rebase and fix bad key cache size

wolfSSL · Apr 12, 2024 · e80b8b7 · e80b8b7
1 parent 2a54f37
commit e80b8b7
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 24 deletions.
diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
@@ -40,19 +40,18 @@ static int hsmCacheKeyRsa(whServerContext* server, RsaKey* key)
     return ret;
 }
 
-static int hsmLoadKeyRsa(whServerContext* server, RsaKey* key, uint16_t keyId)
+static int hsmLoadKeyRsa(whServerContext* server, RsaKey* key, whKeyId keyId)
 {
     int ret;
     uint32_t idx = 0;
-    whNvmMetadata meta[1] = {0};
+    uint32_t size;
     byte keyBuf[2048];
     /* retrieve the key */
-    meta->id = keyId;
-    meta->len = sizeof(keyBuf);
-    ret = hsmReadKey(server, meta, keyBuf);
+    size = sizeof(keyBuf);
+    ret = hsmReadKey(server, keyId, NULL, keyBuf, &size);
     /* decode the key */
     if (ret == 0)
-        ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, key, meta->len);
+        ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, key, size);
 
     return ret;
 }
@@ -62,7 +61,7 @@ static int hsmCacheKeyCurve25519(whServerContext* server, curve25519_key* key)
     int ret;
     word32 privSz = CURVE25519_KEYSIZE;
     word32 pubSz = CURVE25519_KEYSIZE;
-    whNvmMetadata meta[1] = {{0}};
+    whNvmMetadata meta[1] = {0};
     byte keyBuf[CURVE25519_KEYSIZE * 2];
     /* store public, then private so that loading an external public only key
      * will work along with our keys */
@@ -73,7 +72,6 @@ static int hsmCacheKeyCurve25519(whServerContext* server, curve25519_key* key)
         ret = hsmGetUniqueId(server);
     }
     if (ret > 0) {
-        XMEMSET(meta, 0, sizeof(whNvmMetadata));
         meta->len = privSz + pubSz;
         meta->id = ret;
         ret = hsmCacheKey(server, meta, keyBuf);

diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c
@@ -241,12 +241,18 @@ int whTest_CryptoClientConfig(whClientConfig* config)
         printf("Failed to wc_RsaPrivateDecrypt %d\n", ret);
         goto exit;
     }
-#if 0
-    if((ret = wolfHSM_EvictKey(ctx, (uint32_t)rsa->devCtx)) != 0) {
-        printf("Failed to wolfHSM_EraseKey %d\n", ret);
-        return 1;
+    XMEMCPY((uint8_t*)&keyId, (uint8_t*)&rsa->devCtx, sizeof(keyId));
+    if ((ret = wh_Client_KeyEvictRequest(client, keyId)) != 0) {
+        WH_ERROR_PRINT("Failed to wh_Client_KeyEvictRequest %d\n", ret);
+        goto exit;
+    }
+    do {
+        ret = wh_Client_KeyEvictResponse(client);
+    } while (ret == WH_ERROR_NOTREADY);
+    if (ret != 0) {
+        WH_ERROR_PRINT("Failed to wh_Client_KeyEvictResponse %d\n", ret);
+        goto exit;
     }
-#endif
     if((ret = wc_FreeRsaKey(rsa)) != 0) {
         printf("Failed to wc_FreeRsaKey %d\n", ret);
         goto exit;
@@ -367,6 +373,16 @@ int whTest_CryptoServerConfig(whServerConfig* config)
             goto exit;
         }
     }
+    /* handle rsa */
+    for (i = 0; i < 4; i++) {
+        do {
+            ret = wh_Server_HandleRequestMessage(server);
+        } while (ret == WH_ERROR_NOTREADY);
+        if (ret != 0) {
+            WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
+            goto exit;
+        }
+    }
     /* handle curve */
     for (i = 0; i < 4; i++) {
         do {
@@ -407,39 +423,76 @@ static void* _whServerTask(void* cf)
         return NULL;
     }
 
-    ret = wh_Server_Init(server, config);
-    if (ret != 0) {
+    if ((ret = wh_Server_Init(server, config)) != 0) {
         printf("Failed to wh_Server_Init: %d", ret);
         return NULL;
     }
-    /* handle rng */
+
+    /* handle client rng */
     do {
         ret = wh_Server_HandleRequestMessage(server);
-        sleep(1);
     } while (ret == WH_ERROR_NOTREADY);
     if (ret != 0) {
-        printf("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
+        WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
         goto exit;
     }
+    /* handle cache/export */
+    for (i = 0; i < 2; i++) {
+        do {
+            ret = wh_Server_HandleRequestMessage(server);
+        } while (ret == WH_ERROR_NOTREADY);
+        if (ret != 0) {
+            WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
+            goto exit;
+        }
+    }
+    /* handle evict/export, expect not found */
+    for (i = 0; i < 2; i++) {
+        do {
+            ret = wh_Server_HandleRequestMessage(server);
+        } while (ret == WH_ERROR_NOTREADY);
+        if (ret != 0 && ret != WH_ERROR_NOTFOUND) {
+            WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
+            goto exit;
+        }
+    }
+    /* handle cache/commit/evict/export */
+    for (i = 0; i < 4; i++) {
+        do {
+            ret = wh_Server_HandleRequestMessage(server);
+        } while (ret == WH_ERROR_NOTREADY);
+        if (ret != 0) {
+            WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
+            goto exit;
+        }
+    }
+    /* handle erase/export, expect not found */
+    for (i = 0; i < 2; i++) {
+        do {
+            ret = wh_Server_HandleRequestMessage(server);
+        } while (ret == WH_ERROR_NOTREADY);
+        if (ret != 0 && ret != WH_ERROR_NOTFOUND) {
+            WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
+            goto exit;
+        }
+    }
     /* handle rsa */
-    for (i = 0; i < 5; i++) {
+    for (i = 0; i < 6; i++) {
         do {
             ret = wh_Server_HandleRequestMessage(server);
-            sleep(1);
         } while (ret == WH_ERROR_NOTREADY);
         if (ret != 0) {
-            printf("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
+            WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
             goto exit;
         }
     }
     /* handle curve25519 */
     for (i = 0; i < 4; i++) {
         do {
             ret = wh_Server_HandleRequestMessage(server);
-            sleep(1);
         } while (ret == WH_ERROR_NOTREADY);
         if (ret != 0) {
-            printf("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
+            WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret);
             goto exit;
         }
     }
@@ -545,6 +598,7 @@ static int wh_ClientServer_MemThreadTest(void)
        .comm_config = cs_conf,
        .nvm = nvm,
        .crypto = crypto,
+       .devId = INVALID_DEVID,
     }};
 
     WH_TEST_RETURN_ON_FAIL(wh_Nvm_Init(nvm, n_conf));

diff --git a/wolfhsm/wh_common.h b/wolfhsm/wh_common.h
@@ -20,7 +20,7 @@ enum {
     WOLFHSM_NUM_RAMKEYS = 2,        /* Number of RAM keys */
     WOLFHSM_NUM_NVMOBJECTS = 32,    /* Number of NVM objects in the directory */
     WOLFHSM_NUM_MANIFESTS = 8,      /* Number of compiletime manifests */
-    WOLFHSM_KEYCACHE_BUFSIZE = 512, /* Size in bytes of key cache buffer  */
+    WOLFHSM_KEYCACHE_BUFSIZE = 1200, /* Size in bytes of key cache buffer  */
 };