WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Cleanups and updates to align with wolfSSL PR 6636.

pull/392/head
Bill Phipps 2023-07-21 09:55:32 -04:00
parent 4420cce5c4
commit 14321a7a19
5 changed files with 311 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ccb_vaultic/Makefile
View File

@ -17,7 +17,8 @@ OBJS=ccb_vaultic.o
# Uncomment to enable verbose debug logging # Uncomment to enable verbose debug logging
CFLAGS+=-DCCBVAULTIC_DEBUG CFLAGS+=-DCCBVAULTIC_DEBUG
CFLAGS+=-DCCBVAULTIC_DEBUG_ALL CFLAGS+=-DCCBVAULTIC_DEBUG_TIMING
#CFLAGS+=-DCCBVAULTIC_DEBUG_ALL
#CFLAGS+=-DSPI_TRACE_ERRORS #CFLAGS+=-DSPI_TRACE_ERRORS
# Optionally disable certain kinds of offload # Optionally disable certain kinds of offload
@ -46,7 +47,7 @@ CFLAGS+=-I$(VAULTIC_TLS)
LDFLAGS+=-L$(VAULTIC_TLS)/VaultIC_420_TLS_Lib-SPI-Release -lvaultic420_tls LDFLAGS+=-L$(VAULTIC_TLS)/VaultIC_420_TLS_Lib-SPI-Release -lvaultic420_tls
#Test and Benchmark targets #Test and Benchmark targets
CFLAGS+=-DFORCE_DEVID=0x56490420 -DBENCH_EMBEDDED -DNO_MAIN_DRIVER CFLAGS+=-DWC_USE_DEVID=0x56490420 -DBENCH_EMBEDDED -DNO_MAIN_DRIVER
TEST_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/test/test.o main-test.o TEST_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/test/test.o main-test.o
BENCH_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/benchmark/benchmark.o main-bench.o BENCH_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/benchmark/benchmark.o main-bench.o
@ -59,6 +60,10 @@ wolfcrypt-test: $(OBJS) $(TEST_OBJS)
wolfcrypt-benchmark: $(OBJS) $(BENCH_OBJS) wolfcrypt-benchmark: $(OBJS) $(BENCH_OBJS)
$(CC) -o $@ $^ $(LDFLAGS) $(CC) -o $@ $^ $(LDFLAGS)
lib: $(OBJS)
cp $(VAULTIC_TLS)/VaultIC_420_TLS_Lib-SPI-Release/libvaultic420_tls.a libccbvaultic.a
$(AR) -r libccbvaultic.a $(OBJS)
clean: clean:
rm -f *.o *.d wolfcrypt-test wolfcrypt-benchmark rm -f *.o *.d wolfcrypt-test wolfcrypt-benchmark
rm -f $(WOLFSSL_DIR)/wolfcrypt/benchmark/*.o rm -f $(WOLFSSL_DIR)/wolfcrypt/benchmark/*.o

2
ccb_vaultic/README.md
View File

@ -30,7 +30,7 @@ To enable hardware offload support via cryptocb, configure wolfSSL to include cr
``` ```
git clone git@github.com:wolfssl/wolfssl.git git clone git@github.com:wolfssl/wolfssl.git
cd wolfssl cd wolfssl
./configure --host aarch64-linux-android CC=$NDK_CC AS=$NDK_AS RANLIB=$NDK_RANLIB AR=$NDK_AR LD=$NDK_LD STRIP=$NDK_STRIP CXX=$NDK_CXX --enable-cryptocb --enable-static --disable-shared ./configure --host aarch64-linux-android CC=$NDK_CC AS=$NDK_AS RANLIB=$NDK_RANLIB AR=$NDK_AR LD=$NDK_LD STRIP=$NDK_STRIP CXX=$NDK_CXX CFLAGS=-DWOLF_CRYPTO_CB_CMD --enable-cryptocb --enable-static --disable-shared
make make
``` ```

432
ccb_vaultic/ccb_vaultic.c
View File

@ -21,7 +21,6 @@
/* System includes */ /* System includes */
#include <stdlib.h> /* For NULL */ #include <stdlib.h> /* For NULL */
#include <string.h> /* For memset/cpy */ #include <string.h> /* For memset/cpy */
#include <time.h> /* For clock_gettime */
/* wolfSSL configuration */ /* wolfSSL configuration */
#include "wolfssl/options.h" #include "wolfssl/options.h"
@ -43,25 +42,50 @@
#include "vaultic_api.h" #include "vaultic_api.h"
#include "vaultic_structs.h" #include "vaultic_structs.h"
#define VAULTIC_KP_ALL 0xFF /* Allow all users all privileges */
#define VAULTIC_PKV_ASSURED VLT_PKV_ASSURED_EXPLICIT_VALIDATION
/* Local include */ /* Local include */
#include "ccb_vaultic.h" #include "ccb_vaultic.h"
/* Defined options: /* Defined options:
* CCBVAULTIC_DEBUG: Print copious callback info using printf * CCBVAULTIC_DEBUG: Print useful callback info using printf
* CCBVAULTIC_DEBUG_TIMING: Print useful timing info using printf
* CCBVAULTIC_DEBUG_ALL: Print copious info using printf
* NO_CCBVIC_SHA: Do not handle SHA256 callback * NO_CCBVIC_SHA: Do not handle SHA256 callback
* NO_CCBVIC_RSA: Do not handle RSA callback * NO_CCBVIC_RSA: Do not handle RSA callback
* NO_CCBVIC_AES: Do not handle AES callback * NO_CCBVIC_AES: Do not handle AES callback
*/ */
/* Provide global singleton context to avoid allocation */ #ifdef CCBVAULTIC_DEBUG_ALL
static ccbVaultIc_Context localContext = {0}; #ifndef CCBVAULTIC_DEBUG
#define CCBVAULTIC_DEBUG
#endif
#ifndef CCBVAULTIC_DEBUG_TIMING
#define CCBVAULTIC_DEBUG_TIMING
#endif
#endif
#ifdef CCBVAULTIC_DEBUG_TIMING
#include <time.h> /* For clock_gettime */
#endif
/* Forward declarations */ /* Forward declarations */
static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c); static int HandlePkCallback(int devId, wc_CryptoInfo* info,
static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c); ccbVaultIc_Context *c);
static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c); static int HandleHashCallback(int devId, wc_CryptoInfo* info,
static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c); ccbVaultIc_Context *c);
static int HandleCipherCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c);
#ifdef WOLF_CRYPTO_CB_CMD
/* Provide global singleton context to avoid allocation */
static ccbVaultIc_Context localContext = {0};
static int HandleCmdCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c);
#endif
#ifdef CCBVAULTIC_DEBUG
static void hexdump(const unsigned char* p, size_t len) static void hexdump(const unsigned char* p, size_t len)
{ {
printf(" HD:%p for %lu bytes\n",p, len); printf(" HD:%p for %lu bytes\n",p, len);
@ -75,55 +99,93 @@ static void hexdump(const unsigned char* p, size_t len)
} }
if(off%16 !=15) printf("\n"); if(off%16 !=15) printf("\n");
} }
#endif
#ifdef CCBVAULTIC_DEBUG_TIMING
static uint64_t now(void) static uint64_t now(void)
{ {
struct timespec t; struct timespec t;
clock_gettime(CLOCK_MONOTONIC, &t); clock_gettime(CLOCK_MONOTONIC, &t);
return (uint64_t)t.tv_sec * 1000000000ull + t.tv_nsec; return (uint64_t)t.tv_sec * 1000000000ull + t.tv_nsec;
} }
#endif
int ccbVaultIc_Init(ccbVaultIc_Context *c) int ccbVaultIc_Init(ccbVaultIc_Context *c)
{ {
if(!c) { int rc = 0;
return BAD_FUNC_ARG; if (c == NULL) {
rc = BAD_FUNC_ARG;
} }
memset(c, 0, sizeof(*c));
c->vlt_rc=vlt_tls_init(); /* Already Initialized? */
if(c->vlt_rc!=0) { if ((rc == 0 ) && (c->initialized >0)) {
return WC_INIT_E; /* Increment use count */
} c->initialized++;
c->initialized=1;
return 0; return 0;
}
if (rc == 0) {
memset(c, 0, sizeof(*c));
c->vlt_rc = vlt_tls_init();
if (c->vlt_rc != 0) {
rc = WC_INIT_E;
}
else {
c->initialized = 1;
}
}
#ifdef CCBVAULTIC_DEBUG
printf("ccbVaultIc_Init: c:%p c->initialized:%d rc:%d vlt_rc:%d\n",
c,
(c == NULL) ? -1 : c->initialized,
rc,
(c == NULL) ? -1 : c->vlt_rc);
#endif
return rc;
} }
int ccbVaultIc_Cleanup(ccbVaultIc_Context *c) void ccbVaultIc_Cleanup(ccbVaultIc_Context *c)
{ {
if(!c) { #ifdef CCBVAULTIC_DEBUG
return BAD_FUNC_ARG; printf("ccbVaultIc_Cleanup c:%p c->initialized:%d\n", c,
(c == NULL) ? -1 : c->initialized);
#endif
if (c == NULL) {
return;
} }
if (c->initialized == 0)
return;
/* Decrement use count */
c->initialized--;
if (c->initialized > 0)
return;
/* Free allocated buffers */ /* Free allocated buffers */
if(c->m) free(c->m); if (c->m)
if(c->aescbc_key) free(c->aescbc_key); free(c->m);
if (c->aescbc_key)
free(c->aescbc_key);
memset(c, 0, sizeof(*c)); memset(c, 0, sizeof(*c));
c->vlt_rc=vlt_tls_close();
if(c->vlt_rc!=0) { /* Set the return value in the struct */
return WC_CLEANUP_E; c->vlt_rc = vlt_tls_close();
}
return 0;
} }
int ccbVaultIc_CryptoDevCb(int devId, int ccbVaultIc_CryptoDevCb(int devId,
wc_CryptoInfo* info, wc_CryptoInfo* info,
void* ctx) void* ctx)
{ {
ccbVaultIc_Context *c=(ccbVaultIc_Context*)ctx; ccbVaultIc_Context *c = (ccbVaultIc_Context*)ctx;
int rc = CRYPTOCB_UNAVAILABLE; int rc = CRYPTOCB_UNAVAILABLE;
(void)devId; (void)devId;
if(!info ||
(info->algo_type != WC_ALGO_TYPE_NONE && if( !info ||
#ifdef WOLF_CRYPTO_CB_CMD
((info->algo_type != WC_ALGO_TYPE_NONE) &&
#else
(1 &&
#endif
(!c || !c->initialized))) { (!c || !c->initialized))) {
/* Invalid info or context */ /* Invalid info or context */
#if defined(CCBVAULTIC_DEBUG) #if defined(CCBVAULTIC_DEBUG)
@ -132,13 +194,21 @@ int ccbVaultIc_CryptoDevCb(int devId,
#endif #endif
return rc; return rc;
} }
switch(info->algo_type) { switch(info->algo_type) {
case WC_ALGO_TYPE_NONE: case WC_ALGO_TYPE_NONE:
#ifdef WOLF_CRYPTO_CB_CMD
#if defined(CCBVAULTIC_DEBUG) #if defined(CCBVAULTIC_DEBUG)
printf(" CryptoDevCb NONE-Command: %d %p\n", info->cmd.type, info->cmd.ctx); printf(" CryptoDevCb NONE-Command: %d %p\n",
info->cmd.type, info->cmd.ctx);
#endif #endif
rc = HandleCmdCallback(devId, info, ctx); rc = HandleCmdCallback(devId, info, ctx);
#else
#if defined(CCBVAULTIC_DEBUG)
printf(" CryptoDevCb NONE:\n");
#endif
/* Nothing to do */ /* Nothing to do */
#endif
break; break;
case WC_ALGO_TYPE_HASH: case WC_ALGO_TYPE_HASH:
@ -214,7 +284,9 @@ int ccbVaultIc_CryptoDevCb(int devId,
return rc; return rc;
} }
static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) #ifdef WOLF_CRYPTO_CB_CMD
static int HandleCmdCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c)
{ {
int rc = CRYPTOCB_UNAVAILABLE; int rc = CRYPTOCB_UNAVAILABLE;
/* Ok to have null context at this point*/ /* Ok to have null context at this point*/
@ -233,19 +305,25 @@ static int HandleCmdCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
{ {
/* Is the current context not set? Nothing to do*/ /* Is the current context not set? Nothing to do*/
if(c == NULL) break; if(c == NULL) break;
rc = ccbVaultIc_Cleanup(c); ccbVaultIc_Cleanup(c);
/* Return success */
rc = 0;
}; break; }; break;
default: default:
break; break;
} }
return rc; return rc;
} }
#endif
static int HandlePkCallback(int devId, wc_CryptoInfo* info,
static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) ccbVaultIc_Context *c)
{ {
int rc = CRYPTOCB_UNAVAILABLE; int rc = CRYPTOCB_UNAVAILABLE;
#ifdef CCBVAULTIC_DEBUG_TIMING
uint64_t ts[6]={0}; uint64_t ts[6]={0};
#endif
switch(info->pk.type) { switch(info->pk.type) {
case WC_PK_TYPE_NONE: case WC_PK_TYPE_NONE:
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
@ -263,7 +341,6 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
if((info->pk.rsa.type == RSA_PUBLIC_DECRYPT) || /* RSA Verify */ if((info->pk.rsa.type == RSA_PUBLIC_DECRYPT) || /* RSA Verify */
(info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) /* RSA Encrypt */ (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) /* RSA Encrypt */
{ {
byte e[sizeof(uint32_t)] = {0}; byte e[sizeof(uint32_t)] = {0};
byte n[RSA_MAX_SIZE / 8] = {0}; byte n[RSA_MAX_SIZE / 8] = {0};
word32 eSz = sizeof(e); word32 eSz = sizeof(e);
@ -276,42 +353,50 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
memcpy(&e_pad[(sizeof(e_pad)-eSz)],e,eSz); memcpy(&e_pad[(sizeof(e_pad)-eSz)],e,eSz);
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" RSA Flatten Pub Key:%d, eSz:%u nSz:%u\n", rc, eSz, nSz); printf(" RSA Flatten Pub Key:%d, eSz:%u nSz:%u\n",
rc, eSz, nSz);
hexdump(e,sizeof(e)); hexdump(e,sizeof(e));
hexdump(e_pad,sizeof(e_pad)); hexdump(e_pad,sizeof(e_pad));
hexdump(n,sizeof(n)); hexdump(n,sizeof(n));
#endif #endif
/* Allow all privileges */ /* Allow all privileges */
VLT_FILE_PRIVILEGES keyPrivileges = {
.u8Read=0xFF,
.u8Write=0xFF,
.u8Delete=0xFF,
.u8Execute=0xFF,
};
VLT_KEY_OBJECT tmpRsaKey= { VLT_FILE_PRIVILEGES keyPrivileges = {0};
.enKeyID=VLT_KEY_RSAES_PUB, keyPrivileges.u8Read = VAULTIC_KP_ALL;
.data.RsaPubKey.u16NLen=nSz, keyPrivileges.u8Write = VAULTIC_KP_ALL;
.data.RsaPubKey.pu8N=n, keyPrivileges.u8Delete = VAULTIC_KP_ALL;
.data.RsaPubKey.u16ELen=sizeof(e_pad), keyPrivileges.u8Execute = VAULTIC_KP_ALL;
.data.RsaPubKey.pu8E=e_pad,
.data.RsaPubKey.enAssurance=VLT_PKV_ASSURED_EXPLICIT_VALIDATION,
}; VLT_KEY_OBJECT tmpRsaKey= {0};
tmpRsaKey.enKeyID = VLT_KEY_RSAES_PUB;
tmpRsaKey.data.RsaPubKey.u16NLen = nSz;
tmpRsaKey.data.RsaPubKey.pu8N = n;
tmpRsaKey.data.RsaPubKey.u16ELen = sizeof(e_pad);
tmpRsaKey.data.RsaPubKey.pu8E = e_pad;
tmpRsaKey.data.RsaPubKey.enAssurance = VAULTIC_PKV_ASSURED;
/* Try to delete the tmp rsa key. Ignore errors here */ /* Try to delete the tmp rsa key. Ignore errors here */
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[0]=now(); ts[0]=now();
#endif
VltDeleteKey( VltDeleteKey(
CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPRSA_KEYID); CCBVAULTIC_TMPRSA_KEYID);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[1]=now(); ts[1]=now();
#endif
int vlt_rc=0; int vlt_rc=0;
vlt_rc=VltPutKey( vlt_rc=VltPutKey(
CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPRSA_KEYID, CCBVAULTIC_TMPRSA_KEYID,
&keyPrivileges, &keyPrivileges,
&tmpRsaKey); &tmpRsaKey);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[2]=now(); ts[2]=now();
#endif
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT PutKey:%x\n", vlt_rc); printf(" VLT PutKey:%x\n", vlt_rc);
#endif #endif
@ -327,7 +412,10 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPRSA_KEYID, CCBVAULTIC_TMPRSA_KEYID,
VLT_ENCRYPT_MODE,&rsapub_algo_params); VLT_ENCRYPT_MODE,&rsapub_algo_params);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[3]=now(); ts[3]=now();
#endif
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT InitAlgo:%x\n", vlt_rc); printf(" VLT InitAlgo:%x\n", vlt_rc);
#endif #endif
@ -335,19 +423,19 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
&out_len, &out_len,
info->pk.rsa.inLen, info->pk.rsa.out); info->pk.rsa.inLen, info->pk.rsa.out);
if(info->pk.rsa.outLen) *(info->pk.rsa.outLen)=out_len; if(info->pk.rsa.outLen) *(info->pk.rsa.outLen)=out_len;
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[4]=now(); ts[4]=now();
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT Encrypt:%x inSz:%u outSz:%lu\n", vlt_rc, info->pk.rsa.inLen, out_len);
#endif #endif
#if 0 #if defined(CCBVAULTIC_DEBUG_ALL)
/* Delete the tmp aes key */ printf(" VLT Encrypt:%x inSz:%u outSz:%lu\n",
VltDeleteKey( vlt_rc, info->pk.rsa.inLen, out_len);
CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPRSA_KEYID);
#endif #endif
#if defined(CCBVAULTIC_DEBUG)
printf(" RSA Encrypt Times(us): DltKey:%lu PutKey:%lu InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu KeySize:%u\n", #ifdef CCBVAULTIC_DEBUG_TIMING
printf(" RSA Encrypt Times(us): DltKey:%lu PutKey:%lu "
"InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu "
"KeySize:%u\n",
(ts[1]-ts[0])/1000, (ts[1]-ts[0])/1000,
(ts[2]-ts[1])/1000, (ts[2]-ts[1])/1000,
(ts[3]-ts[2])/1000, (ts[3]-ts[2])/1000,
@ -469,16 +557,13 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *
return rc; return rc;
} }
static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) static int HandleHashCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c)
{ {
int rc = CRYPTOCB_UNAVAILABLE; int rc = CRYPTOCB_UNAVAILABLE;
#ifdef CCBVAULTIC_DEBUG_TIMING
uint64_t ts[3]={0}; uint64_t ts[3]={0};
int finalize=0; #endif
/* Finalize sha? */
if((info->hash.in == NULL) && (info->hash.inSz==0)) {
finalize=1;
}
switch(info->hash.type) { switch(info->hash.type) {
case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_NONE:
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
@ -497,51 +582,60 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
break; break;
case WC_HASH_TYPE_SHA256: case WC_HASH_TYPE_SHA256:
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" HandleHashCallback SHA256. In:%p InSz:%u Digest:%p c->m:%p c->m_len:%lu c->t:%d\n", printf(" HandleHashCallback SHA256. In:%p InSz:%u Digest:%p "
info->hash.in, info->hash.inSz, info->hash.digest, c->m, c->m_len, c->hash_type); "c->m:%p c->m_len:%lu c->t:%d\n",
info->hash.in, info->hash.inSz, info->hash.digest,
c->m, c->m_len, c->hash_type);
#endif #endif
#if !defined(NO_CCBVIC_SHA) #if !defined(NO_CCBVIC_SHA)
/* /*
* info->hash.flag | WC_HASH_FLAGS_WILL_COPY --> Must buffer entire message * info->hash.flag | WC_HASH_FLAGS_WILL_COPY --> Buffer entire message
* info->hash.in != NULL --> Update * info->hash.in != NULL --> Update
* info->hash.digest != NULL --> Final * info->hash.digest != NULL --> Final
*/ */
{ {
/* III Buffer all messages */ /* New/different hashtype than last time? */
if(c->hash_type != info->hash.type) { if (c->hash_type != info->hash.type) {
/* New/different hash than last time. Erase state */ /* New/different hash than last time. Erase state */
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" New Hash\n"); printf(" New Hash\n");
#endif #endif
if(c->m) free(c->m); if (c->m)
c->m=NULL; free(c->m);
c->m_len=0; c->m = NULL;
c->m_len = 0;
c->hash_type = info->hash.type; c->hash_type = info->hash.type;
} }
/* Update needed? */ /* Update needed? */
if(info->hash.in && (info->hash.inSz > 0)) { /* III Buffering ALL messages, not just WILL_COPY */
if ( (info->hash.in != NULL) &&
(info->hash.inSz > 0)) {
/* Buffer data */ /* Buffer data */
if(c->m) { if (c->m) {
/* Realloc and add new data in */ /* Realloc and add new data in */
void *new_buf=realloc(c->m,c->m_len + info->hash.inSz); void *new_buf = realloc(c->m, c->m_len + info->hash.inSz);
if(!new_buf) { if (new_buf == NULL) {
/* Failure to allocate. Must return error */ /* Failure to allocate. Must return error */
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Failed to realloc. New size:%lu\n", c->m_len+info->hash.inSz); printf(" Failed to realloc. New size:%lu\n",
c->m_len + info->hash.inSz);
#endif #endif
rc = MEMORY_E; rc = MEMORY_E;
break; break;
} }
c->m=new_buf; c->m = new_buf;
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Realloc to %p. New size:%lu\n", c->m, c->m_len+info->hash.inSz); printf(" Realloc to %p. New size:%lu\n",
c->m, c->m_len + info->hash.inSz);
#endif #endif
} else { } else {
c->m = malloc(info->hash.inSz); c->m = malloc(info->hash.inSz);
if(!c->m) { if (!c->m) {
/* Failure to allocate. Must return error */ /* Failure to allocate. Must return error */
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Failed to alloc. Size:%u\n", info->hash.inSz); printf(" Failed to alloc. Size:%u\n",
info->hash.inSz);
#endif #endif
rc = MEMORY_E; rc = MEMORY_E;
break; break;
@ -549,7 +643,7 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Alloc to %p. Size:%u\n", c->m, info->hash.inSz); printf(" Alloc to %p. Size:%u\n", c->m, info->hash.inSz);
#endif #endif
c->m_len=0; c->m_len = 0;
} }
memcpy(c->m + c->m_len, info->hash.in, info->hash.inSz); memcpy(c->m + c->m_len, info->hash.in, info->hash.inSz);
c->m_len += info->hash.inSz; c->m_len += info->hash.inSz;
@ -558,31 +652,40 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
#endif #endif
rc = 0; rc = 0;
} }
/* Finalize needed? */ /* Finalize needed? */
if(info->hash.digest) { if (info->hash.digest) {
/* Initialize for Hashing */ /* Initialize for Hashing */
VLT_U8 sha_out_len=0; VLT_U8 sha_out_len=0;
VLT_ALGO_PARAMS sha256_algo_params = { VLT_ALGO_PARAMS sha256_algo_params = {0};
.u8AlgoID=VLT_ALG_DIG_SHA256, sha256_algo_params.u8AlgoID = VLT_ALG_DIG_SHA256;
}; #ifdef CCBVAULTIC_DEBUG_TIMING
ts[0]=now(); ts[0]=now();
#endif
int vlt_rc=0; int vlt_rc=0;
vlt_rc=VltInitializeAlgorithm(0,0, VLT_DIGEST_MODE, &sha256_algo_params); vlt_rc=VltInitializeAlgorithm(
0,
0,
VLT_DIGEST_MODE,
&sha256_algo_params);
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[1]=now(); ts[1]=now();
#endif
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VltInit SHA256:%x\n", vlt_rc); printf(" VltInit SHA256:%x\n", vlt_rc);
memset(info->hash.digest, 0, WC_SHA256_DIGEST_SIZE); memset(info->hash.digest, 0, WC_SHA256_DIGEST_SIZE);
#endif #endif
/* No data sent? Likely test case. Needs 2 steps */ /* No data buffered? Likely test case. Needs 2 steps */
if(c->m == NULL) if (c->m == NULL)
{ {
vlt_rc=VltUpdateMessageDigest(c->m_len, vlt_rc = VltUpdateMessageDigest(
c->m_len,
c->m); c->m);
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VltUpdate SHA256:%x\n", vlt_rc); printf(" VltUpdate SHA256:%x\n", vlt_rc);
#endif #endif
vlt_rc=VltComputeMessageDigestFinal( vlt_rc = VltComputeMessageDigestFinal(
&sha_out_len, &sha_out_len,
WC_SHA256_DIGEST_SIZE, WC_SHA256_DIGEST_SIZE,
info->hash.digest); info->hash.digest);
@ -591,39 +694,48 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
#endif #endif
} }
else { else {
vlt_rc=VltComputeMessageDigest(c->m_len, vlt_rc=VltComputeMessageDigest(
c->m_len,
c->m, c->m,
&sha_out_len, &sha_out_len,
WC_SHA256_DIGEST_SIZE, WC_SHA256_DIGEST_SIZE,
info->hash.digest); info->hash.digest);
} }
ts[2]=now();
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VltCompute SHA256:%x\n", vlt_rc); printf(" VltCompute SHA256:%x\n", vlt_rc);
hexdump(info->hash.digest, WC_SHA256_DIGEST_SIZE); hexdump(info->hash.digest, WC_SHA256_DIGEST_SIZE);
#endif #endif
/* Deallocate/clear if this hash was NOT a copy */
#if defined(CCBVAULTIC_DEBUG_ALL) #ifdef CCBVAULTIC_DEBUG_TIMING
printf(" Hash flags:%x\n", info->hash.sha256 ? info->hash.sha256->flags : -1); ts[2]=now();
#endif #endif
#if defined(CCBVAULTIC_DEBUG)
printf(" SHA256 Compute Times(us): InitAlgo:%lu Digest:%lu InSize:%lu OutSize:%u\n", #ifdef CCBVAULTIC_DEBUG_TIMING
printf(" SHA256 Compute Times(us): InitAlgo:%lu Digest:%lu "
"InSize:%lu OutSize:%u\n",
(ts[1]-ts[0])/1000, (ts[1]-ts[0])/1000,
(ts[2]-ts[1])/1000, (ts[2]-ts[1])/1000,
c->m_len, sha_out_len); c->m_len, sha_out_len);
#endif #endif
if( !info->hash.sha256 ||
!(info->hash.sha256->flags&WC_HASH_FLAG_ISCOPY)) { /* Deallocate/clear if this hash was NOT a copy*/
#if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Hash flags:%x\n",
(info->hash.sha256 != NULL) ?
info->hash.sha256->flags :
-1);
#endif
if((info->hash.sha256 == NULL) ||
!(info->hash.sha256->flags & WC_HASH_FLAG_ISCOPY)) {
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" Freeing hash state\n"); printf(" Freeing hash state\n");
#endif #endif
if(c->m) free(c->m); if (c->m)
free(c->m);
c->m = NULL; c->m = NULL;
c->m_len = 0; c->m_len = 0;
c->hash_type = WC_HASH_TYPE_NONE; c->hash_type = WC_HASH_TYPE_NONE;
} }
rc=0; rc=0;
} }
} }
@ -645,7 +757,8 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context
return rc; return rc;
} }
static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) static int HandleCipherCallback(int devId, wc_CryptoInfo* info,
ccbVaultIc_Context *c)
{ {
int rc = CRYPTOCB_UNAVAILABLE; int rc = CRYPTOCB_UNAVAILABLE;
switch(info->cipher.type) { switch(info->cipher.type) {
@ -667,11 +780,13 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
#endif #endif
#if !defined(NO_CCBVIC_AES) #if !defined(NO_CCBVIC_AES)
{ {
Aes* aes=info->cipher.aescbc.aes; Aes* aes = info->cipher.aescbc.aes;
int encrypt=info->cipher.enc; int encrypt = info->cipher.enc;
VLT_U32 out_len=0; VLT_U32 out_len = 0;
int vlt_rc=0; int vlt_rc = 0;
uint64_t ts[6]={0}; #ifdef CCBVAULTIC_DEBUG_TIMING
uint64_t ts[6] = {0};
#endif
if(!aes) break; if(!aes) break;
/* Support AES128 for now */ /* Support AES128 for now */
@ -690,6 +805,7 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
c->aescbc_key,c->aescbc_keylen, aes->devKey, aes->keylen); c->aescbc_key,c->aescbc_keylen, aes->devKey, aes->keylen);
hexdump((void*)aes->devKey, aes->keylen); hexdump((void*)aes->devKey, aes->keylen);
#endif #endif
/* Free the current key buffer if necessary */
if(c->aescbc_key != NULL) { if(c->aescbc_key != NULL) {
free(c->aescbc_key); free(c->aescbc_key);
c->aescbc_key=NULL; c->aescbc_key=NULL;
@ -709,27 +825,29 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
memcpy(c->aescbc_key,aes->devKey,aes->keylen); memcpy(c->aescbc_key,aes->devKey,aes->keylen);
/* Allow all privileges */ /* Allow all privileges */
VLT_FILE_PRIVILEGES keyPrivileges = { VLT_FILE_PRIVILEGES keyPrivileges = {0};
.u8Read=0xFF, keyPrivileges.u8Read= VAULTIC_KP_ALL;
.u8Write=0xFF, keyPrivileges.u8Write= VAULTIC_KP_ALL;
.u8Delete=0xFF, keyPrivileges.u8Delete= VAULTIC_KP_ALL;
.u8Execute=0xFF, keyPrivileges.u8Execute= VAULTIC_KP_ALL;
};
VLT_KEY_OBJECT tmpAesKey= { VLT_KEY_OBJECT tmpAesKey= {0};
.enKeyID=VLT_KEY_AES_128, tmpAesKey.enKeyID=VLT_KEY_AES_128;
.data.SecretKey.u8Mask=0, tmpAesKey.data.SecretKey.u8Mask=0;
.data.SecretKey.u16KeyLength=c->aescbc_keylen, tmpAesKey.data.SecretKey.u16KeyLength=c->aescbc_keylen;
.data.SecretKey.pu8Key=(VLT_PU8)(c->aescbc_key), tmpAesKey.data.SecretKey.pu8Key=(VLT_PU8)(c->aescbc_key);
};
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[0]=now(); ts[0]=now();
#endif
/* Try to delete the tmp aes key. Ignore errors here */ /* Try to delete the tmp aes key. Ignore errors here */
VltDeleteKey( VltDeleteKey(
CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPAES_KEYID); CCBVAULTIC_TMPAES_KEYID);
ts[1]=now();
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[1]=now();
#endif
/* Putkey aes->devKey, aes->keylen */ /* Putkey aes->devKey, aes->keylen */
vlt_rc=VltPutKey( vlt_rc=VltPutKey(
CCBVAULTIC_WOLFSSL_GRPID, CCBVAULTIC_WOLFSSL_GRPID,
@ -741,18 +859,18 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
hexdump(c->aescbc_key, c->aescbc_keylen); hexdump(c->aescbc_key, c->aescbc_keylen);
#endif #endif
} }
ts[2]=now();
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[2]=now();
#endif
/* Initialize Algo for AES-CBC */ /* Initialize Algo for AES-CBC */
VLT_ALGO_PARAMS aescbc_algo_params = { VLT_ALGO_PARAMS aescbc_algo_params = {0};
.u8AlgoID=VLT_ALG_CIP_AES, aescbc_algo_params.u8AlgoID = VLT_ALG_CIP_AES;
.data.SymCipher.enMode= BLOCK_MODE_CBC, aescbc_algo_params.data.SymCipher.enMode = BLOCK_MODE_CBC;
.data.SymCipher.enPadding= PADDING_NONE, aescbc_algo_params.data.SymCipher.enPadding = PADDING_NONE;
.data.SymCipher.u8IvLength= AES_BLOCK_SIZE, aescbc_algo_params.data.SymCipher.u8IvLength = AES_BLOCK_SIZE;
.data.SymCipher.u8Iv={0}, memcpy(aescbc_algo_params.data.SymCipher.u8Iv,
}; aes->reg,AES_BLOCK_SIZE);
memcpy(aescbc_algo_params.data.SymCipher.u8Iv,aes->reg,
AES_BLOCK_SIZE);
/* Perform encrypt/decrypt*/ /* Perform encrypt/decrypt*/
if(encrypt) { if(encrypt) {
@ -764,16 +882,26 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT InitAlgo:%x\n", vlt_rc); printf(" VLT InitAlgo:%x\n", vlt_rc);
#endif #endif
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[3]=now(); ts[3]=now();
vlt_rc=VltEncrypt(info->cipher.aescbc.sz, info->cipher.aescbc.in, #endif
vlt_rc=VltEncrypt(
info->cipher.aescbc.sz,
info->cipher.aescbc.in,
&out_len, &out_len,
info->cipher.aescbc.sz, info->cipher.aescbc.out); info->cipher.aescbc.sz,
info->cipher.aescbc.out);
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT Encrypt:%x\n", vlt_rc); printf(" VLT Encrypt:%x\n", vlt_rc);
#endif #endif
ts[4]=now();
const byte *last_block = info->cipher.aescbc.out + (blocks -1) * AES_BLOCK_SIZE; #ifdef CCBVAULTIC_DEBUG_TIMING
ts[4]=now();
#endif
/* Update CBC state in AES */
const byte *last_block = info->cipher.aescbc.out +
(blocks - 1) * AES_BLOCK_SIZE;
memcpy(aes->reg, last_block, AES_BLOCK_SIZE); memcpy(aes->reg, last_block, AES_BLOCK_SIZE);
} else { } else {
vlt_rc=VltInitializeAlgorithm( vlt_rc=VltInitializeAlgorithm(
@ -784,26 +912,32 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Conte
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT InitAlgo:%x\n", vlt_rc); printf(" VLT InitAlgo:%x\n", vlt_rc);
#endif #endif
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[3]=now(); ts[3]=now();
vlt_rc=VltDecrypt(info->cipher.aescbc.sz, info->cipher.aescbc.in, #endif
vlt_rc=VltDecrypt(
info->cipher.aescbc.sz,
info->cipher.aescbc.in,
&out_len, &out_len,
info->cipher.aescbc.sz, info->cipher.aescbc.out); info->cipher.aescbc.sz,
info->cipher.aescbc.out);
#if defined(CCBVAULTIC_DEBUG_ALL) #if defined(CCBVAULTIC_DEBUG_ALL)
printf(" VLT Decrypt:%x\n", vlt_rc); printf(" VLT Decrypt:%x\n", vlt_rc);
#endif #endif
#ifdef CCBVAULTIC_DEBUG_TIMING
ts[4]=now(); ts[4]=now();
const byte *last_block = info->cipher.aescbc.in + (blocks -1) * AES_BLOCK_SIZE; #endif
/* Update CBC state in AES */
const byte *last_block = info->cipher.aescbc.in +
(blocks - 1) * AES_BLOCK_SIZE;
memcpy(aes->reg, last_block, AES_BLOCK_SIZE); memcpy(aes->reg, last_block, AES_BLOCK_SIZE);
} }
#if 0 #ifdef CCBVAULTIC_DEBUG_TIMING
/* Delete the tmp aes key */ printf(" AES Encrypt(%d) Times(us): DltKey:%lu PutKey:%lu "
VltDeleteKey( "InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu\n",
CCBVAULTIC_WOLFSSL_GRPID,
CCBVAULTIC_TMPAES_KEYID);
#endif
#if defined(CCBVAULTIC_DEBUG)
printf(" AES Encrypt(%d) Times(us): DltKey:%lu PutKey:%lu InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu\n",
encrypt, encrypt,
(ts[1]-ts[0])/1000, (ts[1]-ts[0])/1000,
(ts[2]-ts[1])/1000, (ts[2]-ts[1])/1000,

15
ccb_vaultic/ccb_vaultic.h
View File

@ -31,7 +31,7 @@
#include "wolfssl/wolfcrypt/cryptocb.h" #include "wolfssl/wolfcrypt/cryptocb.h"
/* /*
* Implementation of wolfCrypt devcrypto callbacks * Implementation of wolfCrypt cryptocb callbacks
* *
* The wolfSSL port of the Wisekey VaultIC provides a wrapper library to allow * The wolfSSL port of the Wisekey VaultIC provides a wrapper library to allow
* the VaultIC to be used as an external crypto provider. This library depends * the VaultIC to be used as an external crypto provider. This library depends
@ -56,10 +56,14 @@ typedef struct {
/* Initialize the Wisekey VaultIC library and clear the context. /* Initialize the Wisekey VaultIC library and clear the context.
* Returns: 0 on success * Returns: 0 on success
* BAD_FUNC_ARGS with NULL context * BAD_FUNC_ARGS with NULL context
* WC_INIT_E on error initializing the VaultIC * WC_INIT_E on error initializing the VaultIC.
* */ * c->vlt_rc will have error code
*/
int ccbVaultIc_Init(ccbVaultIc_Context *c); int ccbVaultIc_Init(ccbVaultIc_Context *c);
/* Close the Wisekey VaultIC library. */
void ccbVaultIc_Cleanup(ccbVaultIc_Context *c);
/* Register this callback and associate with a context using: /* Register this callback and associate with a context using:
* ccbVaultIc_Context ctx={0}; * ccbVaultIc_Context ctx={0};
* ccbVaultIc_Init(&ctx); * ccbVaultIc_Init(&ctx);
@ -71,13 +75,10 @@ int ccbVaultIc_Init(ccbVaultIc_Context *c);
* wc_AesInit(&aes, NULL, CCBVAULTIC420_DEVID); * wc_AesInit(&aes, NULL, CCBVAULTIC420_DEVID);
* Returns: 0 on success * Returns: 0 on success
* CRYPTOCB_UNAVAILABLE if not initialized or not implemented * CRYPTOCB_UNAVAILABLE if not initialized or not implemented
* * MEMORY_E if memory allocation fails
*/ */
int ccbVaultIc_CryptoDevCb(int devId, int ccbVaultIc_CryptoDevCb(int devId,
wc_CryptoInfo* info, wc_CryptoInfo* info,
void* ctx); void* ctx);
/* Close the Wisekey VaultIC library. */
int ccbVaultIc_Cleanup(ccbVaultIc_Context *c);
#endif /* CCB_VAULTIC_H_ */ #endif /* CCB_VAULTIC_H_ */

16
ccb_vaultic/main-bench.c
View File

@ -31,8 +31,6 @@ int main(int argc, char **argv)
int rc=0; int rc=0;
ccbVaultIc_Context ctx;
/* Initialize wolfSSL and wolfCrypt */ /* Initialize wolfSSL and wolfCrypt */
rc=wolfSSL_Init(); rc=wolfSSL_Init();
if(rc!=WOLFSSL_SUCCESS) { if(rc!=WOLFSSL_SUCCESS) {
@ -40,22 +38,11 @@ int main(int argc, char **argv)
return(rc); return(rc);
} }
/* Initialize VaultIC */
rc= ccbVaultIc_Init(&ctx);
if(rc) {
fprintf(stderr, "Failed to initialize the VaultIC: %d\n",rc);
wolfSSL_Cleanup();
return(rc);
}
/* Register VaultIC as cryptocb */ /* Register VaultIC as cryptocb */
rc = wc_CryptoCb_RegisterDevice(CCBVAULTIC420_DEVID, rc = wc_CryptoCb_RegisterDevice(CCBVAULTIC420_DEVID,
ccbVaultIc_CryptoDevCb, &ctx); ccbVaultIc_CryptoDevCb, NULL);
if(rc) { if(rc) {
fprintf(stderr, "Failed to register cryptocb: %d\n", rc); fprintf(stderr, "Failed to register cryptocb: %d\n", rc);
ccbVaultIc_Cleanup(&ctx);
wolfSSL_Cleanup(); wolfSSL_Cleanup();
return(rc); return(rc);
} }
@ -64,7 +51,6 @@ int main(int argc, char **argv)
benchmark_test(NULL); benchmark_test(NULL);
wc_CryptoCb_UnRegisterDevice(CCBVAULTIC420_DEVID); wc_CryptoCb_UnRegisterDevice(CCBVAULTIC420_DEVID);
ccbVaultIc_Cleanup(&ctx);
wolfSSL_Cleanup(); wolfSSL_Cleanup();
return 0; return 0;