From 77f58467b5fb7b142c61ed0473f902bb72062c1b Mon Sep 17 00:00:00 2001 From: Bill Phipps Date: Mon, 31 Jul 2023 16:11:33 -0400 Subject: [PATCH] Updates per PR, cleanups, and error handling. --- .../app/src/main/cpp/NativeHelper.c | 2 +- ccb_vaultic/Makefile | 6 +- ccb_vaultic/ccb_vaultic.c | 1301 +++++++++-------- ccb_vaultic/ccb_vaultic.h | 33 +- ccb_vaultic/ccb_vaultic_defs.h | 34 - ccb_vaultic/main-bench.c | 117 +- ccb_vaultic/main-test.c | 115 +- 7 files changed, 912 insertions(+), 696 deletions(-) delete mode 100644 ccb_vaultic/ccb_vaultic_defs.h diff --git a/android/wolfssljni-ndk-gradle/app/src/main/cpp/NativeHelper.c b/android/wolfssljni-ndk-gradle/app/src/main/cpp/NativeHelper.c index b39e49c6..31ddca92 100644 --- a/android/wolfssljni-ndk-gradle/app/src/main/cpp/NativeHelper.c +++ b/android/wolfssljni-ndk-gradle/app/src/main/cpp/NativeHelper.c @@ -45,7 +45,7 @@ static int nativeStartup(void) #if defined(HAVE_CCBVAULTIC) && defined(WOLF_CRYPTO_CB_CMD) if((ret == 0) && (devId == CCBVAULTIC420_DEVID)) { ret = wc_CryptoCb_RegisterDevice((int) devId, - ccbVaultIc_CryptoDevCb, NULL); + ccbVaultIc_CryptoCb, NULL); } #endif diff --git a/ccb_vaultic/Makefile b/ccb_vaultic/Makefile index 3bb3a7d9..c17b7968 100644 --- a/ccb_vaultic/Makefile +++ b/ccb_vaultic/Makefile @@ -9,7 +9,7 @@ LD=${NDK_LD} WOLFSSL_DIR?=../../wolfssl # Relative path to VaultIC dev kit source -VAULTIC_DIR?=VaultIC-TLS_420/vaultic_tls-4xx +VAULTIC_DIR?=./VaultIC-TLS_420/vaultic_tls-4xx # Common settings and files CFLAGS+=-I. -O2 -DHAVE_CCBVAULTIC @@ -19,7 +19,6 @@ OBJS=ccb_vaultic.o CFLAGS+=-DCCBVAULTIC_DEBUG CFLAGS+=-DCCBVAULTIC_DEBUG_TIMING #CFLAGS+=-DCCBVAULTIC_DEBUG_ALL -#CFLAGS+=-DSPI_TRACE_ERRORS # Optionally disable certain kinds of offload #CFLAGS+=-DCCBVAULTIC_NO_AES @@ -37,6 +36,7 @@ VAULTIC_CHIP=420 CHIP_TARGET=TARGETCHIP_VAULTIC_$(VAULTIC_CHIP) CFLAGS+= -D$(CHIP_TARGET) CFLAGS+= -DUSE_SPI +#CFLAGS+=-DSPI_TRACE_ERRORS VAULTIC_ELIB?=$(VAULTIC_DIR)/VaultIC-Elib_$(VAULTIC_CHIP)/src CFLAGS+=-I$(VAULTIC_ELIB)/common @@ -52,7 +52,7 @@ CFLAGS+=-DWC_USE_DEVID=0x56490420 -DBENCH_EMBEDDED -DNO_MAIN_DRIVER TEST_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/test/test.o main-test.o BENCH_OBJS:=$(WOLFSSL_DIR)/wolfcrypt/benchmark/benchmark.o main-bench.o - +#Makefile rules all: wolfcrypt-test wolfcrypt-benchmark wolfcrypt-test: $(OBJS) $(TEST_OBJS) diff --git a/ccb_vaultic/ccb_vaultic.c b/ccb_vaultic/ccb_vaultic.c index 5cd2ac28..6f31166b 100644 --- a/ccb_vaultic/ccb_vaultic.c +++ b/ccb_vaultic/ccb_vaultic.c @@ -18,68 +18,56 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* System includes */ -#include /* For NULL */ -#include /* For memset/cpy */ + +/* + * Compilation options: + * + * HAVE_CCBVAULTIC + * Enable actual callbacks. This depends on VaultIC hardware libraries + * + * Defined options when HAVE_CCBVAULTIC is set: + * + * WOLF_CRYPTO_CB_CMD + * Enable delayed hardware initialization using Register and Unregister + * callback commands + * + * CCBVAULTIC_DEBUG: Print useful callback info using XPRINTF + * CCBVAULTIC_DEBUG_TIMING: Print useful timing info using XPRINTF + * CCBVAULTIC_DEBUG_ALL: Print copious info using XPRINTF + * + * CCBVAULTIC_NO_SHA: Do not handle SHA256 callback + * CCBVAULTIC_NO_RSA: Do not handle RSA callback + * CCBVAULTIC_NO_AES: Do not handle AES callback + * + * Expected wolfSSL/wolfCrypt defines from wolfcrypt/types.h or settings.h: + * XMALLOC: malloc() equivalent + * XREALLOC: realloc() equivalent + * XFREE: free() equivalent + * XMEMCPY: memcpy() equivalent + * XMEMSET: memset() equivalent + * XMEMCMP: memcmp() equivalent + * + * Overrideable defines: + * XPRINTF: printf() equivalent + * XNOW: clock_gettime(CLOCK_MONOTONIC) converted to uint64_t ns + */ + +#ifdef HAVE_CCBVAULTIC /* wolfSSL configuration */ -#include "wolfssl/options.h" +#ifndef WOLFSSL_USER_SETTINGS + #include "wolfssl/options.h" +#endif +#include "wolfssl/wolfcrypt/settings.h" /* wolfCrypt includes */ -#include "wolfssl/wolfcrypt/cryptocb.h" -#include "wolfssl/wolfcrypt/error-crypt.h" - -#include "wolfssl/wolfcrypt/wc_port.h" -#include "wolfssl/wolfcrypt/types.h" - -#include "wolfssl/wolfcrypt/hash.h" /* For HASH_FLAGS and types */ -#include "wolfssl/wolfcrypt/rsa.h" /* For RSA_MAX_SIZE */ +#include "wolfssl/wolfcrypt/cryptocb.h" /* For wc_cryptInfo */ +#include "wolfssl/wolfcrypt/error-crypt.h" /* For error values */ /* Local include */ #include "ccb_vaultic.h" -#ifndef HAVE_CCBVAULTIC -/* Provide dummy implementations of callbacks */ -int ccbVaultIc_Init(ccbVaultIc_Context *c) -{ - return CRYPTOCB_UNAVAILABLE; -} - -/* Close the Wisekey VaultIC library. */ -void ccbVaultIc_Cleanup(ccbVaultIc_Context *c) { - return; -} - - -int ccbVaultIc_CryptoDevCb(int devId, - wc_CryptoInfo* info, - void* ctx) -{ - return CRYPTOCB_UNAVAILABLE; -} -#else - -/* WiseKey VaultIC includes */ -#include "vaultic_tls.h" -#include "vaultic_config.h" -#include "vaultic_common.h" -#include "vaultic_api.h" -#include "vaultic_structs.h" - -#define VAULTIC_KP_ALL 0xFF /* Allow all users all privileges */ -#define VAULTIC_PKV_ASSURED VLT_PKV_ASSURED_EXPLICIT_VALIDATION - - - -/* Defined options: - * CCBVAULTIC_DEBUG: Print useful callback info using printf - * CCBVAULTIC_DEBUG_TIMING: Print useful timing info using printf - * CCBVAULTIC_DEBUG_ALL: Print copious info using printf - * CCBVAULTIC_NO_SHA: Do not handle SHA256 callback - * CCBVAULTIC_NO_RSA: Do not handle RSA callback - * CCBVAULTIC_NO_AES: Do not handle AES callback - */ - +/* Debug defines */ #ifdef CCBVAULTIC_DEBUG_ALL #ifndef CCBVAULTIC_DEBUG #define CCBVAULTIC_DEBUG @@ -89,49 +77,104 @@ int ccbVaultIc_CryptoDevCb(int devId, #endif #endif +#if defined(CCBVAULTIC_DEBUG) || defined(CCBVAULTIC_DEBUG_TIMING) + #ifndef XPRINTF + #define XPRINTF(...) printf(__VA_ARGS__) + #endif +#endif + + + +/* wolfcrypt includes */ +#include "wolfssl/wolfcrypt/types.h" /* types and X-defines */ + +#ifndef CCBVAULTIC_NO_SHA +#include "wolfssl/wolfcrypt/hash.h" /* For HASH_FLAGS and types */ +#endif + +#ifndef CCBVAULTIC_NO_RSA +#include "wolfssl/wolfcrypt/rsa.h" /* For RSA_MAX_SIZE and types */ +#endif + +#ifndef CCBVAULTIC_NO_AES +#include "wolfssl/wolfcrypt/aes.h" /* For AES_BLOCK_SIZE and types */ +#endif + #ifdef CCBVAULTIC_DEBUG_TIMING -#include /* For clock_gettime */ + #ifndef XNOW + #include + #include + #define XNOW(...) _now(__VA_ARGS__) + + static uint64_t _now(void) + { + struct timespec t; + if (clock_gettime(CLOCK_MONOTONIC, &t) < 0) + /* Return 0 on error */ + return 0; + return (uint64_t)t.tv_sec * 1000000000ull + t.tv_nsec; + } + #endif #endif -/* Forward declarations */ -static int HandlePkCallback(int devId, wc_CryptoInfo* info, - ccbVaultIc_Context *c); -static int HandleHashCallback(int devId, wc_CryptoInfo* info, - ccbVaultIc_Context *c); -static int HandleCipherCallback(int devId, wc_CryptoInfo* info, - ccbVaultIc_Context *c); +/* WiseKey VaultIC includes */ +#include "vaultic_tls.h" +#include "vaultic_config.h" +#include "vaultic_common.h" +#include "vaultic_api.h" +#include "vaultic_structs.h" + +/* Key/Group ID's to support temporary wolfSSL usage */ +#define CCBVAULTIC_WOLFSSL_GRPID 0xBB +#define CCBVAULTIC_TMPAES_KEYID 0x01 +#define CCBVAULTIC_TMPHMAC_KEYID 0x02 +#define CCBVAULTIC_TMPRSA_KEYID 0x03 + +/* Key attributes */ +#define VAULTIC_KP_ALL 0xFF /* Allow all users all key privileges */ +#define VAULTIC_PKV_ASSURED VLT_PKV_ASSURED_EXPLICIT_VALIDATION -#ifdef WOLF_CRYPTO_CB_CMD -/* Provide global singleton context to avoid allocation */ -static ccbVaultIc_Context localContext = {0}; -static int HandleCmdCallback(int devId, wc_CryptoInfo* info, - ccbVaultIc_Context *c); -#endif #ifdef CCBVAULTIC_DEBUG +/* Helper to provide simple hexdump */ static void hexdump(const unsigned char* p, size_t len) { - printf(" HD:%p for %lu bytes\n",p, len); - if(!p || !len) return; - size_t off=0; - for (off=0; off < len; off++) + XPRINTF(" HD:%p for %lu bytes\n",p, len); + if ( (p == NULL) || (len == 0)) + return; + size_t off = 0; + for (off = 0; off < len; off++) { - if(off%16 ==0) printf(" "); - printf("%02X ", p[off]); - if(off%16 ==15) printf("\n"); + if ((off % 16) == 0) + XPRINTF(" "); + XPRINTF("%02X ", p[off]); + if ((off % 16) == 15) + XPRINTF("\n"); } - if(off%16 !=15) printf("\n"); + if ( (off%16) != 15) + XPRINTF("\n"); } #endif -#ifdef CCBVAULTIC_DEBUG_TIMING -static uint64_t now(void) +/* Helper to translate vlt return codes to wolfSSL code */ +static int translateError(int vlt_rc) { - struct timespec t; - clock_gettime(CLOCK_MONOTONIC, &t); - return (uint64_t)t.tv_sec * 1000000000ull + t.tv_nsec; + /* vlt return codes are defined in src/common/vaultic_err.h */ + switch (vlt_rc) { + case VLT_OK: + return 0; + default: + /* Default to point to hardware */ + return WC_HW_E; + } +} + +static void clearContext(ccbVaultIc_Context *c) +{ + XMEMSET(c, 0, sizeof(*c)); + c->m = NULL; + c->aescbc_key = NULL; } -#endif int ccbVaultIc_Init(ccbVaultIc_Context *c) { @@ -141,23 +184,26 @@ int ccbVaultIc_Init(ccbVaultIc_Context *c) } /* Already Initialized? */ - if ((rc == 0 ) && (c->initialized >0)) { + if ((rc == 0) && (c->initialized >0)) { /* Increment use count */ c->initialized++; return 0; } if (rc == 0) { - memset(c, 0, sizeof(*c)); + clearContext(c); + /* Open the hardware and authenticate */ c->vlt_rc = vlt_tls_init(); - if (c->vlt_rc != 0) { - rc = WC_INIT_E; - } - else { - c->initialized = 1; - } + rc = translateError(c->vlt_rc); + } + if (rc == 0) { + c->initialized = 1; + } + else { + /* Override with an init error */ + rc = WC_INIT_E; } #ifdef CCBVAULTIC_DEBUG - printf("ccbVaultIc_Init: c:%p c->initialized:%d rc:%d vlt_rc:%d\n", + XPRINTF("ccbVaultIc_Init: c:%p c->initialized:%d rc:%d vlt_rc:%d\n", c, (c == NULL) ? -1 : c->initialized, rc, @@ -169,14 +215,14 @@ int ccbVaultIc_Init(ccbVaultIc_Context *c) void ccbVaultIc_Cleanup(ccbVaultIc_Context *c) { #ifdef CCBVAULTIC_DEBUG - printf("ccbVaultIc_Cleanup c:%p c->initialized:%d\n", c, + XPRINTF("ccbVaultIc_Cleanup c:%p c->initialized:%d\n", c, (c == NULL) ? -1 : c->initialized); #endif - if (c == NULL) { + /* Invalid context or not initialized? */ + if ((c == NULL) || + (c->initialized == 0)) { return; } - if (c->initialized == 0) - return; /* Decrement use count */ c->initialized--; @@ -184,51 +230,67 @@ void ccbVaultIc_Cleanup(ccbVaultIc_Context *c) return; /* Free allocated buffers */ - if (c->m) - free(c->m); - if (c->aescbc_key) - free(c->aescbc_key); + if (c->m != NULL) + XFREE(c->m, NULL, NULL); + if (c->aescbc_key != NULL) + XFREE(c->aescbc_key, NULL, NULL); - memset(c, 0, sizeof(*c)); + clearContext(c); /* Set the return value in the struct */ + /* Close the hardware */ c->vlt_rc = vlt_tls_close(); } -int ccbVaultIc_CryptoDevCb(int devId, - wc_CryptoInfo* info, - void* ctx) -{ - ccbVaultIc_Context *c = (ccbVaultIc_Context*)ctx; - int rc = CRYPTOCB_UNAVAILABLE; - (void)devId; +#ifdef WOLF_CRYPTO_CB + +/* Forward declarations */ +static int HandlePkCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c); +static int HandleHashCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c); +static int HandleCipherCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c); - if( !info || #ifdef WOLF_CRYPTO_CB_CMD - ((info->algo_type != WC_ALGO_TYPE_NONE) && -#else - (1 && +/* Provide global singleton context to avoid allocation */ +static ccbVaultIc_Context localContext = CCBVAULTIC_CONTEXT_INITIALIZER; +static int HandleCmdCallback(int devId, wc_CryptoInfo* info, + ccbVaultIc_Context *c); #endif - (!c || !c->initialized))) { + +int ccbVaultIc_CryptoCb(int devId, + wc_CryptoInfo* info, + void* ctx) +{ + (void)devId; + ccbVaultIc_Context* c = (ccbVaultIc_Context*)ctx; + int rc = CRYPTOCB_UNAVAILABLE; + + /* Allow null/uninitialized context for ALGO_TYPE_NUNE */ + if ( (info == NULL) || + ((info->algo_type != WC_ALGO_TYPE_NONE) && + ((c == NULL) || (c->initialized == 0)))) { /* Invalid info or context */ #if defined(CCBVAULTIC_DEBUG) - printf("Invalid callback. info:%p c:%p c->init:%d\n", + XPRINTF("Invalid callback. info:%p c:%p c->init:%d\n", info, c, c ? c->initialized : -1); #endif - return rc; + return BAD_FUNC_ARG; } switch(info->algo_type) { + case WC_ALGO_TYPE_NONE: #ifdef WOLF_CRYPTO_CB_CMD #if defined(CCBVAULTIC_DEBUG) - printf(" CryptoDevCb NONE-Command: %d %p\n", + XPRINTF(" CryptoDevCb NONE-Command: %d %p\n", info->cmd.type, info->cmd.ctx); #endif rc = HandleCmdCallback(devId, info, ctx); #else #if defined(CCBVAULTIC_DEBUG) - printf(" CryptoDevCb NONE:\n"); + XPRINTF(" CryptoDevCb NONE:\n"); #endif /* Nothing to do */ #endif @@ -236,7 +298,7 @@ int ccbVaultIc_CryptoDevCb(int devId, case WC_ALGO_TYPE_HASH: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" CryptoDevCb HASH: Type:%d\n", info->hash.type); + XPRINTF(" CryptoDevCb HASH: Type:%d\n", info->hash.type); #endif #if !defined(NO_SHA) || !defined(NO_SHA256) /* Perform a hash */ @@ -246,7 +308,7 @@ int ccbVaultIc_CryptoDevCb(int devId, case WC_ALGO_TYPE_CIPHER: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" CryptoDevCb CIPHER: Type:%d\n", info->cipher.type); + XPRINTF(" CryptoDevCb CIPHER: Type:%d\n", info->cipher.type); #endif #if !defined(NO_AES) /* Perform a symmetric cipher */ @@ -256,7 +318,7 @@ int ccbVaultIc_CryptoDevCb(int devId, case WC_ALGO_TYPE_PK: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" CryptoDevCb PK: Type:%d\n", info->pk.type); + XPRINTF(" CryptoDevCb PK: Type:%d\n", info->pk.type); #endif #if !defined(NO_RSA) || defined(HAVE_ECC) /* Perform a PKI operation */ @@ -266,18 +328,18 @@ int ccbVaultIc_CryptoDevCb(int devId, case WC_ALGO_TYPE_RNG: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" CryptoDevCb RNG: Out:%p Sz:%d\n", info->rng.out, info->rng.sz); + XPRINTF(" CryptoDevCb RNG: Out:%p Sz:%d\n", + info->rng.out, info->rng.sz); #endif #if !defined(WC_NO_RNG) /* Put info->rng.sz random bytes into info->rng.out*/ /* TODO rc = VaultIC_Random(); */ - rc = CRYPTOCB_UNAVAILABLE; #endif break; case WC_ALGO_TYPE_SEED: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" CryptoDevCb SEED: Seed:%p Sz:%d\n", info->seed.seed, + XPRINTF(" CryptoDevCb SEED: Seed:%p Sz:%d\n", info->seed.seed, info->seed.sz); #endif #if !defined(WC_NO_RNG) @@ -288,19 +350,19 @@ int ccbVaultIc_CryptoDevCb(int devId, case WC_ALGO_TYPE_HMAC: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" CryptoDevCb HMAC:\n"); + XPRINTF(" CryptoDevCb HMAC:\n"); #endif break; case WC_ALGO_TYPE_CMAC: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" CryptoDevCb CMAC:\n"); + XPRINTF(" CryptoDevCb CMAC:\n"); #endif break; default: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" CryptoDevCb UNKNOWN\n"); + XPRINTF(" CryptoDevCb UNKNOWN: %d\n", info->algo_type); #endif break; } @@ -314,24 +376,30 @@ static int HandleCmdCallback(int devId, wc_CryptoInfo* info, int rc = CRYPTOCB_UNAVAILABLE; /* Ok to have null context at this point*/ switch(info->cmd.type) { + case WC_CRYPTOCB_CMD_TYPE_REGISTER: { /* Is the context nonnull already? Nothing to do */ - if(c != NULL) break; - /* Update the info struct to use localContext */ + if (c != NULL) + break; + rc = ccbVaultIc_Init(&localContext); - if(rc == 0) { - info->cmd.ctx=&localContext; + if (rc == 0) { + /* Update the info struct to use localContext */ + info->cmd.ctx = &localContext; } }; break; + case WC_CRYPTOCB_CMD_TYPE_UNREGISTER: { /* Is the current context not set? Nothing to do*/ - if(c == NULL) break; + if (c == NULL) + break; ccbVaultIc_Cleanup(c); /* Return success */ rc = 0; }; break; + default: break; } @@ -343,237 +411,257 @@ static int HandlePkCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) { int rc = CRYPTOCB_UNAVAILABLE; -#ifdef CCBVAULTIC_DEBUG_TIMING - uint64_t ts[6]={0}; -#endif switch(info->pk.type) { + case WC_PK_TYPE_NONE: - #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback NONE\n"); - #endif - break; + { +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" HandlePkCallback NONE\n"); +#endif + }; break; case WC_PK_TYPE_RSA: + { #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback RSA: Type:%d\n",info->pk.rsa.type); + XPRINTF(" HandlePkCallback RSA: Type:%d\n",info->pk.rsa.type); #endif #if !defined(CCBVAULTIC_NO_RSA) - { + switch(info->pk.rsa.type) { - if((info->pk.rsa.type == RSA_PUBLIC_DECRYPT) || /* RSA Verify */ - (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT)) /* RSA Encrypt */ - { - byte e[sizeof(uint32_t)] = {0}; - byte n[RSA_MAX_SIZE / 8] = {0}; - word32 eSz = sizeof(e); - word32 nSz = sizeof(n); + case RSA_PUBLIC_DECRYPT: /* RSA Verify */ + case RSA_PUBLIC_ENCRYPT: /* RSA Encrypt */ + { /* Handle RSA Pub Key op */ + byte e[sizeof(uint32_t)]; + byte e_pad[sizeof(e)]; + byte n[RSA_MAX_SIZE / 8]; + word32 eSz = sizeof(e); + word32 nSz = sizeof(n); - rc = wc_RsaFlattenPublicKey(info->pk.rsa.key, e, &eSz, n, &nSz); - - /* VaultIC requires e to be MSB-padded to 4-byte multiples*/ - byte e_pad[sizeof(e)] = {0}; - memcpy(&e_pad[(sizeof(e_pad)-eSz)],e,eSz); - -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" RSA Flatten Pub Key:%d, eSz:%u nSz:%u\n", - rc, eSz, nSz); - hexdump(e,sizeof(e)); - hexdump(e_pad,sizeof(e_pad)); - - hexdump(n,sizeof(n)); -#endif - /* Allow all privileges */ - - VLT_FILE_PRIVILEGES keyPrivileges = {0}; - keyPrivileges.u8Read = VAULTIC_KP_ALL; - keyPrivileges.u8Write = VAULTIC_KP_ALL; - keyPrivileges.u8Delete = VAULTIC_KP_ALL; - keyPrivileges.u8Execute = VAULTIC_KP_ALL; - - - VLT_KEY_OBJECT tmpRsaKey= {0}; - tmpRsaKey.enKeyID = VLT_KEY_RSAES_PUB; - tmpRsaKey.data.RsaPubKey.u16NLen = nSz; - tmpRsaKey.data.RsaPubKey.pu8N = n; - tmpRsaKey.data.RsaPubKey.u16ELen = sizeof(e_pad); - tmpRsaKey.data.RsaPubKey.pu8E = e_pad; - tmpRsaKey.data.RsaPubKey.enAssurance = VAULTIC_PKV_ASSURED; - - /* Try to delete the tmp rsa key. Ignore errors here */ -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[0]=now(); -#endif - VltDeleteKey( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPRSA_KEYID); -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[1]=now(); -#endif - int vlt_rc=0; - vlt_rc=VltPutKey( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPRSA_KEYID, - &keyPrivileges, - &tmpRsaKey); -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[2]=now(); -#endif - -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT PutKey:%x\n", vlt_rc); -#endif - - /* Initialize Algo for RSA Pub Decrypt */ - VLT_ALGO_PARAMS rsapub_algo_params = { - .u8AlgoID=VLT_ALG_CIP_RSAES_X509, - /* Raw RSA. No other data */ - }; - - VLT_U32 out_len=0; - vlt_rc=VltInitializeAlgorithm( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPRSA_KEYID, - VLT_ENCRYPT_MODE,&rsapub_algo_params); -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[3]=now(); -#endif - -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT InitAlgo:%x\n", vlt_rc); -#endif - vlt_rc=VltEncrypt(info->pk.rsa.inLen, info->pk.rsa.in, - &out_len, - info->pk.rsa.inLen, info->pk.rsa.out); - if(info->pk.rsa.outLen) *(info->pk.rsa.outLen)=out_len; -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[4]=now(); -#endif - -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT Encrypt:%x inSz:%u outSz:%lu\n", - vlt_rc, info->pk.rsa.inLen, out_len); -#endif + VLT_U32 out_len = 0; + VLT_FILE_PRIVILEGES keyPrivileges; + VLT_KEY_OBJECT tmpRsaKey; + VLT_ALGO_PARAMS rsapub_algo_params; #ifdef CCBVAULTIC_DEBUG_TIMING - printf(" RSA Encrypt Times(us): DltKey:%lu PutKey:%lu " - "InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu " - "KeySize:%u\n", - (ts[1]-ts[0])/1000, - (ts[2]-ts[1])/1000, - (ts[3]-ts[2])/1000, - (ts[4]-ts[3])/1000, - info->pk.rsa.inLen, out_len,nSz); + uint64_t ts[6]; + XMEMSET(ts, 0, sizeof(ts)); #endif - /* Update return value to indicate success */ - rc=0; - } else { - /* Not supported */ + /* Extract key values from RSA context */ + rc = wc_RsaFlattenPublicKey(info->pk.rsa.key, e, &eSz, n, &nSz); + if (rc != 0) break; - } - }; + + /* VaultIC requires e to be MSB-padded to 4-byte multiples*/ + XMEMSET(e_pad, 0, sizeof(e_pad)); + XMEMCPY(&e_pad[(sizeof(e_pad)-eSz)], e, eSz); + +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" RSA Flatten Pub Key:%d, eSz:%u nSz:%u\n", + rc, eSz, nSz); + hexdump(e,sizeof(e)); + hexdump(e_pad,sizeof(e_pad)); + hexdump(n,sizeof(n)); #endif - break; + /* Set tmpRsaKey privileges */ + keyPrivileges.u8Read = VAULTIC_KP_ALL; + keyPrivileges.u8Write = VAULTIC_KP_ALL; + keyPrivileges.u8Delete = VAULTIC_KP_ALL; + keyPrivileges.u8Execute = VAULTIC_KP_ALL; + + /* Set tmpRsaKey values for public key */ + tmpRsaKey.enKeyID = VLT_KEY_RSAES_PUB; + tmpRsaKey.data.RsaPubKey.u16NLen = nSz; + tmpRsaKey.data.RsaPubKey.pu8N = n; + tmpRsaKey.data.RsaPubKey.u16ELen = sizeof(e_pad); + tmpRsaKey.data.RsaPubKey.pu8E = e_pad; + tmpRsaKey.data.RsaPubKey.enAssurance = VAULTIC_PKV_ASSURED; + + /* Set algo to Raw RSA ES*/ + rsapub_algo_params.u8AlgoID = VLT_ALG_CIP_RSAES_X509; + + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[0] = XNOW(); +#endif + /* Try to delete the tmp rsa key. Ignore errors here */ + VltDeleteKey( + CCBVAULTIC_WOLFSSL_GRPID, + CCBVAULTIC_TMPRSA_KEYID); + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[1] = XNOW(); +#endif + c->vlt_rc = VltPutKey( + CCBVAULTIC_WOLFSSL_GRPID, + CCBVAULTIC_TMPRSA_KEYID, + &keyPrivileges, + &tmpRsaKey); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VLT PutKey:%x\n", c->vlt_rc); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[2] = XNOW(); +#endif + /* Initialize Algo for RSA Pub Encrypt */ + c->vlt_rc = VltInitializeAlgorithm( + CCBVAULTIC_WOLFSSL_GRPID, + CCBVAULTIC_TMPRSA_KEYID, + VLT_ENCRYPT_MODE, + &rsapub_algo_params); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VLT InitAlgo:%x\n", c->vlt_rc); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[3] = XNOW(); +#endif + /* Perform the RSA pub key encrypt */ + c->vlt_rc = VltEncrypt( + info->pk.rsa.inLen, + info->pk.rsa.in, + &out_len, + info->pk.rsa.inLen, + info->pk.rsa.out); + + if (info->pk.rsa.outLen) + *(info->pk.rsa.outLen) = out_len; +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VLT Encrypt:%x inSz:%u outSz:%lu\n", + c->vlt_rc, info->pk.rsa.inLen, out_len); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[4] = XNOW(); + XPRINTF(" RSA Encrypt Times(us): DltKey:%lu PutKey:%lu " + "InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu " + "KeySize:%u\n", + (ts[1]-ts[0])/1000, + (ts[2]-ts[1])/1000, + (ts[3]-ts[2])/1000, + (ts[4]-ts[3])/1000, + info->pk.rsa.inLen, out_len,nSz); +#endif + };break; /* Handle RSA Pub Key op */ + + case RSA_PRIVATE_ENCRYPT: /* RSA Sign */ + case RSA_PRIVATE_DECRYPT: /* RSA Decrypt */ + default: + /* Not supported */ + break; + } +#endif + }; break; case WC_PK_TYPE_DH: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback DH\n"); + XPRINTF(" HandlePkCallback DH\n"); #endif break; case WC_PK_TYPE_ECDH: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback ECDH\n"); + XPRINTF(" HandlePkCallback ECDH\n"); #endif break; case WC_PK_TYPE_ECDSA_SIGN: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback ECDSA_SIGN\n"); + XPRINTF(" HandlePkCallback ECDSA_SIGN\n"); #endif break; case WC_PK_TYPE_ECDSA_VERIFY: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback ECDSA_VERIFY\n"); + XPRINTF(" HandlePkCallback ECDSA_VERIFY\n"); #endif break; case WC_PK_TYPE_ED25519_SIGN: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback ED25519_SIGN\n"); + XPRINTF(" HandlePkCallback ED25519_SIGN\n"); #endif break; case WC_PK_TYPE_CURVE25519: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback CURVE25519\n"); + XPRINTF(" HandlePkCallback CURVE25519\n"); #endif break; case WC_PK_TYPE_RSA_KEYGEN: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback RSA_KEYGEN\n"); + XPRINTF(" HandlePkCallback RSA_KEYGEN\n"); #endif break; case WC_PK_TYPE_EC_KEYGEN: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback EC_KEYGEN\n"); + XPRINTF(" HandlePkCallback EC_KEYGEN\n"); #endif break; case WC_PK_TYPE_RSA_CHECK_PRIV_KEY: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback RSA_CHECK_PRIV_KEY\n"); + XPRINTF(" HandlePkCallback RSA_CHECK_PRIV_KEY\n"); #endif break; case WC_PK_TYPE_EC_CHECK_PRIV_KEY: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback EC_CHECK_PRIV_KEY\n"); + XPRINTF(" HandlePkCallback EC_CHECK_PRIV_KEY\n"); #endif break; case WC_PK_TYPE_ED448: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback ED448\n"); + XPRINTF(" HandlePkCallback ED448\n"); #endif break; case WC_PK_TYPE_CURVE448: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback CRUVE448\n"); + XPRINTF(" HandlePkCallback CRUVE448\n"); #endif break; case WC_PK_TYPE_ED25519_VERIFY: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback ED25519_VERIFY\n"); + XPRINTF(" HandlePkCallback ED25519_VERIFY\n"); #endif break; case WC_PK_TYPE_ED25519_KEYGEN: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback ED25519_KEYGEN\n"); + XPRINTF(" HandlePkCallback ED25519_KEYGEN\n"); #endif break; case WC_PK_TYPE_CURVE25519_KEYGEN: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback CURVE25519_KEYGEN\n"); + XPRINTF(" HandlePkCallback CURVE25519_KEYGEN\n"); #endif break; case WC_PK_TYPE_RSA_GET_SIZE: #if defined(CCBVAULTIC_DEBUG) - printf(" HandlePkCallback RSA_GET_SIZE\n"); + XPRINTF(" HandlePkCallback RSA_GET_SIZE\n"); #endif break; default: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandlePkCallback UNKNOWN\n"); + XPRINTF(" HandlePkCallback UNKNOWN: %d\n",info->pk.type); #endif break; } @@ -584,28 +672,31 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) { int rc = CRYPTOCB_UNAVAILABLE; -#ifdef CCBVAULTIC_DEBUG_TIMING - uint64_t ts[3]={0}; -#endif + switch(info->hash.type) { case WC_HASH_TYPE_NONE: + #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleHashCallback NONE\n"); + XPRINTF(" HandleHashCallback NONE\n"); #endif break; + case WC_HASH_TYPE_SHA: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleHashCallback SHA\n"); + XPRINTF(" HandleHashCallback SHA\n"); #endif break; + case WC_HASH_TYPE_SHA224: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleHashCallback SHA224\n"); + XPRINTF(" HandleHashCallback SHA224\n"); #endif break; + case WC_HASH_TYPE_SHA256: + { #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleHashCallback SHA256. In:%p InSz:%u Digest:%p " + XPRINTF(" HandleHashCallback SHA256. In:%p InSz:%u Digest:%p " "c->m:%p c->m_len:%lu c->t:%d\n", info->hash.in, info->hash.inSz, info->hash.digest, c->m, c->m_len, c->hash_type); @@ -616,164 +707,187 @@ static int HandleHashCallback(int devId, wc_CryptoInfo* info, * info->hash.in != NULL --> Update * info->hash.digest != NULL --> Final */ - { - /* New/different hashtype than last time? */ - if (c->hash_type != info->hash.type) { - /* New/different hash than last time. Erase state */ -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" New Hash\n"); +#ifdef CCBVAULTIC_DEBUG_TIMING + uint64_t ts[3]; + XMEMSET(ts, 0, sizeof(ts)); #endif - if (c->m) - free(c->m); + /* New/different hashtype than last time? */ + if (c->hash_type != info->hash.type) { + /* New/different hash than last time. Erase state */ +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" New Hash\n"); +#endif + if (c->m != NULL) + XFREE(c->m, NULL, NULL); + c->m = NULL; + c->m_len = 0; + c->hash_type = info->hash.type; + } + + /* Update needed? */ + /* III Buffering ALL messages, not just WILL_COPY */ + if ( (info->hash.in != NULL) && + (info->hash.inSz > 0)) { + /* Buffer data */ + if (c->m == NULL) { + c->m = XMALLOC(info->hash.inSz, NULL, NULL); + if (c->m == NULL) { + /* Failure to allocate. Must return error */ +#if defined(CCBVAULTIC_DEBUG) + XPRINTF(" Failed to alloc. Size:%u\n", + info->hash.inSz); +#endif + rc = MEMORY_E; + break; + } + c->m_len = 0; +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" Alloc to %p. Size:%u\n", c->m, info->hash.inSz); +#endif + } else { + /* Realloc and add new data in */ + void *new_buf = XREALLOC(c->m, c->m_len + info->hash.inSz, + NULL, NULL); + if (new_buf == NULL) { + /* Failure to realloc. Must return error */ +#if defined(CCBVAULTIC_DEBUG) + XPRINTF(" Failed to XREALLOC. New size:%lu\n", + c->m_len + info->hash.inSz); +#endif + rc = MEMORY_E; + break; + } + c->m = new_buf; +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" Realloc to %p. New size:%lu\n", + c->m, c->m_len + info->hash.inSz); +#endif + } + + /* Copy new data into the buffer */ + XMEMCPY(c->m + c->m_len, info->hash.in, info->hash.inSz); + c->m_len += info->hash.inSz; +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" Buffered to %p. Buffer size:%lu\n", c->m, c->m_len); +#endif + /* Successful update */ + rc = 0; + } /* End of Update */ + + /* Finalize needed? */ + if (info->hash.digest != NULL) { + /* Initialize for Hashing */ + VLT_U8 sha_out_len = 0; + VLT_ALGO_PARAMS sha256_algo_params; + + sha256_algo_params.u8AlgoID = VLT_ALG_DIG_SHA256; +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[0] = XNOW(); +#endif + + c->vlt_rc = VltInitializeAlgorithm( + 0, + 0, + VLT_DIGEST_MODE, + &sha256_algo_params); + +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VltInit SHA256:%x\n", c->vlt_rc); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[1] = XNOW(); +#endif + /* No data buffered? Likely test case. Needs 2 steps */ + if (c->m == NULL) + { + c->vlt_rc = VltUpdateMessageDigest( + c->m_len, + c->m); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VltUpdate SHA256:%x\n", c->vlt_rc); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + + c->vlt_rc = VltComputeMessageDigestFinal( + &sha_out_len, + WC_SHA256_DIGEST_SIZE, + info->hash.digest); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VltFinal SHA256:%x\n", c->vlt_rc); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + } + else { + c->vlt_rc = VltComputeMessageDigest( + c->m_len, + c->m, + &sha_out_len, + WC_SHA256_DIGEST_SIZE, + info->hash.digest); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VltCompute SHA256:%x\n", c->vlt_rc); + hexdump(info->hash.digest, WC_SHA256_DIGEST_SIZE); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + } + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[2] = XNOW(); + XPRINTF(" SHA256 Compute Times(us): InitAlgo:%lu Digest:%lu " + "InSize:%lu OutSize:%u\n", + (ts[1]-ts[0])/1000, + (ts[2]-ts[1])/1000, + c->m_len, sha_out_len); +#endif + + /* Deallocate/clear if this hash was NOT a copy*/ +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" Hash flags:%x\n", + (info->hash.sha256 != NULL) ? + info->hash.sha256->flags : + -1); +#endif + /* If there are no flags OR if flags say its a copy then... */ + if ((info->hash.sha256 == NULL) || + !(info->hash.sha256->flags & WC_HASH_FLAG_ISCOPY)) { +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" Freeing hash state\n"); +#endif + if (c->m != NULL) + XFREE(c->m, NULL, NULL); c->m = NULL; c->m_len = 0; - c->hash_type = info->hash.type; + c->hash_type = WC_HASH_TYPE_NONE; } - /* Update needed? */ - /* III Buffering ALL messages, not just WILL_COPY */ - if ( (info->hash.in != NULL) && - (info->hash.inSz > 0)) { - /* Buffer data */ - if (c->m) { - /* Realloc and add new data in */ - void *new_buf = realloc(c->m, c->m_len + info->hash.inSz); - if (new_buf == NULL) { - /* Failure to allocate. Must return error */ -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Failed to realloc. New size:%lu\n", - c->m_len + info->hash.inSz); + /* Successful finalize */ + rc = 0; + } /* End of finalize */ #endif - rc = MEMORY_E; - break; - } - c->m = new_buf; -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Realloc to %p. New size:%lu\n", - c->m, c->m_len + info->hash.inSz); -#endif - } else { - c->m = malloc(info->hash.inSz); - if (!c->m) { - /* Failure to allocate. Must return error */ -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Failed to alloc. Size:%u\n", - info->hash.inSz); -#endif - rc = MEMORY_E; - break; - } -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Alloc to %p. Size:%u\n", c->m, info->hash.inSz); -#endif - c->m_len = 0; - } - memcpy(c->m + c->m_len, info->hash.in, info->hash.inSz); - c->m_len += info->hash.inSz; -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Buffered to %p. Buffer size:%lu\n", c->m, c->m_len); -#endif - rc = 0; - } + }; break; - /* Finalize needed? */ - if (info->hash.digest) { - /* Initialize for Hashing */ - VLT_U8 sha_out_len=0; - VLT_ALGO_PARAMS sha256_algo_params = {0}; - sha256_algo_params.u8AlgoID = VLT_ALG_DIG_SHA256; -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[0]=now(); -#endif - int vlt_rc=0; - vlt_rc=VltInitializeAlgorithm( - 0, - 0, - VLT_DIGEST_MODE, - &sha256_algo_params); -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[1]=now(); -#endif - -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VltInit SHA256:%x\n", vlt_rc); - memset(info->hash.digest, 0, WC_SHA256_DIGEST_SIZE); -#endif - /* No data buffered? Likely test case. Needs 2 steps */ - if (c->m == NULL) - { - vlt_rc = VltUpdateMessageDigest( - c->m_len, - c->m); -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VltUpdate SHA256:%x\n", vlt_rc); -#endif - vlt_rc = VltComputeMessageDigestFinal( - &sha_out_len, - WC_SHA256_DIGEST_SIZE, - info->hash.digest); -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VltFinal SHA256:%x\n", vlt_rc); -#endif - } - else { - vlt_rc=VltComputeMessageDigest( - c->m_len, - c->m, - &sha_out_len, - WC_SHA256_DIGEST_SIZE, - info->hash.digest); - } -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VltCompute SHA256:%x\n", vlt_rc); - hexdump(info->hash.digest, WC_SHA256_DIGEST_SIZE); -#endif - -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[2]=now(); -#endif - -#ifdef CCBVAULTIC_DEBUG_TIMING - printf(" SHA256 Compute Times(us): InitAlgo:%lu Digest:%lu " - "InSize:%lu OutSize:%u\n", - (ts[1]-ts[0])/1000, - (ts[2]-ts[1])/1000, - c->m_len, sha_out_len); -#endif - - /* Deallocate/clear if this hash was NOT a copy*/ -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Hash flags:%x\n", - (info->hash.sha256 != NULL) ? - info->hash.sha256->flags : - -1); -#endif - if((info->hash.sha256 == NULL) || - !(info->hash.sha256->flags & WC_HASH_FLAG_ISCOPY)) { -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" Freeing hash state\n"); -#endif - if (c->m) - free(c->m); - c->m = NULL; - c->m_len = 0; - c->hash_type = WC_HASH_TYPE_NONE; - } - rc=0; - } - } -#endif - break; case WC_HASH_TYPE_SHA384: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleHashCallback SHA384\n"); + XPRINTF(" HandleHashCallback SHA384\n"); #endif break; + case WC_HASH_TYPE_SHA512: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleHashCallback SHA512\n"); + XPRINTF(" HandleHashCallback SHA512\n"); #endif break; + default: break; } @@ -784,238 +898,253 @@ static int HandleCipherCallback(int devId, wc_CryptoInfo* info, ccbVaultIc_Context *c) { int rc = CRYPTOCB_UNAVAILABLE; + switch(info->cipher.type) { + case WC_CIPHER_NONE: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback NONE\n"); + XPRINTF(" HandleCipherCallback NONE\n"); #endif break; case WC_CIPHER_AES: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback AES\n"); + XPRINTF(" HandleCipherCallback AES\n"); #endif break; case WC_CIPHER_AES_CBC: + { #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback AES_CBC\n"); + XPRINTF(" HandleCipherCallback AES_CBC\n"); #endif #if !defined(CCBVAULTIC_NO_AES) - { - Aes* aes = info->cipher.aescbc.aes; - int encrypt = info->cipher.enc; - VLT_U32 out_len = 0; - int vlt_rc = 0; -#ifdef CCBVAULTIC_DEBUG_TIMING - uint64_t ts[6] = {0}; -#endif - if(!aes) break; + Aes* aes = info->cipher.aescbc.aes; + int encrypt = info->cipher.enc; + unsigned int blocks = 0; + const byte *last_block; - /* Support AES128 for now */ - if(aes->keylen != AES_128_KEY_SIZE) break; - - /* Check number of blocks */ - unsigned int blocks = info->cipher.aescbc.sz / AES_BLOCK_SIZE; - if(blocks == 0) break; - - /* Check if key is not he same as last time */ - if( (c->aescbc_key == NULL) || - (c->aescbc_keylen != aes->keylen) || - (memcmp(c->aescbc_key, aes->devKey, aes->keylen))) { -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" New AES Key: ckey:%p clen:%lu akey:%p alen:%u\n", - c->aescbc_key,c->aescbc_keylen, aes->devKey, aes->keylen); - hexdump((void*)aes->devKey, aes->keylen); -#endif - /* Free the current key buffer if necessary */ - if(c->aescbc_key != NULL) { - free(c->aescbc_key); - c->aescbc_key=NULL; - c->aescbc_keylen=0; - } - /* Allocate key buffer */ - c->aescbc_key=malloc(aes->keylen); - if(!c->aescbc_key) { -#if defined(CCBVAULTIC_DEBUG) - printf(" Failed to allocate new AES Key of size:%u\n", - aes->keylen); -#endif - break; - } - - c->aescbc_keylen=aes->keylen; - memcpy(c->aescbc_key,aes->devKey,aes->keylen); - - /* Allow all privileges */ - VLT_FILE_PRIVILEGES keyPrivileges = {0}; - keyPrivileges.u8Read= VAULTIC_KP_ALL; - keyPrivileges.u8Write= VAULTIC_KP_ALL; - keyPrivileges.u8Delete= VAULTIC_KP_ALL; - keyPrivileges.u8Execute= VAULTIC_KP_ALL; - - VLT_KEY_OBJECT tmpAesKey= {0}; - tmpAesKey.enKeyID=VLT_KEY_AES_128; - tmpAesKey.data.SecretKey.u8Mask=0; - tmpAesKey.data.SecretKey.u16KeyLength=c->aescbc_keylen; - tmpAesKey.data.SecretKey.pu8Key=(VLT_PU8)(c->aescbc_key); + VLT_U32 out_len = 0; + VLT_FILE_PRIVILEGES keyPrivileges; + VLT_KEY_OBJECT tmpAesKey; + VLT_ALGO_PARAMS aescbc_algo_params; + int vlt_mode = 0; #ifdef CCBVAULTIC_DEBUG_TIMING - ts[0]=now(); + uint64_t ts[6]; + XMEMSET(ts, 0, sizeof(ts)); #endif - /* Try to delete the tmp aes key. Ignore errors here */ - VltDeleteKey( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPAES_KEYID); + /* Invalid incoming context? Return error*/ + if (aes == NULL) + rc = BAD_FUNC_ARG; + break; -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[1]=now(); -#endif - /* Putkey aes->devKey, aes->keylen */ - vlt_rc=VltPutKey( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPAES_KEYID, - &keyPrivileges, - &tmpAesKey); -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT PutKey:%x\n", vlt_rc); - hexdump(c->aescbc_key, c->aescbc_keylen); -#endif - } + /* Only support AES128 */ + if (aes->keylen != AES_128_KEY_SIZE) + break; -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[2]=now(); -#endif - /* Initialize Algo for AES-CBC */ - VLT_ALGO_PARAMS aescbc_algo_params = {0}; - aescbc_algo_params.u8AlgoID = VLT_ALG_CIP_AES; - aescbc_algo_params.data.SymCipher.enMode = BLOCK_MODE_CBC; - aescbc_algo_params.data.SymCipher.enPadding = PADDING_NONE; - aescbc_algo_params.data.SymCipher.u8IvLength = AES_BLOCK_SIZE; - memcpy(aescbc_algo_params.data.SymCipher.u8Iv, - aes->reg,AES_BLOCK_SIZE); - - /* Perform encrypt/decrypt*/ - if(encrypt) { - vlt_rc=VltInitializeAlgorithm( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPAES_KEYID, - VLT_ENCRYPT_MODE, - &aescbc_algo_params); -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT InitAlgo:%x\n", vlt_rc); -#endif - -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[3]=now(); -#endif - vlt_rc=VltEncrypt( - info->cipher.aescbc.sz, - info->cipher.aescbc.in, - &out_len, - info->cipher.aescbc.sz, - info->cipher.aescbc.out); -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT Encrypt:%x\n", vlt_rc); -#endif - -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[4]=now(); -#endif - /* Update CBC state in AES */ - const byte *last_block = info->cipher.aescbc.out + - (blocks - 1) * AES_BLOCK_SIZE; - memcpy(aes->reg, last_block, AES_BLOCK_SIZE); - } else { - vlt_rc=VltInitializeAlgorithm( - CCBVAULTIC_WOLFSSL_GRPID, - CCBVAULTIC_TMPAES_KEYID, - VLT_DECRYPT_MODE, - &aescbc_algo_params); -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT InitAlgo:%x\n", vlt_rc); -#endif - -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[3]=now(); -#endif - vlt_rc=VltDecrypt( - info->cipher.aescbc.sz, - info->cipher.aescbc.in, - &out_len, - info->cipher.aescbc.sz, - info->cipher.aescbc.out); -#if defined(CCBVAULTIC_DEBUG_ALL) - printf(" VLT Decrypt:%x\n", vlt_rc); -#endif - -#ifdef CCBVAULTIC_DEBUG_TIMING - ts[4]=now(); -#endif - /* Update CBC state in AES */ - const byte *last_block = info->cipher.aescbc.in + - (blocks - 1) * AES_BLOCK_SIZE; - memcpy(aes->reg, last_block, AES_BLOCK_SIZE); - } - -#ifdef CCBVAULTIC_DEBUG_TIMING - printf(" AES Encrypt(%d) Times(us): DltKey:%lu PutKey:%lu " - "InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu\n", - encrypt, - (ts[1]-ts[0])/1000, - (ts[2]-ts[1])/1000, - (ts[3]-ts[2])/1000, - (ts[4]-ts[3])/1000, - info->cipher.aescbc.sz, out_len); -#endif - /* Update return value to indicate success */ - rc=0; + /* Check number of blocks */ + blocks = info->cipher.aescbc.sz / AES_BLOCK_SIZE; + if (blocks == 0) { + /* Success! Nothing to do */ + rc = 0; + break; } + + /* Initialize Algo for AES-CBC */ + aescbc_algo_params.u8AlgoID = VLT_ALG_CIP_AES; + aescbc_algo_params.data.SymCipher.enMode = BLOCK_MODE_CBC; + aescbc_algo_params.data.SymCipher.enPadding = PADDING_NONE; + aescbc_algo_params.data.SymCipher.u8IvLength = AES_BLOCK_SIZE; + /* Copy in the previous cipher block */ + XMEMCPY(aescbc_algo_params.data.SymCipher.u8Iv, + aes->reg, AES_BLOCK_SIZE); + if (encrypt) { + /* Last cipher text block is within out */ + last_block = info->cipher.aescbc.out + + (blocks - 1) * AES_BLOCK_SIZE; + vlt_mode = VLT_ENCRYPT_MODE; + } + else { + /* Last cipher text block is within in */ + last_block = info->cipher.aescbc.in + + (blocks - 1) * AES_BLOCK_SIZE; + vlt_mode = VLT_DECRYPT_MODE; + } + + /* Check if key is not the same as last time */ + if ((c->aescbc_key == NULL) || + (c->aescbc_keylen != aes->keylen) || + (XMEMCMP(c->aescbc_key, aes->devKey, aes->keylen))) { +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" New AES Key: ckey:%p clen:%lu akey:%p alen:%u\n", + c->aescbc_key,c->aescbc_keylen, aes->devKey, aes->keylen); + hexdump((void*)aes->devKey, aes->keylen); +#endif + /* Free the current key buffer if necessary */ + if (c->aescbc_key != NULL) { + XFREE(c->aescbc_key, NULL, NULL); + c->aescbc_key = NULL; + c->aescbc_keylen = 0; + } + + /* Allocate key buffer */ + c->aescbc_key = XMALLOC(aes->keylen, NULL, NULL); + if (c->aescbc_key == NULL) { +#if defined(CCBVAULTIC_DEBUG) + XPRINTF(" Failed to allocate new AES Key of size:%u\n", + aes->keylen); +#endif + break; + } + + /* Copy key into buffer */ + c->aescbc_keylen = aes->keylen; + XMEMCPY(c->aescbc_key, aes->devKey, aes->keylen); + + /* Set tmpAesKey privileges */ + keyPrivileges.u8Read = VAULTIC_KP_ALL; + keyPrivileges.u8Write = VAULTIC_KP_ALL; + keyPrivileges.u8Delete = VAULTIC_KP_ALL; + keyPrivileges.u8Execute = VAULTIC_KP_ALL; + + /* Set tmpAesKey data values */ + tmpAesKey.enKeyID = VLT_KEY_AES_128; + tmpAesKey.data.SecretKey.u8Mask = 0; + tmpAesKey.data.SecretKey.u16KeyLength = c->aescbc_keylen; + tmpAesKey.data.SecretKey.pu8Key = (VLT_PU8)(c->aescbc_key); + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[0] = XNOW(); +#endif + /* Try to delete the tmp aes key. Ignore errors here */ + VltDeleteKey( + CCBVAULTIC_WOLFSSL_GRPID, + CCBVAULTIC_TMPAES_KEYID); + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[1] = XNOW(); +#endif + /* Putkey aes->devKey, aes->keylen */ + c->vlt_rc = VltPutKey( + CCBVAULTIC_WOLFSSL_GRPID, + CCBVAULTIC_TMPAES_KEYID, + &keyPrivileges, + &tmpAesKey); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VLT PutKey:%x\n", c->vlt_rc); + hexdump(c->aescbc_key, c->aescbc_keylen); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + } + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[2] = XNOW(); +#endif + c->vlt_rc = VltInitializeAlgorithm( + CCBVAULTIC_WOLFSSL_GRPID, + CCBVAULTIC_TMPAES_KEYID, + vlt_mode, + &aescbc_algo_params); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VLT InitAlgo:%x\n", c->vlt_rc); +#endif + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[3] = XNOW(); +#endif + /* Perform encrypt/decrypt*/ + if (encrypt) { + c->vlt_rc = VltEncrypt( + info->cipher.aescbc.sz, + info->cipher.aescbc.in, + &out_len, + info->cipher.aescbc.sz, + info->cipher.aescbc.out); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VLT Encrypt:%x\n", c->vlt_rc); +#endif + } else { + c->vlt_rc = VltDecrypt( + info->cipher.aescbc.sz, + info->cipher.aescbc.in, + &out_len, + info->cipher.aescbc.sz, + info->cipher.aescbc.out); +#if defined(CCBVAULTIC_DEBUG_ALL) + XPRINTF(" VLT Decrypt:%x\n", c->vlt_rc); +#endif + } + rc = translateError(c->vlt_rc); + if (rc != 0) + break; + + /* Update state in AES CBC */ + XMEMCPY(aes->reg, last_block, AES_BLOCK_SIZE); + +#ifdef CCBVAULTIC_DEBUG_TIMING + ts[4] = XNOW(); + XPRINTF(" AES Encrypt(%d) Times(us): DltKey:%lu PutKey:%lu " + "InitAlgo:%lu Encrypt:%lu InSize:%u OutSize:%lu\n", + encrypt, + (ts[1]-ts[0])/1000, + (ts[2]-ts[1])/1000, + (ts[3]-ts[2])/1000, + (ts[4]-ts[3])/1000, + info->cipher.aescbc.sz, out_len); +#endif + #endif /* CCBVAULTIC_NO_AES */ - break; + }; break; case WC_CIPHER_AES_GCM: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback AES_GCM\n"); + XPRINTF(" HandleCipherCallback AES_GCM\n"); #endif break; case WC_CIPHER_AES_CTR: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback AES_CTR\n"); + XPRINTF(" HandleCipherCallback AES_CTR\n"); #endif break; case WC_CIPHER_AES_XTS: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback AES_XTS\n"); + XPRINTF(" HandleCipherCallback AES_XTS\n"); #endif break; case WC_CIPHER_AES_CFB: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback AES_CFB\n"); + XPRINTF(" HandleCipherCallback AES_CFB\n"); #endif break; case WC_CIPHER_AES_CCM: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback AES_CCM\n"); + XPRINTF(" HandleCipherCallback AES_CCM\n"); #endif break; case WC_CIPHER_AES_ECB: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback AES_ECB\n"); + XPRINTF(" HandleCipherCallback AES_ECB\n"); #endif break; default: #if defined(CCBVAULTIC_DEBUG_ALL) - printf(" HandleCipherCallback UNKNOWN\n"); + XPRINTF(" HandleCipherCallback UNKNOWN\n"); #endif break; } return rc; } +#endif /* WOLF_CRYPTO_CB */ #endif /* HAVE_CCBVAULTIC */ diff --git a/ccb_vaultic/ccb_vaultic.h b/ccb_vaultic/ccb_vaultic.h index d4993ee4..f3d8d4db 100644 --- a/ccb_vaultic/ccb_vaultic.h +++ b/ccb_vaultic/ccb_vaultic.h @@ -21,14 +21,11 @@ #ifndef CCB_VAULTIC_H #define CCB_VAULTIC_H -#include "ccb_vaultic_defs.h" -#include "wolfssl/options.h" +/* VaultIC DevID MSBs are ASCII "VI" */ +#define CCBVAULTIC_DEVID (0x56490000ul) +#define CCBVAULTIC420_DEVID (CCBVAULTIC_DEVID + 0x0420) -#if !defined(WOLF_CRYPTO_CB) -#error "Missing WOLF_CRYPTO_CB. Reconfigure wolfssl with --enable-cryptocb" -#endif - -#include "wolfssl/wolfcrypt/cryptocb.h" +#ifdef HAVE_CCBVAULTIC /* * Implementation of wolfCrypt cryptocb callbacks @@ -53,6 +50,12 @@ typedef struct { size_t aescbc_keylen; } ccbVaultIc_Context; +/* ccbVaultIc_Context static initializer */ +#define CCBVAULTIC_CONTEXT_INITIALIZER \ + { \ + .initialized = 0 \ + } + /* Initialize the Wisekey VaultIC library and clear the context. * Returns: 0 on success * BAD_FUNC_ARGS with NULL context @@ -64,12 +67,15 @@ int ccbVaultIc_Init(ccbVaultIc_Context *c); /* Close the Wisekey VaultIC library. */ void ccbVaultIc_Cleanup(ccbVaultIc_Context *c); +#ifdef WOLF_CRYPTO_CB +#include "wolfssl/wolfcrypt/cryptocb.h" /* For wc_CryptInfo */ + /* Register this callback and associate with a context using: - * ccbVaultIc_Context ctx={0}; + * ccbVaultIc_Context ctx=CCBVAULTIC_CONTEXT_INITIALIZER; * ccbVaultIc_Init(&ctx); * wc_CryptoCb_RegisterDevice( * CCBVAULTIC420_DEVID, - * ccbVaultIc_CryptoDevCb, + * ccbVaultIc_CryptoCb, * &ctx); * wc_Aes aes={0}; * wc_AesInit(&aes, NULL, CCBVAULTIC420_DEVID); @@ -77,8 +83,11 @@ void ccbVaultIc_Cleanup(ccbVaultIc_Context *c); * CRYPTOCB_UNAVAILABLE if not initialized or not implemented * MEMORY_E if memory allocation fails */ -int ccbVaultIc_CryptoDevCb(int devId, - wc_CryptoInfo* info, - void* ctx); +int ccbVaultIc_CryptoCb(int devId, + wc_CryptoInfo* info, + void* ctx); +#endif /* WOLF_CRYPTO_CB */ + +#endif /* HAVE_CCBVAULTIC */ #endif /* CCB_VAULTIC_H_ */ diff --git a/ccb_vaultic/ccb_vaultic_defs.h b/ccb_vaultic/ccb_vaultic_defs.h deleted file mode 100644 index 76da23ed..00000000 --- a/ccb_vaultic/ccb_vaultic_defs.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * ccb_vaultic_defs.h - * - * Copyright (C) 2023 wolfSSL Inc. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#ifndef CCB_VAULTIC_DEFS_H -#define CCB_VAULTIC_DEFS_H - -/* VaultIC DevID MSBs are ASCII "VI" */ -#define CCBVAULTIC_DEVID (0x56490000ul) -#define CCBVAULTIC420_DEVID (CCBVAULTIC_DEVID + 0x0420) - -/* Key/Group ID's to support temporary wolfSSL usage */ -#define CCBVAULTIC_WOLFSSL_GRPID 0xBB -#define CCBVAULTIC_TMPAES_KEYID 0x01 -#define CCBVAULTIC_TMPHMAC_KEYID 0x02 -#define CCBVAULTIC_TMPRSA_KEYID 0x03 - -#endif diff --git a/ccb_vaultic/main-bench.c b/ccb_vaultic/main-bench.c index e15bc6c7..b4875b76 100644 --- a/ccb_vaultic/main-bench.c +++ b/ccb_vaultic/main-bench.c @@ -17,43 +17,98 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#include +#ifndef WOLFSSL_USER_SETTINGS + #include "wolfssl/options.h" +#endif +#include "wolfssl/wolfcrypt/settings.h" /* For X-defines */ -#include "wolfssl/options.h" -#include "wolfssl/ssl.h" +/* wolfCrypt includes */ +#include "wolfssl/wolfcrypt/wc_port.h" /* For Init/Cleanup */ + +#ifdef WOLF_CRYPTO_CB +#include "wolfssl/wolfcrypt/cryptocb.h" /* For Register/Unregister */ +#endif + +#ifdef HAVE_CCBVAULTIC +#include "ccb_vaultic.h" /* For devId and cryptocb */ +#endif + +/* Local include */ #include "wolfcrypt/benchmark/benchmark.h" -#include "ccb_vaultic.h" - int main(int argc, char **argv) { - (void)argc; (void)argv; + (void)argc; + (void)argv; - int rc=0; + int rc = 0; - /* Initialize wolfSSL and wolfCrypt */ - rc=wolfSSL_Init(); - if(rc!=WOLFSSL_SUCCESS) { - fprintf(stderr, "Failed to initialize wolfSSL: %d\n", rc); - return(rc); + /* Initialize wolfCrypt */ + rc = wolfCrypt_Init(); + if (rc == 0) { + +#ifdef WOLF_CRYPTO_CB + /* Allocate/initialize context */ + void* ctx = NULL; + #ifndef WOLF_CRYPTO_CB_CMD + /* External allocation/initialization of hardware context */ + #ifdef HAVE_CCBVAULTIC + static ccbVaultIc_Context ctx_storage = CCBVAULTIC_CONTEXT_INITIALIZER; + ctx = &ctx_storage; + rc = ccbVaultIc_Init(ctx); + #else + /* Add other elif hardware here */ + #endif + #endif /* WOLF_CRYPTO_CB_CMD */ + + if (rc == 0) { + /* Setup callback and devId */ + int devId = INVALID_DEVID; + CryptoDevCallbackFunc ccb = NULL; + #ifdef HAVE_CCBVAULTIC + devId = CCBVAULTIC420_DEVID; + ccb = ccbVaultIc_CryptoCb; + #else + /* Add other elif hardware here */ + #endif + + /* Register cryptocb */ + rc = wc_CryptoCb_RegisterDevice( + devId, + ccb, + ctx); +#endif /* WOLF_CRYPTO_CB */ + + if (rc == 0) { + /* Run benchmarks */ + rc = benchmark_test(NULL); + +#ifdef WOLF_CRYPTO_CB + /* Unregister the callback */ + wc_CryptoCb_UnRegisterDevice(devId); +#endif + } else { + printf("Failed to register cryptocb:%d (%x) "\ + " with devId:%x ccb:%p\n", + rc, rc, devId, ccb); + } + +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_CMD + /* External deallocation of hardware context */ + #ifdef HAVE_CCBVAULTIC + ccbVaultIc_Cleanup(ctx); + #else + /* Add other hardware cleanup here */ + #endif + #endif +#endif + } else { + printf(" Failed to initialize hardware: %d (%x)\n", rc, rc); + } + wolfCrypt_Cleanup(); + }else { + printf("Failed to initialize wolfCrypt: %d (%x)\n", rc, rc); } - - /* Register VaultIC as cryptocb */ - rc = wc_CryptoCb_RegisterDevice(CCBVAULTIC420_DEVID, - ccbVaultIc_CryptoDevCb, NULL); - if(rc) { - fprintf(stderr, "Failed to register cryptocb: %d\n", rc); - wolfSSL_Cleanup(); - return(rc); - } - - /* Run benchmarks */ - benchmark_test(NULL); - - wc_CryptoCb_UnRegisterDevice(CCBVAULTIC420_DEVID); - wolfSSL_Cleanup(); - - return 0; - - + return rc; } diff --git a/ccb_vaultic/main-test.c b/ccb_vaultic/main-test.c index da060ba4..953af907 100644 --- a/ccb_vaultic/main-test.c +++ b/ccb_vaultic/main-test.c @@ -17,41 +17,98 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#include "wolfssl/options.h" +#ifndef WOLFSSL_USER_SETTINGS + #include "wolfssl/options.h" +#endif +#include "wolfssl/wolfcrypt/settings.h" /* For X-defines */ -#include "wolfssl/ssl.h" +/* wolfCrypt includes */ +#include "wolfssl/wolfcrypt/wc_port.h" /* For Init/Cleanup */ + +#ifdef WOLF_CRYPTO_CB +#include "wolfssl/wolfcrypt/cryptocb.h" /* For Register/Unregister */ +#endif + +#ifdef HAVE_CCBVAULTIC +#include "ccb_vaultic.h" /* For devId and cryptocb */ +#endif + +/* Local include */ #include "wolfcrypt/test/test.h" -#include -#include - -#include "ccb_vaultic.h" - int main(int argc, char **argv) { - (void)argc; (void)argv; + (void)argc; + (void)argv; - int rc=0; + int rc = 0; - /* Initialize wolfSSL and wolfCrypt */ - rc=wolfSSL_Init(); - if(rc!=WOLFSSL_SUCCESS) { - fprintf(stderr, "Failed to initialize wolfSSL: %d\n", rc); - return(rc); + /* Initialize wolfCrypt */ + rc = wolfCrypt_Init(); + if (rc == 0) { + +#ifdef WOLF_CRYPTO_CB + /* Allocate/initialize context */ + void* ctx = NULL; + #ifndef WOLF_CRYPTO_CB_CMD + /* External allocation/initialization of hardware context */ + #ifdef HAVE_CCBVAULTIC + static ccbVaultIc_Context ctx_storage = CCBVAULTIC_CONTEXT_INITIALIZER; + ctx = &ctx_storage; + rc = ccbVaultIc_Init(ctx); + #else + /* Add other elif hardware here */ + #endif + #endif /* WOLF_CRYPTO_CB_CMD */ + + if (rc == 0) { + /* Setup callback and devId */ + int devId = INVALID_DEVID; + CryptoDevCallbackFunc ccb = NULL; + #ifdef HAVE_CCBVAULTIC + devId = CCBVAULTIC420_DEVID; + ccb = ccbVaultIc_CryptoCb; + #else + /* Add other elif hardware here */ + #endif + + /* Register cryptocb */ + rc = wc_CryptoCb_RegisterDevice( + devId, + ccb, + ctx); +#endif /* WOLF_CRYPTO_CB */ + + if (rc == 0) { + /* Run tests */ + rc = wolfcrypt_test(NULL); + +#ifdef WOLF_CRYPTO_CB + /* Unregister the callback */ + wc_CryptoCb_UnRegisterDevice(devId); +#endif + } else { + printf("Failed to register cryptocb:%d (%x) "\ + " with devId:%x ccb:%p\n", + rc, rc, devId, ccb); + } + +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_CMD + /* External deallocation of hardware context */ + #ifdef HAVE_CCBVAULTIC + ccbVaultIc_Cleanup(ctx); + #else + /* Add other hardware cleanup here */ + #endif + #endif +#endif + } else { + printf(" Failed to initialize hardware: %d (%x)\n", rc, rc); + } + wolfCrypt_Cleanup(); + }else { + printf("Failed to initialize wolfCrypt: %d (%x)\n", rc, rc); } - /* Register VaultIC as cryptocb */ - rc = wc_CryptoCb_RegisterDevice(CCBVAULTIC420_DEVID, - ccbVaultIc_CryptoDevCb, NULL); - if(rc) { - fprintf(stderr, "Failed to register cryptocb: %d\n", rc); - wolfSSL_Cleanup(); - return(rc); - } - - wolfcrypt_test(NULL); - - wc_CryptoCb_UnRegisterDevice(CCBVAULTIC420_DEVID); - wolfSSL_Cleanup(); - - return 0; + return rc; }