From 6e60871aafd9c8e2483cb5c9fb85af698f169993 Mon Sep 17 00:00:00 2001 From: John Bland Date: Tue, 9 Apr 2024 14:14:56 -0400 Subject: [PATCH] update hsmReadKey to make meta and data optional --- src/wh_server_crypto.c | 6 ++--- src/wh_server_keystore.c | 50 +++++++++++++++++++++--------------- wolfhsm/wh_server_keystore.h | 2 +- 3 files changed, 33 insertions(+), 25 deletions(-) diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c index 201c3815..e435ae15 100644 --- a/src/wh_server_crypto.c +++ b/src/wh_server_crypto.c @@ -50,14 +50,14 @@ static int hsmLoadKeyCurve25519(whServerContext* server, curve25519_key* key, wh int ret; uint32_t privSz = CURVE25519_KEYSIZE; uint32_t pubSz = CURVE25519_KEYSIZE; - whNvmMetadata meta[1] = {0}; + uint32_t size = privSz + pubSz; byte keyBuf[CURVE25519_KEYSIZE * 2]; - ret = hsmReadKey(server, keyId, meta, keyBuf, privSz + pubSz); + ret = hsmReadKey(server, keyId, NULL, keyBuf, &size); /* decode the key */ if (ret == 0) ret = wc_curve25519_import_public(keyBuf, pubSz, key); /* only import private if what we got back holds 2 keys */ - if (ret == 0 && meta->len == CURVE25519_KEYSIZE * 2) + if (ret == 0 && size == CURVE25519_KEYSIZE * 2) ret = wc_curve25519_import_private(keyBuf + pubSz, privSz, key); return ret; } diff --git a/src/wh_server_keystore.c b/src/wh_server_keystore.c index 55b5bef3..8ebc8101 100644 --- a/src/wh_server_keystore.c +++ b/src/wh_server_keystore.c @@ -89,38 +89,47 @@ int hsmCacheKey(whServerContext* server, whNvmMetadata* meta, uint8_t* in) return 0; } -int hsmReadKey(whServerContext* server, whKeyId keyId, whNvmMetadata* meta, - uint8_t* out, uint32_t outLen) +int hsmReadKey(whServerContext* server, whKeyId keyId, whNvmMetadata* outMeta, + uint8_t* out, uint32_t* outSz) { int ret = 0; int i; + whNvmMetadata meta[1] = {0}; /* make sure id is valid */ - if (server == NULL || out == NULL || keyId == WOLFHSM_ID_ERASED) + if (server == NULL || keyId == WOLFHSM_ID_ERASED || outSz == NULL) return WH_ERROR_BADARGS; /* check the cache */ for (i = 0; i < WOLFHSM_NUM_RAMKEYS; i++) { /* copy the meta and key before returning */ if (server->cache[i].meta->id == keyId) { - /* check outLen */ - if (server->cache[i].meta->len > outLen) + /* check outSz */ + if (server->cache[i].meta->len > *outSz) return WH_ERROR_NOSPACE; - if (meta != NULL) { - XMEMCPY((uint8_t*)meta, (uint8_t*)server->cache[i].meta, + if (outMeta != NULL) { + XMEMCPY((uint8_t*)outMeta, (uint8_t*)server->cache[i].meta, sizeof(whNvmMetadata)); } - XMEMCPY(out, server->cache[i].buffer, meta->len); + if (out != NULL) { + XMEMCPY(out, server->cache[i].buffer, + server->cache[i].meta->len); + } + *outSz = server->cache[i].meta->len; return 0; } } /* try to read the metadata */ - if (meta != NULL) - ret = wh_Nvm_GetMetadata(server->nvm, keyId, meta); - /* read the object */ - if (ret == 0) - ret = wh_Nvm_Read(server->nvm, keyId, 0, outLen, out); + ret = wh_Nvm_GetMetadata(server->nvm, keyId, meta); + if (ret == 0) { + /* set outSz */ + *outSz = meta->len; + /* read the object */ + if (out != NULL) + ret = wh_Nvm_Read(server->nvm, keyId, 0, *outSz, out); + } /* cache key if free slot, will only kick out other commited keys */ - if (ret == 0) + if (ret == 0 && out != NULL) { hsmCacheKey(server, meta, out); + } #ifdef WOLFHSM_SHE_EXTENSION /* use empty string if we couldn't find the master ecu key */ if (ret != 0 && keyId == WOLFHSM_SHE_MASTER_ECU_KEY_ID) { @@ -201,6 +210,7 @@ int wh_Server_HandleKeyRequest(whServerContext* server, uint8_t* data, uint16_t* size) { int ret = 0; + uint32_t field; uint8_t* in; uint8_t* out; whPacket* packet = (whPacket*)data; @@ -255,20 +265,18 @@ int wh_Server_HandleKeyRequest(whServerContext* server, case WH_KEY_EXPORT: /* out is after fixed size fields */ out = (uint8_t*)(&packet->keyExportRes + 1); - /* set the id */ - meta->id = packet->keyExportReq.id; + field = WH_COMM_MTU - (WOLFHSM_PACKET_STUB_SIZE + + sizeof(packet->keyExportRes)); /* read the key */ - ret = hsmReadKey(server, packet->keyExportReq.id, meta, out, - WH_COMM_MTU - (WOLFHSM_PACKET_STUB_SIZE + - sizeof(packet->keyExportRes))); + ret = hsmReadKey(server, packet->keyExportReq.id, meta, out, &field); if (ret == 0) { /* set key len */ - packet->keyExportRes.len = meta->len; + packet->keyExportRes.len = field; /* set label */ XMEMCPY(packet->keyExportRes.label, meta->label, sizeof(meta->label)); *size = WOLFHSM_PACKET_STUB_SIZE + sizeof(packet->keyExportRes) + - meta->len; + field; } break; case WH_KEY_COMMIT: diff --git a/wolfhsm/wh_server_keystore.h b/wolfhsm/wh_server_keystore.h index 4866b5e9..776314ad 100644 --- a/wolfhsm/wh_server_keystore.h +++ b/wolfhsm/wh_server_keystore.h @@ -6,7 +6,7 @@ int hsmGetUniqueId(whServerContext* server); int hsmCacheKey(whServerContext* server, whNvmMetadata* meta, uint8_t* in); int hsmReadKey(whServerContext* server, whKeyId keyId, whNvmMetadata* meta, - uint8_t* out, uint32_t outLen); + uint8_t* out, uint32_t* outSz); int hsmEvictKey(whServerContext* server, uint16_t keyId); int hsmCommitKey(whServerContext* server, uint16_t keyId); int hsmEraseKey(whServerContext* server, whNvmId keyId);