From 774c064e8879540ec8e230c2cba71e7e437acfba Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 21 Mar 2024 21:33:13 -0600 Subject: [PATCH 1/2] fixes for bare-metal compilation --- src/wh_server.c | 7 +- src/wh_server_she.c | 3 +- test/wh_test_crypto.c | 132 +++++++++++++++++++++++-------------- test/wh_test_crypto.h | 7 ++ wolfhsm/wh_common.h | 3 +- wolfhsm/wh_server.h | 4 +- wolfhsm/wh_server_crypto.h | 3 +- 7 files changed, 101 insertions(+), 58 deletions(-) diff --git a/src/wh_server.c b/src/wh_server.c index 9072c0cc..b701e78f 100644 --- a/src/wh_server.c +++ b/src/wh_server.c @@ -19,8 +19,10 @@ /* Server API's */ #include "wolfhsm/wh_server.h" #include "wolfhsm/wh_server_crypto.h" -#include "wolfhsm/wh_server_she.h" #include "wolfhsm/wh_server_internal.h" +#if defined(WOLFHSM_SHE_EXTENSION) +#include "wolfhsm/wh_server_she.h" +#endif /** Forward declarations. */ /* TODO: Move these out to separate C files */ @@ -58,8 +60,7 @@ int wh_Server_Init(whServerContext* server, whServerConfig* config) memset(server, 0, sizeof(*server)); if ( ((rc = wolfCrypt_Init()) == 0) && - ((rc = wc_InitRng_ex(server->crypto->rng, NULL, INVALID_DEVID)) == 0) && - 1) { + ((rc = wc_InitRng_ex(server->crypto->rng, NULL, INVALID_DEVID)) == 0)) { rc = wh_Nvm_Init(server->nvm, config->nvm_config); if (rc == 0) { server->nvm->cb = config->nvm_config->cb; diff --git a/src/wh_server_she.c b/src/wh_server_she.c index f88fad76..530ed9e2 100644 --- a/src/wh_server_she.c +++ b/src/wh_server_she.c @@ -1,3 +1,5 @@ +#if 0 + /* System libraries */ #include #include /* For NULL */ @@ -20,7 +22,6 @@ #include "wolfhsm/wh_server.h" #include "wolfhsm/wh_packet.h" -#if 0 const uint8_t WOLFHSM_SHE_KEY_UPDATE_ENC_C[] = {0x01, 0x01, 0x53, 0x48, 0x45, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xB0}; const uint8_t WOLFHSM_SHE_KEY_UPDATE_MAC_C[] = {0x01, 0x02, 0x53, 0x48, 0x45, diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c index 4ac519e5..2d710f1f 100644 --- a/test/wh_test_crypto.c +++ b/test/wh_test_crypto.c @@ -10,20 +10,27 @@ #include "wolfssl/wolfcrypt/settings.h" #include "wolfssl/wolfcrypt/random.h" -#include "wolfhsm/wh_common.h" -#include "wolfhsm/wh_error.h" - -#include "wolfhsm/wh_comm.h" -#include "wolfhsm/wh_transport_mem.h" +#if defined(WH_CONFIG) +#include "wh_config.h" +#endif +#include "wolfhsm/wh_error.h" #include "wolfhsm/wh_nvm.h" #include "wolfhsm/wh_nvm_flash.h" #include "wolfhsm/wh_flash_ramsim.h" - +#include "wolfhsm/wh_comm.h" +#include "wolfhsm/wh_message.h" #include "wolfhsm/wh_server.h" #include "wolfhsm/wh_client.h" +#include "wolfhsm/wh_transport_mem.h" -#include "wh_config.h" +#include "wh_test_common.h" + +#if defined(WH_CFG_TEST_POSIX) +#include /* For pthread_create/cancel/join/_t */ +#include "port/posix/posix_transport_tcp.h" +#include "port/posix/posix_flash_file.h" +#endif #if defined(WH_CFG_TEST_POSIX) #include /* For sleep */ @@ -33,18 +40,15 @@ #endif enum { - REPEAT_COUNT = 10, REQ_SIZE = 32, RESP_SIZE = 64, BUFFER_SIZE = 4096, - ONE_MS = 1000, }; -static void* _whClientTask(void *cf) +int whTest_CryptoClientConfig(whClientConfig* config) { whClientContext client[1] = {0}; - whClientConfig* config = (whClientConfig*)cf; int ret = 0; /* wolfcrypt */ WC_RNG rng[1]; @@ -56,104 +60,132 @@ static void* _whClientTask(void *cf) uint8_t sharedTwo[CURVE25519_KEYSIZE]; if (config == NULL) { - return NULL; + return WH_ERROR_BADARGS; } - ret = wh_Client_Init(client, config); - if (ret != 0) { - printf("Failed to wh_Client_Init: %d", ret); - return NULL; - } + WH_TEST_RETURN_ON_FAIL(wh_Client_Init(client, config)); + /* test rng */ if((ret = wc_InitRng_ex(rng, NULL, WOLFHSM_DEV_ID)) != 0) { - printf("Failed to wc_InitRng_ex %d\n", ret); + WH_ERROR_PRINT("Failed to wc_InitRng_ex %d\n", ret); goto exit; } + if((ret = wc_RNG_GenerateBlock(rng, key, sizeof(key))) != 0) { - printf("Failed to wc_RNG_GenerateBlock %d\n", ret); + WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); goto exit; } - printf("RNG SUCCESS\n"); + /* test curve25519 */ if ((ret = wc_curve25519_init_ex(curve25519PrivateKey, NULL, WOLFHSM_DEV_ID)) != 0) { - printf("Failed to wc_curve25519_init_ex %d\n", ret); + WH_ERROR_PRINT("Failed to wc_curve25519_init_ex %d\n", ret); goto exit; } + if ((ret = wc_curve25519_init_ex(curve25519PublicKey, NULL, WOLFHSM_DEV_ID)) != 0) { - printf("Failed to wc_curve25519_init_ex %d\n", ret); + WH_ERROR_PRINT("Failed to wc_curve25519_init_ex %d\n", ret); goto exit; } + if ((ret = wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, curve25519PrivateKey)) != 0) { - printf("Failed to wc_curve25519_make_key %d\n", ret); + WH_ERROR_PRINT("Failed to wc_curve25519_make_key %d\n", ret); goto exit; } + if ((ret = wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, curve25519PublicKey)) != 0) { - printf("Failed to wc_curve25519_make_key %d\n", ret); + WH_ERROR_PRINT("Failed to wc_curve25519_make_key %d\n", ret); goto exit; } + outLen = sizeof(sharedOne); if ((ret = wc_curve25519_shared_secret(curve25519PrivateKey, curve25519PublicKey, sharedOne, &outLen)) != 0) { - printf("Failed to wc_curve25519_shared_secret %d\n", ret); + WH_ERROR_PRINT("Failed to wc_curve25519_shared_secret %d\n", ret); goto exit; } + if ((ret = wc_curve25519_shared_secret(curve25519PublicKey, curve25519PrivateKey, sharedTwo, &outLen)) != 0) { - printf("Failed to wc_curve25519_shared_secret %d\n", ret); + WH_ERROR_PRINT("Failed to wc_curve25519_shared_secret %d\n", ret); goto exit; } - if (XMEMCMP(sharedOne, sharedTwo, outLen) == 0) - printf("CURVE25519 SUCCESS\n"); - else - printf("CURVE25519 FAILURE\n"); + if (XMEMCMP(sharedOne, sharedTwo, outLen) != 0) { + WH_ERROR_PRINT("CURVE25519 shared secrets don't match\n"); + } + +exit: wc_curve25519_free(curve25519PrivateKey); wc_curve25519_free(curve25519PublicKey); -exit: wc_FreeRng(rng); - ret = wh_Client_Cleanup(client); - printf("wh_Client_Cleanup:%d\n", ret); - return NULL; + + if (ret == 0) { + WH_TEST_RETURN_ON_FAIL(wh_Client_Cleanup(client)); + } + else { + wh_Client_Cleanup(client); + } + + return ret; } -static void* _whServerTask(void* cf) + +int whTest_CryptoServerConfig(whServerConfig* config) { whServerContext server[1] = {0}; - whServerConfig* config = (whServerConfig*)cf; int ret = 0; int i; if (config == NULL) { - return NULL; + return WH_ERROR_BADARGS; } - ret = wh_Server_Init(server, config); - if (ret != 0) { - printf("Failed to wh_Server_Init: %d", ret); - return NULL; - } - /* handle rng */ + WH_TEST_RETURN_ON_FAIL(wh_Server_Init(server, config)); + + /* handle client rng */ do { ret = wh_Server_HandleRequestMessage(server); } while (ret == WH_ERROR_NOTREADY); if (ret != 0) { - printf("Failed to wh_Server_HandleRequestMessage: %d\n", ret); + WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret); goto exit; } + + /* handle curve */ for (i = 0; i < 4; i++) { do { ret = wh_Server_HandleRequestMessage(server); } while (ret == WH_ERROR_NOTREADY); if (ret != 0) { - printf("Failed to wh_Server_HandleRequestMessage: %d\n", ret); + WH_ERROR_PRINT("Failed to wh_Server_HandleRequestMessage: %d\n", ret); goto exit; } } + exit: - ret = wh_Server_Cleanup(server); - printf("ServerCleanup:%d\n", ret); + if (ret == 0) { + WH_TEST_RETURN_ON_FAIL(wh_Server_Cleanup(server)); + } + else { + ret = wh_Server_Cleanup(server); + } + return ret; +} + + +#if defined(WH_CFG_TEST_POSIX) +static void* _whClientTask(void *cf) +{ + (void)whTest_CryptoClientConfig(cf); return NULL; } +static void* _whServerTask(void* cf) +{ + (void)whTest_CryptoServerConfig(cf); + return NULL; +} + + static void _whClientServerThreadTest(whClientConfig* c_conf, whServerConfig* s_conf) { @@ -164,10 +196,8 @@ static void _whClientServerThreadTest(whClientConfig* c_conf, int rc = 0; rc = pthread_create(&sthread, NULL, _whServerTask, s_conf); - printf(" WH Server thread create:%d\n", rc); if (rc == 0) { rc = pthread_create(&cthread, NULL, _whClientTask, c_conf); - printf("WH Client thread create:%d\n", rc); if (rc == 0) { /* All good. Block on joining */ @@ -245,8 +275,12 @@ static void wh_ClientServer_MemThreadTest(void) .nvm_config = n_conf, }}; + _whClientServerThreadTest(c_conf, s_conf); } +#endif /* WH_CFG_TEST_POSIX */ + + int whTest_Crypto(void) { #if defined(WH_CFG_TEST_POSIX) diff --git a/test/wh_test_crypto.h b/test/wh_test_crypto.h index 3c7d6c33..6150bc99 100644 --- a/test/wh_test_crypto.h +++ b/test/wh_test_crypto.h @@ -1,6 +1,13 @@ #ifndef WH_TEST_CRYPTO_H_ #define WH_TEST_CRYPTO_H_ +#include "wolfhsm/wh_server.h" +#include "wolfhsm/wh_client.h" + int whTest_Crypto(void); +int whTest_CryptoClientConfig(whClientConfig* cf); +int whTest_CryptoServerConfig(whServerConfig* cfg); + + #endif /* WH_TEST_COMM_H_ */ diff --git a/wolfhsm/wh_common.h b/wolfhsm/wh_common.h index e40ede48..eda1adfd 100644 --- a/wolfhsm/wh_common.h +++ b/wolfhsm/wh_common.h @@ -17,9 +17,10 @@ /** Resource allocations */ enum { WOLFHSM_NUM_COUNTERS = 8, /* Number of non-volatile 32-bit counters */ - WOLFHSM_NUM_RAMKEYS = 2, /* Number of RAM keys */ + WOLFHSM_NUM_RAMKEYS = 2, /* Number of RAM keys */ WOLFHSM_NUM_NVMOBJECTS = 32, /* Number of NVM objects in the directory */ WOLFHSM_NUM_MANIFESTS = 8, /* Number of compiletime manifests */ + WOLFHSM_KEYCACHE_BUFSIZE = 512, /* Size in bytes of key cache buffer */ }; diff --git a/wolfhsm/wh_server.h b/wolfhsm/wh_server.h index f8829fc6..6cef38fb 100644 --- a/wolfhsm/wh_server.h +++ b/wolfhsm/wh_server.h @@ -19,13 +19,13 @@ typedef struct CacheSlot { uint8_t commited; whNvmMetadata meta[1]; - uint8_t buffer[WOLFHSM_NVM_MAX_OBJECT_SIZE]; + uint8_t buffer[WOLFHSM_KEYCACHE_BUFSIZE]; } CacheSlot; typedef struct { curve25519_key curve25519Private[1]; curve25519_key curve25519Public[1]; - WC_RNG rng[1]; + WC_RNG rng[1]; } crypto_context; /* Context structure to maintain the state of an HSM server */ diff --git a/wolfhsm/wh_server_crypto.h b/wolfhsm/wh_server_crypto.h index 965c30c5..6aabdb52 100644 --- a/wolfhsm/wh_server_crypto.h +++ b/wolfhsm/wh_server_crypto.h @@ -1,7 +1,6 @@ -#include "wolfhsm/wh_server.h" - #ifndef WOLFHSM_WH_SERVER_CRYPTO_H #define WOLFHSM_WH_SERVER_CRYPTO_H +#include "wolfhsm/wh_server.h" int _wh_Server_HandleCryptoRequest(whServerContext* server, uint16_t action, uint8_t* data, uint16_t* size); #endif From 9668d9b4480b63c22f86ff04421386fde4493fd5 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 21 Mar 2024 22:00:28 -0600 Subject: [PATCH 2/2] fix server RNG memory leak --- src/wh_server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/wh_server.c b/src/wh_server.c index b701e78f..cfce2943 100644 --- a/src/wh_server.c +++ b/src/wh_server.c @@ -85,6 +85,7 @@ int wh_Server_Cleanup(whServerContext* server) (void)wh_CommServer_Cleanup(server->comm); (void)wh_Nvm_Cleanup(server->nvm); + (void)wc_FreeRng(server->crypto->rng); (void)wolfCrypt_Cleanup(); memset(server, 0, sizeof(*server));