_DIGEST_SIZE, + info->hash.digest); } - ts[2]=now(); #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VltCompute SHA256:%x\n", vlt_rc); hexdump(info->hash.digest, WC_SHA256_DIGEST_SIZE); #endif - /* Deallocate/clear if this hash was NOT a copy */ -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Hash flags:%x\n", info->hash.sha256 ? info->hash.sha256->flags : -1); + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[2]=now(); #endif -#if defined(CCBVAULTIC_DEBUG) - printf(" SHA256 Compute Times(us): InitAlgo:%lu Digest:%lu InSize:%lu OutSize:%u\n", + +#ifdef CCBVAULTIC_DEBUG_TIMING + printf(" SHA256 Compute Times(us): InitAlgo:%lu Digest:%lu " + "InSize:%lu OutSize:%u\n", (ts[1]-ts[0])/1000, (ts[2]-ts[1])/1000, c->m_len, sha_out_len); #endif - if( !info->hash.sha256 || - !(info->hash.sha256->flags&WC_HASH_FLAG_ISCOPY)) { + + /* Deallocate/clear if this hash was NOT a copy*/ +#if defined(CCBVAULTIC_DEBUG_ALL) + printf(" Hash flags:%x\n", + (info->hash.sha256 != NULL) ? + info->hash.sha256->flags : + -1); +#endif + if((info->hash.sha256 == NULL) || + !(info->hash.sha256->flags & WC_HASH_FLAG_ISCOPY)) { #if defined(CCBVAULTIC_DEBUG_ALL) printf(" Freeing hash state\n"); #endif - if(c->m) free(c->m); - c->m = NULL; - c->m_len = 0; + if (c->m) + free(c->m); + c->m = NULL; + c->m_len = 0; c->hash_type = WC_HASH_TYPE_NONE; - } - rc=0; } } @@ -645,7 +757,8 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context return rc; } -static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) +static int HandleCipherCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c) { int rc = CRYPTOCB_UNAVAILABLE; switch(info->cipher.type) { @@ -667,11 +780,13 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte #endif #if !defined(NO_CCBVIC_AES) { - Aes* aes=info->cipher.aescbc.aes; - int encrypt=info->cipher.enc; - VLT_U32 out_len=0; - int vlt_rc=0; - uint64_t ts[6]={0}; + Aes* aes = info->cipher.aescbc.aes; + int encrypt = info->cipher.enc; + VLT_U32 out_len = 0; + int vlt_rc = 0; +#ifdef CCBVAULTIC_DEBUG_TIMING + uint64_t ts[6] = {0}; +#endif if(!aes) break; /* Support AES128 for now */ @@ -682,14 +797,15 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte if(blocks == 0) break; /* Check if key is not he same as last time */ - if( (c->aescbc_key == NULL) || - (c->aescbc_keylen != aes->keylen) || - (memcmp(c->aescbc_key, aes->devKey, aes->keylen))) { + if( (c->aescbc_key == NULL) || + (c->aescbc_keylen != aes->keylen) || + (memcmp(c->aescbc_key, aes->devKey, aes->keylen))) { #if defined(CCBVAULTIC_DEBUG_ALL) printf(" New AES Key: ckey:%p clen:%lu akey:%p alen:%u\n", c->aescbc_key,c->aescbc_keylen, aes->devKey, aes->keylen); hexdump((void*)aes->devKey, aes->keylen); #endif + /* Free the current key buffer if necessary */ if(c->aescbc_key != NULL) { free(c->aescbc_key); c->aescbc_key=NULL; @@ -709,27 +825,29 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte memcpy(c->aescbc_key,aes->devKey,aes->keylen); /* Allow all privileges */ - VLT_FILE_PRIVILEGES keyPrivileges = { - .u8Read=0xFF, - .u8Write=0xFF, - .u8Delete=0xFF, - .u8Execute=0xFF, - }; + VLT_FILE_PRIVILEGES keyPrivileges = {0}; + keyPrivileges.u8Read= VAULTIC_KP_ALL; + keyPrivileges.u8Write= VAULTIC_KP_ALL; + keyPrivileges.u8Delete= VAULTIC_KP_ALL; + keyPrivileges.u8Execute= VAULTIC_KP_ALL; - VLT_KEY_OBJECT tmpAesKey= { - .enKeyID=VLT_KEY_AES_128, - .data.SecretKey.u8Mask=0, - .data.SecretKey.u16KeyLength=c->aescbc_keylen, - .data.SecretKey.pu8Key=(VLT_PU8)(c->aescbc_key), - }; + VLT_KEY_OBJECT tmpAesKey= {0}; + tmpAesKey.enKeyID=VLT_KEY_AES_128; + tmpAesKey.data.SecretKey.u8Mask=0; + tmpAesKey.data.SecretKey.u16KeyLength=c->aescbc_keylen; + tmpAesKey.data.SecretKey.pu8Key=(VLT_PU8)(c->aescbc_key); +#ifdef CCBVAULTIC_DEBUG_TIMING ts[0]=now(); +#endif /* Try to delete the tmp aes key. Ignore errors here */ VltDeleteKey( CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_TMPAES_KEYID); - ts[1]=now(); +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[1]=now(); +#endif /* Putkey aes->devKey, aes->keylen */ vlt_rc=VltPutKey( CCBVAULTIC_WOLFSSL_GRPID, @@ -741,18 +859,18 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte hexdump(c->aescbc_key, c->aescbc_keylen); #endif } - ts[2]=now(); +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[2]=now(); +#endif /* Initialize Algo for AES-CBC */ - VLT_ALGO_PARAMS aescbc_algo_params = { - .u8AlgoID=VLT_ALG_CIP_AES, - .data.SymCipher.enMode= BLOCK_MODE_CBC, - .data.SymCipher.enPadding= PADDING_NONE, - .data.SymCipher.u8IvLength= AES_BLOCK_SIZE, - .data.SymCipher.u8Iv={0}, - }; - memcpy(aescbc_algo_params.data.SymCipher.u8Iv,aes->reg, - AES_BLOCK_SIZE); + VLT_ALGO_PARAMS aescbc_algo_params = {0}; + aescbc_algo_params.u8AlgoID = VLT_ALG_CIP_AES; + aescbc_algo_params.data.SymCipher.enMode = BLOCK_MODE_CBC; + aescbc_algo_params.data.SymCipher.enPadding = PADDING_NONE; + aescbc_algo_params.data.SymCipher.u8IvLength = AES_BLOCK_SIZE; + memcpy(aescbc_algo_params.data.SymCipher.u8Iv, + aes->reg,AES_BLOCK_SIZE); /* Perform encrypt/decrypt*/ if(encrypt) { @@ -764,16 +882,26 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VLT InitAlgo:%x\n", vlt_rc); #endif + +#ifdef CCBVAULTIC_DEBUG_TIMING ts[3]=now(); - vlt_rc=VltEncrypt(info->cipher.aescbc.sz, info->cipher.aescbc.in, - &out_len, - info->cipher.aescbc.sz, info->cipher.aescbc.out); +#endif + vlt_rc=VltEncrypt( + info->cipher.aescbc.sz, + info->cipher.aescbc.in, + &out_len, + info->cipher.aescbc.sz, + info->cipher.aescbc.out); #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VLT Encrypt:%x\n", vlt_rc); #endif - ts[4]=now(); - const byte *last_block = info->cipher.aescbc.out + (blocks -1) * AES_BLOCK_SIZE; +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[4]=now(); +#endif + /* Update CBC state in AES */ + const byte *last_block = info->cipher.aescbc.out + + (blocks - 1) * AES_BLOCK_SIZE; memcpy(aes->reg, last_block, AES_BLOCK_SIZE); } else { vlt_rc=VltInitializeAlgorithm( @@ -784,26 +912,32 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VLT InitAlgo:%x\n", vlt_rc); #endif + +#ifdef CCBVAULTIC_DEBUG_TIMING ts[3]=now(); - vlt_rc=VltDecrypt(info->cipher.aescbc.sz, info->cipher.aescbc.in, - &out_len, - info->cipher.aescbc.sz, info->cipher.aescbc.out); +#endif + vlt_rc=VltDecrypt( + info->cipher.aescbc.sz, + info->cipher.aescbc.in, + &out_len, + info->cipher.aescbc.sz, + info->cipher.aescbc.out); #if defined(CCBVAULTIC_DEBUG_ALL) printf(" VLT Decrypt:%x\n", vlt_rc); #endif + +#ifdef CCBVAULTIC_DEBUG_TIMING ts[4]=now(); - const byte *last_block = info->cipher.aescbc.in + (blocks -1) * AES_BLOCK_SIZE; +#endif + /* Update CBC state in AES */ + const byte *last_block = info->cipher.aescbc.in + + (blocks - 1) * AES_BLOCK_SIZE; memcpy(aes->reg, last_block, AES_BLOCK_SIZE); } -#if 0 - /* Delete the tmp aes key */ - VltDeleteKey( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPAES_KEYID); -#endif -#if defined(CCBVAULTIC_DEBUG) - printf(" AES Encrypt(%d) Times(us): DltKey:%lu PutKey:%lu InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu\n", +#ifdef CCBVAULTIC_DEBUG_TIMING + printf(" AES Encrypt(%d) Times(us): DltKey:%lu PutKey:%lu " + "InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu\n", encrypt, (ts[1]-ts[0])/1000, (ts[2]-ts[1])/1000, diff --git a/ccb_vaultic/ccb_vaultic.h b/ccb_vaultic/ccb_vaultic.h index a8c6456f..d4993ee4 100644 --- a/ccb_vaultic/ccb_vaultic.h +++ b/ccb_vaultic/ccb_vaultic.h @@ -31,7 +31,7 @@ #include "wolfssl/wolfcrypt/cryptocb.h" /* - * Implementation of wolfCrypt devcrypto callbacks + * Implementation of wolfCrypt cryptocb callbacks * * The wolfSSL port of the Wisekey VaultIC provides a wrapper library to allow * the VaultIC to be used as an external crypto provider. This library depends @@ -56,10 +56,14 @@ typedef struct { /* Initialize the Wisekey VaultIC library and clear the context. * Returns: 0 on success * BAD_FUNC_ARGS with NULL context - * WC_INIT_E on error initializing the VaultIC - * */ + * WC_INIT_E on error initializing the VaultIC. + * c->vlt_rc will have error code + */ int ccbVaultIc_Init(ccbVaultIc_Context *c); +/* Close the Wisekey VaultIC library. */ +void ccbVaultIc_Cleanup(ccbVaultIc_Context *c); + /* Register this callback and associate with a context using: * ccbVaultIc_Context ctx={0}; * ccbVaultIc_Init(&ctx); @@ -71,13 +75,10 @@ int ccbVaultIc_Init(ccbVaultIc_Context *c); * wc_AesInit(&aes, NULL, CCBVAULTIC420_DEVID); * Returns: 0 on success * CRYPTOCB_UNAVAILABLE if not initialized or not implemented - * + * MEMORY_E if memory allocation fails */ int ccbVaultIc_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx); -/* Close the Wisekey VaultIC library. */ -int ccbVaultIc_Cleanup(ccbVaultIc_Context *c); - #endif /* CCB_VAULTIC_H_ */ diff --git a/ccb_vaultic/main-bench.c b/ccb_vaultic/main-bench.c index 7ab54666..e15bc6c7 100644 --- a/ccb_vaultic/main-bench.c +++ b/ccb_vaultic/main-bench.c @@ -31,8 +31,6 @@ int main(int argc, char **argv) int rc=0; - ccbVaultIc_Context ctx; - /* Initialize wolfSSL and wolfCrypt */ rc=wolfSSL_Init(); if(rc!=WOLFSSL_SUCCESS) { @@ -40,22 +38,11 @@ int main(int argc, char **argv) return(rc); } - /* Initialize VaultIC */ - rc= ccbVaultIc_Init(&ctx); - if(rc) { - fprintf(stderr, "Failed to initialize the VaultIC: %d\n",rc); - wolfSSL_Cleanup(); - return(rc); - } - - /* Register VaultIC as cryptocb */ - rc = wc_CryptoCb_RegisterDevice(CCBVAULTIC420_DEVID, - ccbVaultIc_CryptoDevCb, &ctx); + ccbVaultIc_CryptoDevCb, NULL); if(rc) { fprintf(stderr, "Failed to register cryptocb: %d\n", rc); - ccbVaultIc_Cleanup(&ctx); wolfSSL_Cleanup(); return(rc); } @@ -64,7 +51,6 @@ int main(int argc, char **argv) benchmark_test(NULL); wc_CryptoCb_UnRegisterDevice(CCBVAULTIC420_DEVID); - ccbVaultIc_Cleanup(&ctx); wolfSSL_Cleanup(); return 0;