Merge pull request #10 from bigbrett/server-ccb-support

Server-side crypto callback support
wolfSSL · Mar 22, 2024 · 43165b3 · 43165b3
2 parents f26929d + e651636
commit 43165b3
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 21 deletions.
diff --git a/src/wh_server.c b/src/wh_server.c
@@ -53,26 +53,54 @@ static int _wh_Server_HandleCustomRequest(whServerContext* server,
 int wh_Server_Init(whServerContext* server, whServerConfig* config)
 {
     int rc = 0;
+
     if ((server == NULL) || (config == NULL)) {
         return WH_ERROR_BADARGS;
     }
 
     memset(server, 0, sizeof(*server));
-    if (
-        ((rc = wolfCrypt_Init()) == 0) &&
-        ((rc = wc_InitRng_ex(server->crypto->rng, NULL, INVALID_DEVID)) == 0)) {
-        rc = wh_Nvm_Init(server->nvm, config->nvm_config);
-        if (rc == 0) {
-            server->nvm->cb = config->nvm_config->cb;
-            server->nvm->context = config->nvm_config->context;
 
-            rc = wh_CommServer_Init(server->comm, config->comm_config);
-            if (rc == 0) {
-                /* All good */
-            }
+    rc = wolfCrypt_Init();
+    if (rc != 0) {
+        (void)wh_Server_Cleanup(server);
+        return WH_ERROR_ABORTED;
+    }
+    server->flags.wcInitFlag = true;
+
+#if defined(WOLF_CRYPTO_CB)
+    server->crypto->devId = config->devId;
+    if (config->cryptocb != NULL) {
+        /* register the crypto callback with wolSSL */
+        rc = wc_CryptoCb_RegisterDevice(server->crypto->devId,
+                                        config->cryptocb,
+                                        NULL);
+        if (rc != 0) {
+            (void)wh_Server_Cleanup(server);
+            return WH_ERROR_ABORTED;
         }
-    } else {
-        wh_Server_Cleanup(server);
+    }
+#else
+    server->crypto->devId = INVALID_DEVID;
+#endif
+    server->flags.wcDevIdInitFlag = true;
+
+    rc = wc_InitRng_ex(server->crypto->rng, NULL, server->crypto->devId);
+    if (rc != 0) {
+        (void)wh_Server_Cleanup(server);
+        return WH_ERROR_ABORTED;
+    }
+    server->flags.wcRngInitFlag = true;
+
+    rc = wh_Nvm_Init(server->nvm, config->nvm_config);
+    if (rc != 0) {
+        (void)wh_Server_Cleanup(server);
+        return WH_ERROR_ABORTED;
+    }
+
+    rc = wh_CommServer_Init(server->comm, config->comm_config);
+    if (rc != 0) {
+        (void)wh_Server_Cleanup(server);
+        return WH_ERROR_ABORTED;
     }
     return rc;
 }
@@ -85,10 +113,24 @@ int wh_Server_Cleanup(whServerContext* server)
 
     (void)wh_CommServer_Cleanup(server->comm);
     (void)wh_Nvm_Cleanup(server->nvm);
-    (void)wc_FreeRng(server->crypto->rng);
-    (void)wolfCrypt_Cleanup();
+
+#if defined(WOLF_CRYPTO_CB)
+    if (server->flags.wcDevIdInitFlag &&
+        server->crypto->devId != INVALID_DEVID) {
+        (void)wc_CryptoCb_UnRegisterDevice(server->crypto->devId);
+    }
+#endif
+
+    if (server->flags.wcRngInitFlag) {
+        (void)wc_FreeRng(server->crypto->rng);
+    }
+
+    if (server->flags.wcInitFlag) {
+        (void)wolfCrypt_Cleanup();
+    }
 
     memset(server, 0, sizeof(*server));
+
     return 0;
 }
 
@@ -226,7 +268,7 @@ int wh_Server_HandleRequestMessage(whServerContext* server)
         break;
 
         case WH_MESSAGE_GROUP_CRYPTO:
-            rc = _wh_Server_HandleCryptoRequest(server, action, data, &size);
+            rc = wh_Server_HandleCryptoRequest(server, action, data, &size);
         break;
 
         case WH_MESSAGE_GROUP_PKCS11:

diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
@@ -228,7 +228,7 @@ static int hsmLoadKeyCurve25519(whServerContext* server, curve25519_key* key, ui
     return ret;
 }
 
-int _wh_Server_HandleCryptoRequest(whServerContext* server,
+int wh_Server_HandleCryptoRequest(whServerContext* server,
     uint16_t action, uint8_t* data, uint16_t* size)
 {
     int ret = 0;
@@ -250,7 +250,7 @@ int _wh_Server_HandleCryptoRequest(whServerContext* server,
         case WC_PK_TYPE_CURVE25519_KEYGEN:
             /* init private key */
             ret = wc_curve25519_init_ex(server->crypto->curve25519Private, NULL,
-                INVALID_DEVID);
+                server->crypto->devId);
             /* make the key */
             if (ret == 0) {
                 ret = wc_curve25519_make_key(server->crypto->rng,
@@ -277,10 +277,10 @@ int _wh_Server_HandleCryptoRequest(whServerContext* server,
             out = (uint8_t*)(&packet->pkCurve25519Res + 1);
             /* init ecc key */
             ret = wc_curve25519_init_ex(server->crypto->curve25519Private, NULL,
-                INVALID_DEVID);
+                server->crypto->devId);
             if (ret == 0) {
                 ret = wc_curve25519_init_ex(server->crypto->curve25519Public,
-                    NULL, INVALID_DEVID);
+                    NULL, server->crypto->devId);
             }
             /* load the private key */
             if (ret == 0) {

diff --git a/wolfhsm/wh_server.h b/wolfhsm/wh_server.h
@@ -7,6 +7,7 @@
  */
 
 #include <stdint.h>
+#include <stdbool.h>
 
 #include "wolfhsm/wh_common.h"
 #include "wolfhsm/wh_comm.h"
@@ -15,6 +16,7 @@
 #include "wolfssl/wolfcrypt/settings.h"
 #include "wolfssl/wolfcrypt/random.h"
 #include "wolfssl/wolfcrypt/curve25519.h"
+#include "wolfssl/wolfcrypt/cryptocb.h"
 
 typedef struct CacheSlot {
     uint8_t commited;
@@ -23,13 +25,21 @@ typedef struct CacheSlot {
 } CacheSlot;
 
 typedef struct {
+    int devId;
     curve25519_key curve25519Private[1];
     curve25519_key curve25519Public[1];
     WC_RNG rng[1];
 } crypto_context;
 
+typedef struct {
+    bool wcInitFlag: 1;
+    bool wcRngInitFlag: 1;
+    bool wcDevIdInitFlag: 1;
+} whServerFlags;
+
 /* Context structure to maintain the state of an HSM server */
 typedef struct whServerContext_t {
+    whServerFlags flags;
     whCommServer comm[1];
     whNvmContext nvm[1];
     crypto_context crypto[1];
@@ -39,6 +49,10 @@ typedef struct whServerContext_t {
 typedef struct whServerConfig_t {
     whCommServerConfig* comm_config;
     whNvmConfig* nvm_config;
+#if defined WOLF_CRYPTO_CB /* TODO: should we be relying on wolfSSL defines? */
+    int devId;
+    CryptoDevCallbackFunc cryptocb;
+#endif
 } whServerConfig;
 
 /* Initialize the nvm, crypto, and comms, components.

diff --git a/wolfhsm/wh_server_crypto.h b/wolfhsm/wh_server_crypto.h
@@ -1,6 +1,10 @@
 #ifndef WOLFHSM_WH_SERVER_CRYPTO_H
 #define WOLFHSM_WH_SERVER_CRYPTO_H
+
 #include "wolfhsm/wh_server.h"
-int _wh_Server_HandleCryptoRequest(whServerContext* server,
+
+int wh_Server_HandleCryptoRequest(whServerContext* server,
     uint16_t action, uint8_t* data, uint16_t* size);
+
+
 #endif