From a7243e2b85fe87c4370e4a334cde0fe4c85fa97b Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 16 Oct 2025 13:23:42 +0900 Subject: [PATCH 1/5] Add crypto timeout to RNG and AES Updated based on Copilot's suggestions --- src/wh_client_crypto.c | 71 ++++++++++- src/wh_comm.c | 69 +++++++++- test/Makefile | 3 + test/config/wolfhsm_cfg.h | 7 ++ test/wh_test_common.c | 53 +++++++- test/wh_test_common.h | 9 ++ test/wh_test_crypto.c | 230 +++++++++++++++++++++++++++++++--- test/wh_test_wolfcrypt_test.c | 16 ++- wolfhsm/wh_comm.h | 59 ++++++++- wolfhsm/wh_error.h | 1 + 10 files changed, 490 insertions(+), 28 deletions(-) diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index c11b931a..02fbfa05 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -181,6 +181,27 @@ static int _getCryptoResponse(uint8_t* respBuf, uint16_t type, return header->rc; } +static int _wait_response_with_crypttimeout(whClientContext *ctx, + uint16_t *out_group, uint16_t *out_action, + uint16_t *out_size, void* data) +{ + int ret = WH_ERROR_OK; + do { + ret = wh_Client_RecvResponse(ctx, out_group, out_action, out_size, data); +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + if (ret == WH_ERROR_NOTREADY) { + /* Check for crypto timeout */ + int chk = wh_CommClient_CheckTimeout(ctx->comm); + if (chk == WH_ERROR_CRYPTIMEOUT) { + return WH_ERROR_CRYPTIMEOUT; + } else if (chk < 0 && chk != WH_ERROR_OK) { + return chk; + } + } +#endif + } while (ret == WH_ERROR_NOTREADY); + return ret; +} /** Implementations */ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size) @@ -232,9 +253,14 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size) /* Send request and get response */ ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + if (ret == WH_ERROR_OK) { + ret = wh_CommClient_InitCryptTimeout(ctx->comm); + } +#endif if (ret == 0) { do { - ret = wh_Client_RecvResponse(ctx, &group, &action, &res_len, + ret = _wait_response_with_crypttimeout(ctx, &group, &action, &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); } @@ -410,14 +436,21 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] tmp: \n", req_tmp, AES_BLOCK_SIZE); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + if (ret == WH_ERROR_OK) { + ret = wh_CommClient_InitCryptTimeout(ctx->comm); + } +#endif /* read response */ if (ret == WH_ERROR_OK) { /* Response packet */ uint16_t res_len = 0; do { ret = - wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr); + _wait_response_with_crypttimeout(ctx, &group, &action, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); + if (ret == WH_ERROR_OK) { ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res); if (ret == WH_ERROR_OK) { @@ -522,14 +555,21 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + if (ret == WH_ERROR_OK) { + ret = wh_CommClient_InitCryptTimeout(ctx->comm); + } +#endif /* read response */ if (ret == WH_ERROR_OK) { /* Response packet */ uint16_t res_len = 0; do { ret = - wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr); + _wait_response_with_crypttimeout(ctx, &group, &action, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); + if (ret == WH_ERROR_OK) { ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res); if (ret == WH_ERROR_OK) { @@ -631,14 +671,21 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + if (ret == WH_ERROR_OK) { + ret = wh_CommClient_InitCryptTimeout(ctx->comm); + } +#endif /* read response */ if (ret == WH_ERROR_OK) { /* Response packet */ uint16_t res_len = 0; do { ret = - wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr); + _wait_response_with_crypttimeout(ctx, &group, &action, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); + if (ret == WH_ERROR_OK) { ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res); if (ret == WH_ERROR_OK) { @@ -754,11 +801,17 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, /* Send request and receive response */ ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + if (ret == WH_ERROR_OK) { + ret = wh_CommClient_InitCryptTimeout(ctx->comm); + } +#endif if (ret == 0) { uint16_t res_len = 0; do { ret = - wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr); + _wait_response_with_crypttimeout(ctx, &group, &action, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -954,11 +1007,17 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc, if (ret == WH_ERROR_OK) { ret = wh_Client_SendRequest(ctx, group, action, reqLen, dataPtr); } +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + if (ret == WH_ERROR_OK) { + ret = wh_CommClient_InitCryptTimeout(ctx->comm); + } +#endif if (ret == 0) { uint16_t resLen = 0; do { ret = - wh_Client_RecvResponse(ctx, &group, &action, &resLen, dataPtr); + _wait_response_with_crypttimeout(ctx, &group, &action, + &resLen, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { diff --git a/src/wh_comm.c b/src/wh_comm.c index b8e4f647..ac85a7f7 100644 --- a/src/wh_comm.c +++ b/src/wh_comm.c @@ -74,7 +74,11 @@ int wh_CommClient_Init(whCommClient* context, const whCommClientConfig* config) context->transport_context = config->transport_context; context->client_id = config->client_id; context->connect_cb = config->connect_cb; - +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + context->crypt_timeout_cb = config->crypt_timeout_cb; + context->crypt_timeout_enabled = config->crypt_timeout_enabled; + context->crypt_timeout = config->crypt_timeout; +#endif if (context->transport_cb->Init != NULL) { rc = context->transport_cb->Init(context->transport_context, config->transport_config, NULL, NULL); @@ -211,6 +215,69 @@ int wh_CommClient_Cleanup(whCommClient* context) return rc; } +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +static uint64_t wh_timeval_to_ms64(const WOLFHSM_TIMEVAL* tv) +{ + if (tv == NULL) return 0; + return (uint64_t)tv->tv_sec * 1000ULL + (uint64_t)((tv->tv_usec) / 1000ULL); +} +/* Set Crypto Time Out if needed */ +int wh_CommClient_InitCryptTimeout(whCommClient* context) +{ + if (context == NULL) + return WH_ERROR_BADARGS; + /* if feature not enabled, nothing to do */ + if (context->crypt_timeout_enabled != 1) + return WH_ERROR_OK; + if (context->crypt_timeout_cb == NULL || + context->crypt_timeout_cb->GetCurrentTime == NULL) + return WH_ERROR_BADARGS; + + /* cache conversion of crypt_timeout to milliseconds */ + context->crypt_timeout_ms = wh_timeval_to_ms64(&context->crypt_timeout); + /* initialize start time */ + context->crypt_start_time = + context->crypt_timeout_cb->GetCurrentTime(1); + + return WH_ERROR_OK; +} + +/* Check Crypto Timeout */ +int wh_CommClient_CheckTimeout(whCommClient* context) +{ + uint64_t current_ms = 0; + uint64_t elapsed_ms = 0; + uint64_t timeout_ms = 0; + + if (context == NULL) return WH_ERROR_BADARGS; + + if (context->crypt_timeout_enabled != 1) + return WH_ERROR_OK; + + if (context->crypt_timeout_cb == NULL || + context->crypt_timeout_cb->GetCurrentTime == NULL) + return WH_ERROR_BADARGS; + + timeout_ms = context->crypt_timeout_ms; + if (timeout_ms == 0) + return WH_ERROR_OK; + + /* check timeout by user cb if defined */ + if (context->crypt_timeout_cb->CheckTimeout != NULL) { + return context->crypt_timeout_cb->CheckTimeout( + &context->crypt_start_time, timeout_ms); + } + + /* Otherwise compute elapsed using user-provided GetCurrentTime */ + current_ms = context->crypt_timeout_cb->GetCurrentTime(0); + elapsed_ms = current_ms - context->crypt_start_time; + if (elapsed_ms > timeout_ms) { + return WH_ERROR_CRYPTIMEOUT; + } + + return WH_ERROR_OK; +} +#endif /* WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT */ #endif /* WOLFHSM_CFG_ENABLE_CLIENT */ /** Server Functions */ diff --git a/test/Makefile b/test/Makefile index d35ac286..e90103e6 100644 --- a/test/Makefile +++ b/test/Makefile @@ -136,6 +136,9 @@ else DEF += -DWOLFHSM_CFG_IS_TEST_SERVER endif +ifeq ($(CRYPTIMEOUT),1) + DEF += -DWOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT +endif ## Source files # Assembly source files diff --git a/test/config/wolfhsm_cfg.h b/test/config/wolfhsm_cfg.h index 6c8b926f..7f2cd3ed 100644 --- a/test/config/wolfhsm_cfg.h +++ b/test/config/wolfhsm_cfg.h @@ -68,4 +68,11 @@ /* Test log-based NVM flash backend */ #define WOLFHSM_CFG_SERVER_NVM_FLASH_LOG +/* Enable client crypto timeout feature for testing */ +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) && \ + defined(WOLFHSM_CFG_TEST_POSIX) +#define WOLFHSM_CFG_CLIENT_CRYPTIMEOUT_SEC (2) +#define WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT +#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */ + #endif /* WOLFHSM_CFG_H_ */ diff --git a/test/wh_test_common.c b/test/wh_test_common.c index 2cac0aeb..0c232ff8 100644 --- a/test/wh_test_common.c +++ b/test/wh_test_common.c @@ -26,7 +26,9 @@ #include #include "wh_test_common.h" - +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#include /* For gettimeofday */ +#endif /** * Helper function to configure and select an NVM backend for testing. @@ -90,3 +92,52 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type, return 0; } + +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#include +#include /* For gettimeofday */ + +uint64_t whTest_GetCurrentTime(int reset) +{ + (void)reset; +#if defined(CLOCK_MONOTONIC) + struct timespec ts; + + if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) + return 0; + + /* Convert to milliseconds number. */ + return (uint64_t)ts.tv_sec * 1000ULL + + (uint64_t)ts.tv_nsec / 1000000ULL; +#else + struct timeval tv; + if (gettimeofday(&tv, 0) < 0) + return 0; + /* Convert to milliseconds number. */ + return (uint64_t)(tv.tv_sec * 1000ULL + tv.tv_usec / 1000ULL); +#endif +} +/* start_time stores the time (in milliseconds) returned by the GetCurrentTime() + * callback when the operation started. + * The actual unit depends on the GetCurrentTime() implementation. + * timeout_ms represents the timeout in milliseconds, which is derived from + * the crypt_timeout value in whCommClientConfig. + */ +int whTest_CheckCryptoTimeout(uint64_t* start_time, uint64_t timeout_ms) +{ + uint64_t current_time; + uint64_t elapsed_time; + + if (start_time == NULL) return WH_ERROR_BADARGS; + if (timeout_ms == 0) return WH_ERROR_OK; + + current_time = whTest_GetCurrentTime(0); + elapsed_time = current_time - *start_time; + + if (elapsed_time > timeout_ms) { + return WH_ERROR_CRYPTIMEOUT; + } + + return WH_ERROR_OK; +} +#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */ diff --git a/test/wh_test_common.h b/test/wh_test_common.h index ab563025..c8b360b4 100644 --- a/test/wh_test_common.h +++ b/test/wh_test_common.h @@ -144,4 +144,13 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type, whTestNvmBackendUnion* nvmSetup, whNvmConfig* nvmCfg, whFlashRamsimCfg* fCfg, whFlashRamsimCtx* fCtx, const whFlashCb* fCb); +uint64_t whTest_GetCurrentTime(int reset); +int whTest_CheckCryptoTimeout(uint64_t* start_time, uint64_t timeout_ms); + +#define WH_CLIENT_CRYPTO_TIMEOUT_CB \ + { \ + .GetCurrentTime = whTest_GetCurrentTime, \ + .CheckTimeout = whTest_CheckCryptoTimeout, \ + } + #endif /* WH_TEST_COMMON_H_ */ diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c index 8534d4e9..b9498308 100644 --- a/test/wh_test_crypto.c +++ b/test/wh_test_crypto.c @@ -73,6 +73,7 @@ #define FLASH_PAGE_SIZE (8) /* 8B */ #define ALT_CLIENT_ID (2) +#define ALT_CLIENT_ID_2 (3) enum { /* Total size needs to fit: @@ -127,6 +128,7 @@ static int whTest_ShowNvmAvailable(whClientContext* ctx) } #endif /* WOLFHSM_CFG_DEBUG_VERBOSE && WOLFHSM_CFG_ENABLE_CLIENT */ + #ifdef WOLFHSM_CFG_ENABLE_CLIENT static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng) { @@ -148,9 +150,30 @@ static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); } else { +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + /* delay the server so scheduling doesn't interfere with the + * timing */ + if (ctx->comm->crypt_timeout_enabled == 1) + serverDelay = 2; +#endif ret = wc_RNG_GenerateBlock(rng, med, sizeof(med)); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + if (ctx->comm->crypt_timeout_enabled == 1) + serverDelay = 0; +#endif if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + if (ctx->comm->crypt_timeout_enabled == 1 && + ret == WH_ERROR_CRYPTIMEOUT) { + printf("RNG DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wc_FreeRng(rng); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_FreeRng %d\n", ret); + } + return ret; + } else +#endif + WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); } else { ret = wc_RNG_GenerateBlock(rng, big, sizeof(big)); if (ret != 0) { @@ -2850,9 +2873,21 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret); } else { +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + /* delay the server so scheduling doesn't interfere with the + * timing */ + if (ctx->comm->crypt_timeout_enabled == 1) + serverDelay = 1; +#endif ret = wc_AesCtrEncrypt(aes, cipher, plainIn, sizeof(plainIn)); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + serverDelay = 0; +#endif if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + if (ctx->comm->crypt_timeout_enabled != 1) +#endif + WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); } else { ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, @@ -2949,8 +2984,16 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES CTR DEVID=0x%X SUCCESS\n", devId); } } +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + else { + if (ctx->comm->crypt_timeout_enabled == 1 && + ret == WH_ERROR_CRYPTIMEOUT) { + printf("AES CTR DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } + } #endif - +#endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_ECB if (ret == 0) { @@ -2965,9 +3008,21 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); } else { +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + /* delay the server so scheduling doesn't interfere with the + * timing */ + if (ctx->comm->crypt_timeout_enabled == 1) + serverDelay = 1; +#endif ret = wc_AesEcbEncrypt(aes, cipher, plainIn, sizeof(plainIn)); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + serverDelay = 0; +#endif if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesEcbEncrypt %d\n", ret); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + if (ctx->comm->crypt_timeout_enabled != 1) +#endif + WH_ERROR_PRINT("Failed to wc_AesEcbEncrypt %d\n", ret); } else { ret = @@ -3063,6 +3118,15 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES ECB DEVID=0x%X SUCCESS\n", devId); } } +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + else { + if (ctx->comm->crypt_timeout_enabled == 1 && + ret == WH_ERROR_CRYPTIMEOUT) { + printf("AES ECB DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } + } +#endif #endif /* HAVE_AES_ECB */ #ifdef HAVE_AES_CBC @@ -3080,10 +3144,22 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); } else { +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + /* delay the server so scheduling doesn't interfere with the + * timing */ + if (ctx->comm->crypt_timeout_enabled == 1) + serverDelay = 1; +#endif ret = wc_AesCbcEncrypt(aes, cipher, plainIn, sizeof(plainIn)); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + serverDelay = 0; +#endif if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + if (ctx->comm->crypt_timeout_enabled != 1) +#endif + WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret); } else { ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_DECRYPTION); @@ -3173,6 +3249,15 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES CBC DEVID=0x%X SUCCESS\n", devId); } } +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + else { + if (ctx->comm->crypt_timeout_enabled == 1 && + ret == WH_ERROR_CRYPTIMEOUT) { + printf("AES CBC DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } + } +#endif #endif /* HAVE_AES_CBC */ #ifdef HAVE_AESGCM @@ -3199,11 +3284,23 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesGcmSetKey %d\n", ret); } else { +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + /* delay the server so scheduling doesn't interfere with the + * timing */ + if (ctx->comm->crypt_timeout_enabled == 1) + serverDelay = 1; +#endif ret = wc_AesGcmEncrypt(aes, cipher, plainIn, sizeof(plainIn), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + serverDelay = 0; +#endif if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesGcmEncrypt %d\n", ret); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + if (ctx->comm->crypt_timeout_enabled != 1) +#endif + WH_ERROR_PRINT("Failed to wc_AesGcmEncrypt %d\n", ret); } else { ret = wc_AesGcmDecrypt(aes, plainOut, cipher, sizeof(plainIn), iv, sizeof(iv), authTag, @@ -3276,6 +3373,15 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES GCM DEVID=0x%X SUCCESS\n", devId); } } +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + else { + if (ctx->comm->crypt_timeout_enabled == 1 && + ret == WH_ERROR_CRYPTIMEOUT) { + printf("AES GCM DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } + } +#endif #endif /* HAVE_AES_GCM */ return ret; } @@ -4808,6 +4914,72 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) return 0; } +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +pthread_mutex_t lock; +pthread_cond_t cond; +int ready = 0; +static int _ConnectCb(void* context, whCommConnected connected) +{ + (void)context; + (void)connected; + + /* signal server thread to continue */ + pthread_mutex_lock(&lock); + ready = 1; + pthread_cond_signal(&cond); + pthread_mutex_unlock(&lock); + return 0; +} + +int whTest_CryptoClientConfig_Timeout(whClientConfig* config) +{ + whClientContext client[1] = {0}; + int ret = 0; + int i; + /* wolfcrypt */ + WC_RNG rng[1]; + + if (config == NULL) { + return WH_ERROR_BADARGS; + } + config->comm->connect_cb = _ConnectCb; + /* configure time out */ + config->comm->crypt_timeout_enabled = 1; + config->comm->crypt_timeout.tv_sec = 0; + config->comm->crypt_timeout.tv_usec = 500000; /* 500 milliseconds */ + + WH_TEST_RETURN_ON_FAIL(wh_Client_Init(client, config)); + client->comm->client_id = ALT_CLIENT_ID_2; + ret = wh_Client_CommInit(client, NULL, NULL); + if (ret != 0) { + WH_ERROR_PRINT("Failed to comm init:%d\n", ret); + } + + if (ret == 0) { + /* expect to have TIMEOUT */ + ret = whTest_CryptoRng(client, WH_DEV_ID, rng); + } + +#ifndef NO_AES + i = 0; + WH_TEST_RETURN_ON_FAIL(wh_Client_Init(client, config)); + ret = wh_Client_CommInit(client, NULL, NULL); + while ((ret == WH_ERROR_OK) && (i < WH_NUM_DEVIDS)) { + ret = whTestCrypto_Aes(client, WH_DEV_IDS_ARRAY[i], rng); + if (ret == WH_ERROR_OK) { + i++; + } + } + +#endif /* !NO_AES */ + /* Clean up used resources */ + (void)wc_FreeRng(rng); + (void)wh_Client_CommClose(client); + (void)wh_Client_Cleanup(client); + + return ret; +} +#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */ int whTest_CryptoClientConfig(whClientConfig* config) { @@ -5072,8 +5244,12 @@ int whTest_CryptoServerConfig(whServerConfig* config) int ret = 0; #ifdef WOLFHSM_CFG_IS_TEST_SERVER int userChange = 0; + int numofChanges = 2; #endif +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + numofChanges = 3; +#endif if (config == NULL) { return WH_ERROR_BADARGS; } @@ -5090,9 +5266,9 @@ int whTest_CryptoServerConfig(whServerConfig* config) while(am_connected == WH_COMM_CONNECTED) { #ifdef WOLFHSM_CFG_IS_TEST_SERVER - while (serverDelay == 1) { + while (serverDelay > 0) { #ifdef WOLFHSM_CFG_TEST_POSIX - sleep(1); + sleep(serverDelay); #endif } #endif @@ -5107,11 +5283,22 @@ int whTest_CryptoServerConfig(whServerConfig* config) #ifdef WOLFHSM_CFG_IS_TEST_SERVER /* keep alive for 2 user changes */ - if (am_connected != WH_COMM_CONNECTED && userChange < 2) { + if (am_connected != WH_COMM_CONNECTED && userChange < numofChanges) { if (userChange == 0) server->comm->client_id = ALT_CLIENT_ID; else if (userChange == 1) server->comm->client_id = WH_TEST_DEFAULT_CLIENT_ID; +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + else if (userChange >= 2) { + server->comm->client_id = ALT_CLIENT_ID_2; + pthread_mutex_lock(&lock); + while (!ready) { + pthread_cond_wait(&cond, &lock); + } + ready = 0; + pthread_mutex_unlock(&lock); + } +#endif userChange++; am_connected = WH_COMM_CONNECTED; WH_TEST_RETURN_ON_FAIL(wh_Server_SetConnected(server, am_connected)); @@ -5139,6 +5326,9 @@ static void* _whClientTask(void *cf) WH_ERROR_PRINT("whTest_CryptoClientConfig returned %d\n", rc); } WH_TEST_ASSERT(0 == rc); +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + WH_TEST_ASSERT(0 == whTest_CryptoClientConfig_Timeout(cf)); +#endif return NULL; } #endif /* WOLFHSM_CFG_TEST_POSIX && WOLFHSM_CFG_ENABLE_CLIENT */ @@ -5173,6 +5363,12 @@ static void _whClientServerThreadTest(whClientConfig* c_conf, void* retval; int rc = 0; +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + pthread_mutex_init(&lock, NULL); + pthread_cond_init(&cond, NULL); + ready = 0; +#endif + rc = pthread_create(&sthread, NULL, _whServerTask, s_conf); if (rc == 0) { rc = pthread_create(&cthread, NULL, _whClientTask, c_conf); @@ -5206,11 +5402,17 @@ static int wh_ClientServer_MemThreadTest(whTestNvmBackendType nvmType) /* Client configuration/contexts */ whTransportClientCb tccb[1] = {WH_TRANSPORT_MEM_CLIENT_CB}; whTransportMemClientContext tmcc[1] = {0}; - whCommClientConfig cc_conf[1] = {{ - .transport_cb = tccb, - .transport_context = (void*)tmcc, - .transport_config = (void*)tmcf, - .client_id = WH_TEST_DEFAULT_CLIENT_ID, +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + whCryptoClientTimeOutCb tc_timeoutcb[1] = {WH_CLIENT_CRYPTO_TIMEOUT_CB}; +#endif + whCommClientConfig cc_conf[1] = {{ + .transport_cb = tccb, + .transport_context = (void*)tmcc, + .transport_config = (void*)tmcf, +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + .crypt_timeout_cb = (void*)tc_timeoutcb, +#endif + .client_id = WH_TEST_DEFAULT_CLIENT_ID, }}; #ifdef WOLFHSM_CFG_DMA diff --git a/test/wh_test_wolfcrypt_test.c b/test/wh_test_wolfcrypt_test.c index fbe74d58..abe3b0e8 100644 --- a/test/wh_test_wolfcrypt_test.c +++ b/test/wh_test_wolfcrypt_test.c @@ -192,11 +192,17 @@ static int wh_ClientServer_MemThreadTest(void) /* Client configuration/contexts */ whTransportClientCb tccb[1] = {WH_TRANSPORT_MEM_CLIENT_CB}; whTransportMemClientContext tmcc[1] = {0}; - whCommClientConfig cc_conf[1] = {{ - .transport_cb = tccb, - .transport_context = (void*)tmcc, - .transport_config = (void*)tmcf, - .client_id = WH_TEST_DEFAULT_CLIENT_ID, +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + whCryptoClientTimeOutCb tc_timeoutcb[1] = {WH_CLIENT_CRYPTO_TIMEOUT_CB}; +#endif + whCommClientConfig cc_conf[1] = {{ + .transport_cb = tccb, + .transport_context = (void*)tmcc, + .transport_config = (void*)tmcf, +#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) + .crypt_timeout_cb = (void*)tc_timeoutcb, +#endif + .client_id = WH_TEST_DEFAULT_CLIENT_ID, }}; whClientConfig c_conf[1] = {{ .comm = cc_conf, diff --git a/wolfhsm/wh_comm.h b/wolfhsm/wh_comm.h index 4b77d58f..73d02854 100644 --- a/wolfhsm/wh_comm.h +++ b/wolfhsm/wh_comm.h @@ -152,14 +152,46 @@ typedef struct { */ int (*Cleanup)(void* context); } whTransportClientCb; - +typedef struct { + /* Get current time callback. + * This callback is mandatory when using the crypt-timeout feature. + * reset: If non-zero, reset internal time tracking to zero. + * Returns: Current time + */ + uint64_t (*GetCurrentTime)(int reset); + /* Timeout check callback. Optional. + * If not defined, an internal implementation is used for timeout checking. + * Returns: WH_ERROR_OK if not timed out, + * WH_ERROR_CRYPTIMEOUT if timed out. + */ + int (*CheckTimeout)(uint64_t* start_time, uint64_t timeout_ms); + uint8_t WH_PAD[8]; +} whCryptoClientTimeOutCb; + +#ifdef WOLFSSL_TIMEVAL + typedef WOLFSSL_TIMEVAL WOLFHSM_TIMEVAL; +#else + typedef struct { + uint64_t tv_sec; /* Seconds. */ + uint64_t tv_usec; /* Microseconds. */ + } WOLFHSM_TIMEVAL; +#endif typedef struct { const whTransportClientCb* transport_cb; +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + whCryptoClientTimeOutCb* crypt_timeout_cb; + WOLFHSM_TIMEVAL crypt_timeout; +#endif void* transport_context; const void* transport_config; whCommSetConnectedCb connect_cb; uint8_t client_id; +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + uint8_t crypt_timeout_enabled; + uint8_t WH_PAD[6]; +#else uint8_t WH_PAD[7]; +#endif } whCommClientConfig; /* Context structure for a client. Note the client context will track the @@ -170,16 +202,34 @@ typedef struct { uint64_t packet[WH_COMM_MTU_U64_COUNT]; void* transport_context; const whTransportClientCb* transport_cb; +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + whCryptoClientTimeOutCb* crypt_timeout_cb; + WOLFHSM_TIMEVAL crypt_timeout; +#endif whCommSetConnectedCb connect_cb; whCommHeader* hdr; uint8_t* data; +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + /* start_time stores the time returned by the GetCurrentTime() + * callback when the operation started. + * The actual unit depends on the GetCurrentTime() implementation. + */ + uint64_t crypt_start_time; + /* cached conversion of crypt_timeout */ + uint64_t crypt_timeout_ms; +#endif int initialized; uint16_t reqid; uint16_t seq; uint16_t size; uint8_t client_id; uint8_t server_id; +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) + uint8_t crypt_timeout_enabled; + uint8_t WH_PAD[11]; +#else uint8_t WH_PAD[4]; +#endif } whCommClient; @@ -212,6 +262,13 @@ uint8_t* wh_CommClient_GetDataPtr(whCommClient* context); */ int wh_CommClient_Cleanup(whCommClient* context); +#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +/* Set Crypt Timeout */ +int wh_CommClient_InitCryptTimeout(whCommClient* context); +/* Check Crypt Timeout */ +int wh_CommClient_CheckTimeout(whCommClient* context); + +#endif /* WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT */ /** CommServer component types */ diff --git a/wolfhsm/wh_error.h b/wolfhsm/wh_error.h index d918fe61..176b3bfa 100644 --- a/wolfhsm/wh_error.h +++ b/wolfhsm/wh_error.h @@ -45,6 +45,7 @@ enum WH_ERROR_ENUM { compile-time configuration */ WH_ERROR_USAGE = -2009, /* Operation not permitted based on object/key usage flags */ + WH_ERROR_CRYPTIMEOUT = -2010, /* Cryptographic operation timed out */ /* NVM and keystore specific status returns */ WH_ERROR_LOCKED = -2100, /* Unlock and retry if necessary */ From 1dee437a699f4e323472ec4a65a622e4d2b290f1 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 7 Nov 2025 18:03:01 +0900 Subject: [PATCH 2/5] addressed code review --- src/wh_client.c | 108 +++++++++++- src/wh_client_crypto.c | 32 ++-- src/wh_comm.c | 68 +------- test/Makefile | 2 +- test/config/wolfhsm_cfg.h | 8 +- test/wh_test_common.c | 25 +-- test/wh_test_common.h | 6 +- test/wh_test_crypto.c | 315 ++++++++++++++++++---------------- test/wh_test_wolfcrypt_test.c | 6 - wolfhsm/wh_client.h | 72 ++++++++ wolfhsm/wh_comm.h | 63 +------ wolfhsm/wh_error.h | 4 +- wolfhsm/wh_settings.h | 8 + 13 files changed, 403 insertions(+), 314 deletions(-) diff --git a/src/wh_client.c b/src/wh_client.c index 605fedbb..4734a642 100644 --- a/src/wh_client.c +++ b/src/wh_client.c @@ -80,7 +80,13 @@ int wh_Client_Init(whClientContext* c, const whClientConfig* config) /* register the cancel callback */ c->cancelCb = config->cancelCb; #endif - +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) + if (NULL != config->timeoutConfig) { + c->timeout.timeout_val = config->timeoutConfig->timeout_val; + c->timeout.timeout_enabled = config->timeoutConfig->timeout_enabled; + c->timeout.start_time = 0; + } +#endif rc = wh_CommClient_Init(c->comm, config->comm); #ifndef WOLFHSM_CFG_NO_CRYPTO @@ -1516,4 +1522,104 @@ int wh_Client_KeyExportDma(whClientContext* c, uint16_t keyId, } #endif /* WOLFHSM_CFG_DMA */ +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) +static uint64_t wh_timeval_to_64(const wh_timeval* tv) +{ + if (tv == NULL) return 0; + return (uint64_t)tv->tv_sec * WH_BASE_TIMEOUT_UNIT + + (uint64_t)((tv->tv_usec) / WH_BASE_TIMEOUT_UNIT); +} +/* Set Time Out if needed */ +int wh_Client_InitCryptTimeout(whClientContext* c) +{ + if (c == NULL) { + return WH_ERROR_BADARGS; + } + + /* if feature not enabled, nothing to do */ + if (c->timeout.timeout_enabled != 1) { + return WH_ERROR_OK; + } + if (c->timeout.cb.GetCurrentTime == NULL) { + return WH_ERROR_BADARGS; + } + /* initialize start time */ + c->timeout.start_time = c->timeout.cb.GetCurrentTime(1); + + return WH_ERROR_OK; +} + +/* Check Crypto Timeout */ +int wh_Client_CheckTimeout(whClientContext* c) +{ + uint64_t current_ = 0; + uint64_t elapsed_ = 0; + uint64_t timeout_ = 0; + + if (c == NULL) { + return WH_ERROR_BADARGS; + } + + if (c->timeout.timeout_enabled != 1) { + return WH_ERROR_OK; + } + + if (c->timeout.cb.GetCurrentTime == NULL) { + return WH_ERROR_BADARGS; + } + + timeout_ = wh_timeval_to_64(&c->timeout.timeout_val); + if (timeout_ == 0) { + return WH_ERROR_OK; + } + + /* check timeout by user cb if defined */ + if (c->timeout.cb.CheckTimeout != NULL) { + return c->timeout.cb.CheckTimeout( + &c->timeout.start_time, timeout_); + } + + /* Otherwise compute elapsed using user-provided GetCurrentTime */ + current_ = c->timeout.cb.GetCurrentTime(0); + elapsed_ = current_ - c->timeout.start_time; + if (elapsed_ > timeout_) { + return WH_ERROR_TIMEOUT; + } + + return WH_ERROR_OK; +} + +int wh_Client_timeoutRegisterCb(whClientContext* client, + whClientTimeOutCb* cb) +{ + /* No NULL check for cb, since it is optional and always NULL checked before + * it is called */ + if (NULL == client) { + return WH_ERROR_BADARGS; + } + + client->timeout.cb.GetCurrentTime = cb->GetCurrentTime; + client->timeout.cb.CheckTimeout = cb->CheckTimeout; + + return WH_ERROR_OK; +} + +int wh_Client_timeoutEnable(whClientContext* client, + wh_timeval* timeout_val) +{ + if (NULL == client) { + return WH_ERROR_BADARGS; + } + + if (timeout_val != NULL) { + client->timeout.timeout_enabled = 1; + memcpy(&client->timeout.timeout_val, timeout_val, + sizeof(wh_timeval)); + } else { + client->timeout.timeout_enabled = 0; + memset(&client->timeout.timeout_val, 0, sizeof(wh_timeval)); + } + return WH_ERROR_OK; +} +#endif /* WOLFHSM_CFG_CLIENT_TIMEOUT */ #endif /* WOLFHSM_CFG_ENABLE_CLIENT */ diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 02fbfa05..1d918720 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -188,12 +188,12 @@ static int _wait_response_with_crypttimeout(whClientContext *ctx, int ret = WH_ERROR_OK; do { ret = wh_Client_RecvResponse(ctx, out_group, out_action, out_size, data); -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) if (ret == WH_ERROR_NOTREADY) { /* Check for crypto timeout */ - int chk = wh_CommClient_CheckTimeout(ctx->comm); - if (chk == WH_ERROR_CRYPTIMEOUT) { - return WH_ERROR_CRYPTIMEOUT; + int chk = wh_Client_CheckTimeout(ctx); + if (chk == WH_ERROR_TIMEOUT) { + return WH_ERROR_TIMEOUT; } else if (chk < 0 && chk != WH_ERROR_OK) { return chk; } @@ -253,9 +253,9 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size) /* Send request and get response */ ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) if (ret == WH_ERROR_OK) { - ret = wh_CommClient_InitCryptTimeout(ctx->comm); + ret = wh_Client_InitCryptTimeout(ctx); } #endif if (ret == 0) { @@ -436,9 +436,9 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] tmp: \n", req_tmp, AES_BLOCK_SIZE); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) if (ret == WH_ERROR_OK) { - ret = wh_CommClient_InitCryptTimeout(ctx->comm); + ret = wh_Client_InitCryptTimeout(ctx); } #endif /* read response */ @@ -555,9 +555,9 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_ENABLE_CWOLFHSM_CFG_CLIENT_TIMEOUTLIENT_TIMEOUT) if (ret == WH_ERROR_OK) { - ret = wh_CommClient_InitCryptTimeout(ctx->comm); + ret = wh_Client_InitCryptTimeout(ctx); } #endif /* read response */ @@ -671,9 +671,9 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) if (ret == WH_ERROR_OK) { - ret = wh_CommClient_InitCryptTimeout(ctx->comm); + ret = wh_Client_InitCryptTimeout(ctx); } #endif /* read response */ @@ -801,9 +801,9 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, /* Send request and receive response */ ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) if (ret == WH_ERROR_OK) { - ret = wh_CommClient_InitCryptTimeout(ctx->comm); + ret = wh_Client_InitCryptTimeout(ctx); } #endif if (ret == 0) { @@ -1007,9 +1007,9 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc, if (ret == WH_ERROR_OK) { ret = wh_Client_SendRequest(ctx, group, action, reqLen, dataPtr); } -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) if (ret == WH_ERROR_OK) { - ret = wh_CommClient_InitCryptTimeout(ctx->comm); + ret = wh_Client_InitCryptTimeout(ctx); } #endif if (ret == 0) { diff --git a/src/wh_comm.c b/src/wh_comm.c index ac85a7f7..3409287d 100644 --- a/src/wh_comm.c +++ b/src/wh_comm.c @@ -74,11 +74,7 @@ int wh_CommClient_Init(whCommClient* context, const whCommClientConfig* config) context->transport_context = config->transport_context; context->client_id = config->client_id; context->connect_cb = config->connect_cb; -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) - context->crypt_timeout_cb = config->crypt_timeout_cb; - context->crypt_timeout_enabled = config->crypt_timeout_enabled; - context->crypt_timeout = config->crypt_timeout; -#endif + if (context->transport_cb->Init != NULL) { rc = context->transport_cb->Init(context->transport_context, config->transport_config, NULL, NULL); @@ -215,69 +211,7 @@ int wh_CommClient_Cleanup(whCommClient* context) return rc; } -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) -static uint64_t wh_timeval_to_ms64(const WOLFHSM_TIMEVAL* tv) -{ - if (tv == NULL) return 0; - return (uint64_t)tv->tv_sec * 1000ULL + (uint64_t)((tv->tv_usec) / 1000ULL); -} -/* Set Crypto Time Out if needed */ -int wh_CommClient_InitCryptTimeout(whCommClient* context) -{ - if (context == NULL) - return WH_ERROR_BADARGS; - /* if feature not enabled, nothing to do */ - if (context->crypt_timeout_enabled != 1) - return WH_ERROR_OK; - if (context->crypt_timeout_cb == NULL || - context->crypt_timeout_cb->GetCurrentTime == NULL) - return WH_ERROR_BADARGS; - - /* cache conversion of crypt_timeout to milliseconds */ - context->crypt_timeout_ms = wh_timeval_to_ms64(&context->crypt_timeout); - /* initialize start time */ - context->crypt_start_time = - context->crypt_timeout_cb->GetCurrentTime(1); - - return WH_ERROR_OK; -} - -/* Check Crypto Timeout */ -int wh_CommClient_CheckTimeout(whCommClient* context) -{ - uint64_t current_ms = 0; - uint64_t elapsed_ms = 0; - uint64_t timeout_ms = 0; - if (context == NULL) return WH_ERROR_BADARGS; - - if (context->crypt_timeout_enabled != 1) - return WH_ERROR_OK; - - if (context->crypt_timeout_cb == NULL || - context->crypt_timeout_cb->GetCurrentTime == NULL) - return WH_ERROR_BADARGS; - - timeout_ms = context->crypt_timeout_ms; - if (timeout_ms == 0) - return WH_ERROR_OK; - - /* check timeout by user cb if defined */ - if (context->crypt_timeout_cb->CheckTimeout != NULL) { - return context->crypt_timeout_cb->CheckTimeout( - &context->crypt_start_time, timeout_ms); - } - - /* Otherwise compute elapsed using user-provided GetCurrentTime */ - current_ms = context->crypt_timeout_cb->GetCurrentTime(0); - elapsed_ms = current_ms - context->crypt_start_time; - if (elapsed_ms > timeout_ms) { - return WH_ERROR_CRYPTIMEOUT; - } - - return WH_ERROR_OK; -} -#endif /* WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT */ #endif /* WOLFHSM_CFG_ENABLE_CLIENT */ /** Server Functions */ diff --git a/test/Makefile b/test/Makefile index e90103e6..8301355e 100644 --- a/test/Makefile +++ b/test/Makefile @@ -137,7 +137,7 @@ else endif ifeq ($(CRYPTIMEOUT),1) - DEF += -DWOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT + DEF += -DWOLFHSM_CFG_CLIENT_TIMEOUT endif ## Source files diff --git a/test/config/wolfhsm_cfg.h b/test/config/wolfhsm_cfg.h index 7f2cd3ed..3cec89e9 100644 --- a/test/config/wolfhsm_cfg.h +++ b/test/config/wolfhsm_cfg.h @@ -69,10 +69,10 @@ #define WOLFHSM_CFG_SERVER_NVM_FLASH_LOG /* Enable client crypto timeout feature for testing */ -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) && \ +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) && \ defined(WOLFHSM_CFG_TEST_POSIX) -#define WOLFHSM_CFG_CLIENT_CRYPTIMEOUT_SEC (2) -#define WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT -#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */ +#define WOLFHSM_CFG_CLIENT_TIMEOUT_USEC (500000) /* 500ms */ +#define WOLFHSM_CFG_TEST_CLIENT_TIMEOUT +#endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ #endif /* WOLFHSM_CFG_H_ */ diff --git a/test/wh_test_common.c b/test/wh_test_common.c index 0c232ff8..f5b387f7 100644 --- a/test/wh_test_common.c +++ b/test/wh_test_common.c @@ -26,7 +26,7 @@ #include #include "wh_test_common.h" -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) #include /* For gettimeofday */ #endif @@ -93,7 +93,7 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type, return 0; } -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) #include #include /* For gettimeofday */ @@ -120,24 +120,29 @@ uint64_t whTest_GetCurrentTime(int reset) /* start_time stores the time (in milliseconds) returned by the GetCurrentTime() * callback when the operation started. * The actual unit depends on the GetCurrentTime() implementation. - * timeout_ms represents the timeout in milliseconds, which is derived from - * the crypt_timeout value in whCommClientConfig. + * timeout_val represents the timeout in milliseconds(default), + * which is derived from the timeout value in whCommClientConfig. */ -int whTest_CheckCryptoTimeout(uint64_t* start_time, uint64_t timeout_ms) +int whTest_CheckTimeout(uint64_t* start_time, uint64_t timeout_val) { uint64_t current_time; uint64_t elapsed_time; - if (start_time == NULL) return WH_ERROR_BADARGS; - if (timeout_ms == 0) return WH_ERROR_OK; + if (start_time == NULL) { + return WH_ERROR_BADARGS; + } + + if (timeout_val == 0) { + return WH_ERROR_OK; + } current_time = whTest_GetCurrentTime(0); elapsed_time = current_time - *start_time; - if (elapsed_time > timeout_ms) { - return WH_ERROR_CRYPTIMEOUT; + if (elapsed_time > timeout_val) { + return WH_ERROR_TIMEOUT; } return WH_ERROR_OK; } -#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */ +#endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ diff --git a/test/wh_test_common.h b/test/wh_test_common.h index c8b360b4..f549a431 100644 --- a/test/wh_test_common.h +++ b/test/wh_test_common.h @@ -145,12 +145,12 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type, whFlashRamsimCfg* fCfg, whFlashRamsimCtx* fCtx, const whFlashCb* fCb); uint64_t whTest_GetCurrentTime(int reset); -int whTest_CheckCryptoTimeout(uint64_t* start_time, uint64_t timeout_ms); +int whTest_CheckTimeout(uint64_t* start_time, uint64_t timeout_val); -#define WH_CLIENT_CRYPTO_TIMEOUT_CB \ +#define WH_CLIENT_TIMEOUT_CB \ { \ .GetCurrentTime = whTest_GetCurrentTime, \ - .CheckTimeout = whTest_CheckCryptoTimeout, \ + .CheckTimeout = whTest_CheckTimeout, \ } #endif /* WH_TEST_COMMON_H_ */ diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c index b9498308..43dbe5b4 100644 --- a/test/wh_test_crypto.c +++ b/test/wh_test_crypto.c @@ -89,8 +89,36 @@ enum { #define PLAINTEXT "mytextisbigplain" #ifdef WOLFHSM_CFG_IS_TEST_SERVER -/* Flag causing the server loop to sleep(1) */ -int serverDelay = 0; +int server_pause = 0; + +#if defined(WOLFHSM_CFG_TEST_POSIX) +pthread_mutex_t lock; +pthread_cond_t cond; + +static void pause_server() +{ + pthread_mutex_lock(&lock); + server_pause = 1; + pthread_mutex_unlock(&lock); +} + +static void resume_server() +{ + pthread_mutex_lock(&lock); + server_pause = 0; + pthread_cond_signal(&cond); + pthread_mutex_unlock(&lock); +} +#else +static void pause_server() +{ + server_pause = 1; +} +static void resume_server() +{ + server_pause = 0; +} +#endif /* WOLFHSM_CFG_TEST_POSIX */ #if defined(WOLFHSM_CFG_TEST_POSIX) && defined(WOLFHSM_CFG_ENABLE_CLIENT) && \ defined(WOLFHSM_CFG_ENABLE_SERVER) && defined(WOLFHSM_CFG_CANCEL_API) @@ -150,26 +178,32 @@ static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) /* delay the server so scheduling doesn't interfere with the * timing */ - if (ctx->comm->crypt_timeout_enabled == 1) - serverDelay = 2; + if (ctx->timeout.timeout_enabled == 1) { + pause_server(); + } #endif ret = wc_RNG_GenerateBlock(rng, med, sizeof(med)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - if (ctx->comm->crypt_timeout_enabled == 1) - serverDelay = 0; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + resume_server(); + } #endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - if (ctx->comm->crypt_timeout_enabled == 1 && - ret == WH_ERROR_CRYPTIMEOUT) { +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1 && + ret == WH_ERROR_TIMEOUT) { printf("RNG DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); ret = wc_FreeRng(rng); if (ret != 0) { WH_ERROR_PRINT("Failed to wc_FreeRng %d\n", ret); } + ret = wh_Client_CommInit(ctx, NULL, NULL); + if (ret != WH_ERROR_OK) { + WH_ERROR_PRINT("Failed to re-init comms %d\n", ret); + } return ret; } else #endif @@ -2873,19 +2907,20 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - /* delay the server so scheduling doesn't interfere with the - * timing */ - if (ctx->comm->crypt_timeout_enabled == 1) - serverDelay = 1; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + pause_server(); + } #endif ret = wc_AesCtrEncrypt(aes, cipher, plainIn, sizeof(plainIn)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - serverDelay = 0; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + resume_server(); + } #endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - if (ctx->comm->crypt_timeout_enabled != 1) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled != 1) #endif WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); } @@ -2984,10 +3019,10 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES CTR DEVID=0x%X SUCCESS\n", devId); } } -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) else { - if (ctx->comm->crypt_timeout_enabled == 1 && - ret == WH_ERROR_CRYPTIMEOUT) { + if (ctx->timeout.timeout_enabled == 1 && + ret == WH_ERROR_TIMEOUT) { printf("AES CTR DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); ret = wh_Client_CommInit(ctx, NULL, NULL); } @@ -3008,19 +3043,20 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - /* delay the server so scheduling doesn't interfere with the - * timing */ - if (ctx->comm->crypt_timeout_enabled == 1) - serverDelay = 1; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + pause_server(); + } #endif ret = wc_AesEcbEncrypt(aes, cipher, plainIn, sizeof(plainIn)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - serverDelay = 0; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + resume_server(); + } #endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - if (ctx->comm->crypt_timeout_enabled != 1) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled != 1) #endif WH_ERROR_PRINT("Failed to wc_AesEcbEncrypt %d\n", ret); } @@ -3118,10 +3154,10 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES ECB DEVID=0x%X SUCCESS\n", devId); } } -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) else { - if (ctx->comm->crypt_timeout_enabled == 1 && - ret == WH_ERROR_CRYPTIMEOUT) { + if (ctx->timeout.timeout_enabled == 1 && + ret == WH_ERROR_TIMEOUT) { printf("AES ECB DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); ret = wh_Client_CommInit(ctx, NULL, NULL); } @@ -3144,20 +3180,21 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - /* delay the server so scheduling doesn't interfere with the - * timing */ - if (ctx->comm->crypt_timeout_enabled == 1) - serverDelay = 1; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + pause_server(); + } #endif ret = wc_AesCbcEncrypt(aes, cipher, plainIn, sizeof(plainIn)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - serverDelay = 0; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + resume_server(); + } #endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - if (ctx->comm->crypt_timeout_enabled != 1) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled != 1) #endif WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret); } else { @@ -3249,10 +3286,10 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES CBC DEVID=0x%X SUCCESS\n", devId); } } -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) else { - if (ctx->comm->crypt_timeout_enabled == 1 && - ret == WH_ERROR_CRYPTIMEOUT) { + if (ctx->timeout.timeout_enabled == 1 && + ret == WH_ERROR_TIMEOUT) { printf("AES CBC DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); ret = wh_Client_CommInit(ctx, NULL, NULL); } @@ -3284,21 +3321,22 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesGcmSetKey %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - /* delay the server so scheduling doesn't interfere with the - * timing */ - if (ctx->comm->crypt_timeout_enabled == 1) - serverDelay = 1; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + pause_server(); + } #endif ret = wc_AesGcmEncrypt(aes, cipher, plainIn, sizeof(plainIn), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - serverDelay = 0; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled == 1) { + resume_server(); + } #endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - if (ctx->comm->crypt_timeout_enabled != 1) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + if (ctx->timeout.timeout_enabled != 1) #endif WH_ERROR_PRINT("Failed to wc_AesGcmEncrypt %d\n", ret); } else { @@ -3373,10 +3411,10 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES GCM DEVID=0x%X SUCCESS\n", devId); } } -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) else { - if (ctx->comm->crypt_timeout_enabled == 1 && - ret == WH_ERROR_CRYPTIMEOUT) { + if (ctx->timeout.timeout_enabled == 1 && + ret == WH_ERROR_TIMEOUT) { printf("AES GCM DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); ret = wh_Client_CommInit(ctx, NULL, NULL); } @@ -3617,7 +3655,7 @@ static int whTestCrypto_Cmac(whClientContext* ctx, int devId, WC_RNG* rng) */ /* delay the server so scheduling doesn't interfere with the * timing */ - serverDelay = 1; + pause_server(); #endif ret = wc_CmacUpdate(cmac, (byte*)cmacFodder, @@ -3633,7 +3671,7 @@ static int whTestCrypto_Cmac(whClientContext* ctx, int devId, WC_RNG* rng) } else { #if WOLFHSM_CFG_IS_TEST_SERVER - serverDelay = 0; + resume_server(); #endif do { ret = wh_Client_CancelResponse(ctx); @@ -4914,72 +4952,32 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) return 0; } -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) -pthread_mutex_t lock; -pthread_cond_t cond; -int ready = 0; -static int _ConnectCb(void* context, whCommConnected connected) +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) +static int EnableTimeout(whClientContext* client, wh_timeval* timeout_val) { - (void)context; - (void)connected; + int ret = 0; - /* signal server thread to continue */ - pthread_mutex_lock(&lock); - ready = 1; - pthread_cond_signal(&cond); - pthread_mutex_unlock(&lock); - return 0; + /* configure timeout */ + ret = wh_Client_timeoutEnable(client, timeout_val); + if (ret != 0) { + WH_ERROR_PRINT("Failed to enable timeout:%d\n", ret); + } + return ret; } -int whTest_CryptoClientConfig_Timeout(whClientConfig* config) +static int DisableTimeout(whClientContext* client) { - whClientContext client[1] = {0}; - int ret = 0; - int i; - /* wolfcrypt */ - WC_RNG rng[1]; + int ret = 0; - if (config == NULL) { - return WH_ERROR_BADARGS; - } - config->comm->connect_cb = _ConnectCb; - /* configure time out */ - config->comm->crypt_timeout_enabled = 1; - config->comm->crypt_timeout.tv_sec = 0; - config->comm->crypt_timeout.tv_usec = 500000; /* 500 milliseconds */ - - WH_TEST_RETURN_ON_FAIL(wh_Client_Init(client, config)); - client->comm->client_id = ALT_CLIENT_ID_2; - ret = wh_Client_CommInit(client, NULL, NULL); + /* disable timeout */ + ret = wh_Client_timeoutEnable(client, NULL); if (ret != 0) { - WH_ERROR_PRINT("Failed to comm init:%d\n", ret); - } - - if (ret == 0) { - /* expect to have TIMEOUT */ - ret = whTest_CryptoRng(client, WH_DEV_ID, rng); - } - -#ifndef NO_AES - i = 0; - WH_TEST_RETURN_ON_FAIL(wh_Client_Init(client, config)); - ret = wh_Client_CommInit(client, NULL, NULL); - while ((ret == WH_ERROR_OK) && (i < WH_NUM_DEVIDS)) { - ret = whTestCrypto_Aes(client, WH_DEV_IDS_ARRAY[i], rng); - if (ret == WH_ERROR_OK) { - i++; - } + WH_ERROR_PRINT("Failed to disable timeout:%d\n", ret); } - -#endif /* !NO_AES */ - /* Clean up used resources */ - (void)wc_FreeRng(rng); - (void)wh_Client_CommClose(client); - (void)wh_Client_Cleanup(client); - return ret; } -#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */ + +#endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ int whTest_CryptoClientConfig(whClientConfig* config) { @@ -4989,6 +4987,10 @@ int whTest_CryptoClientConfig(whClientConfig* config) int ret = 0; /* wolfcrypt */ WC_RNG rng[1]; +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + whClientTimeOutCb timeOutCb[1] = {WH_CLIENT_TIMEOUT_CB}; + wh_timeval timeout_val = {0, WOLFHSM_CFG_CLIENT_TIMEOUT_USEC}; /* 500 ms */ +#endif if (config == NULL) { return WH_ERROR_BADARGS; @@ -5000,6 +5002,13 @@ int whTest_CryptoClientConfig(whClientConfig* config) if (ret != 0) { WH_ERROR_PRINT("Failed to comm init:%d\n", ret); } +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + /* configure timeout */ + ret = wh_Client_timeoutRegisterCb(client, timeOutCb); + if (ret != 0) { + WH_ERROR_PRINT("Failed to register timeout cb:%d\n", ret); + } +#endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ #ifdef WOLFHSM_CFG_DEBUG_VERBOSE if (ret == 0) { @@ -5017,6 +5026,17 @@ int whTest_CryptoClientConfig(whClientConfig* config) i++; } } +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + ret = EnableTimeout(client, &timeout_val); + if (ret != 0) { + WH_ERROR_PRINT("Failed to enable timeout:%d\n", ret); + } + if (ret == 0) { + /* expect to have TIMEOUT */ + ret = whTest_CryptoRng(client, WH_DEV_ID, rng); + } + DisableTimeout(client); +#endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ /* Now that we have tested all RNG devIds, reinitialize the default RNG * devId (non-DMA) that will be used by the remainder of the tests for @@ -5061,6 +5081,20 @@ int whTest_CryptoClientConfig(whClientConfig* config) i++; } } +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + ret = EnableTimeout(client, &timeout_val); + if (ret != 0) { + WH_ERROR_PRINT("Failed to enable timeout:%d\n", ret); + } + i = 0; + while ((ret == WH_ERROR_OK) && (i < WH_NUM_DEVIDS)) { + ret = whTestCrypto_Aes(client, WH_DEV_IDS_ARRAY[i], rng); + if (ret == WH_ERROR_OK) { + i++; + } + } + DisableTimeout(client); +#endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ #endif /* !NO_AES */ #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) @@ -5247,9 +5281,6 @@ int whTest_CryptoServerConfig(whServerConfig* config) int numofChanges = 2; #endif -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - numofChanges = 3; -#endif if (config == NULL) { return WH_ERROR_BADARGS; } @@ -5266,11 +5297,18 @@ int whTest_CryptoServerConfig(whServerConfig* config) while(am_connected == WH_COMM_CONNECTED) { #ifdef WOLFHSM_CFG_IS_TEST_SERVER - while (serverDelay > 0) { -#ifdef WOLFHSM_CFG_TEST_POSIX - sleep(serverDelay); -#endif - } + #ifdef WOLFHSM_CFG_TEST_POSIX + pthread_mutex_lock(&lock); + #endif + while (server_pause) { + #ifdef WOLFHSM_CFG_TEST_POSIX + pthread_cond_wait(&cond, &lock); + #endif + } + server_pause = 0; + #ifdef WOLFHSM_CFG_TEST_POSIX + pthread_mutex_unlock(&lock); + #endif #endif ret = wh_Server_HandleRequestMessage(server); if ((ret != WH_ERROR_NOTREADY) && @@ -5288,17 +5326,6 @@ int whTest_CryptoServerConfig(whServerConfig* config) server->comm->client_id = ALT_CLIENT_ID; else if (userChange == 1) server->comm->client_id = WH_TEST_DEFAULT_CLIENT_ID; -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - else if (userChange >= 2) { - server->comm->client_id = ALT_CLIENT_ID_2; - pthread_mutex_lock(&lock); - while (!ready) { - pthread_cond_wait(&cond, &lock); - } - ready = 0; - pthread_mutex_unlock(&lock); - } -#endif userChange++; am_connected = WH_COMM_CONNECTED; WH_TEST_RETURN_ON_FAIL(wh_Server_SetConnected(server, am_connected)); @@ -5363,10 +5390,9 @@ static void _whClientServerThreadTest(whClientConfig* c_conf, void* retval; int rc = 0; -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) +#if defined(WOLFHSM_CFG_TEST_POSIX) pthread_mutex_init(&lock, NULL); pthread_cond_init(&cond, NULL); - ready = 0; #endif rc = pthread_create(&sthread, NULL, _whServerTask, s_conf); @@ -5402,21 +5428,19 @@ static int wh_ClientServer_MemThreadTest(whTestNvmBackendType nvmType) /* Client configuration/contexts */ whTransportClientCb tccb[1] = {WH_TRANSPORT_MEM_CLIENT_CB}; whTransportMemClientContext tmcc[1] = {0}; -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - whCryptoClientTimeOutCb tc_timeoutcb[1] = {WH_CLIENT_CRYPTO_TIMEOUT_CB}; -#endif + whCommClientConfig cc_conf[1] = {{ .transport_cb = tccb, .transport_context = (void*)tmcc, .transport_config = (void*)tmcf, -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - .crypt_timeout_cb = (void*)tc_timeoutcb, -#endif .client_id = WH_TEST_DEFAULT_CLIENT_ID, }}; #ifdef WOLFHSM_CFG_DMA whClientDmaConfig clientDmaConfig = {0}; +#endif +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) + whClientTimeOutConfig timeoutcfg[1] = {0}; #endif whClientConfig c_conf[1] = {{ .comm = cc_conf, @@ -5425,6 +5449,9 @@ static int wh_ClientServer_MemThreadTest(whTestNvmBackendType nvmType) #endif #ifdef WOLFHSM_CFG_CANCEL_API .cancelCb = _cancelCb, +#endif +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) + .timeoutConfig = &timeoutcfg[0], #endif }}; diff --git a/test/wh_test_wolfcrypt_test.c b/test/wh_test_wolfcrypt_test.c index abe3b0e8..03248608 100644 --- a/test/wh_test_wolfcrypt_test.c +++ b/test/wh_test_wolfcrypt_test.c @@ -192,16 +192,10 @@ static int wh_ClientServer_MemThreadTest(void) /* Client configuration/contexts */ whTransportClientCb tccb[1] = {WH_TRANSPORT_MEM_CLIENT_CB}; whTransportMemClientContext tmcc[1] = {0}; -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - whCryptoClientTimeOutCb tc_timeoutcb[1] = {WH_CLIENT_CRYPTO_TIMEOUT_CB}; -#endif whCommClientConfig cc_conf[1] = {{ .transport_cb = tccb, .transport_context = (void*)tmcc, .transport_config = (void*)tmcf, -#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT) - .crypt_timeout_cb = (void*)tc_timeoutcb, -#endif .client_id = WH_TEST_DEFAULT_CLIENT_ID, }}; whClientConfig c_conf[1] = {{ diff --git a/wolfhsm/wh_client.h b/wolfhsm/wh_client.h index 4a5a7b92..68bd6684 100644 --- a/wolfhsm/wh_client.h +++ b/wolfhsm/wh_client.h @@ -113,6 +113,59 @@ typedef struct { */ typedef int (*whClientCancelCb)(uint16_t cancelSeq); + +typedef struct { + uint64_t tv_sec; /* Seconds. */ + uint64_t tv_usec; /* Microseconds. */ +} wh_timeval; +typedef struct { + /* Get current time callback. + * This callback is mandatory when using the timeout feature. + * + * Parameters: + * reset - If non-zero, reset internal time tracking to zero. + * + * Returns: + * Current time. Time units are user-defined. + */ + uint64_t (*GetCurrentTime)(int reset); + /* Timeout check callback (Optional). + * If not defined, an internal implementation is used for timeout checking. + * The internal implementation assumes that time units returned by + * GetCurrentTime() are consistent with those used in timeout value. + * For example, if timeout_value is specified in milliseconds, it expects + * GetCurrentTime() to return time in milliseconds as well. + * + * Parameters: + * start_time - Pointer to the start time value as returned by GetCurrentTime(). + * timeout_value - Timeout value conversion in defined time units. + * The default is in milliseconds, but it can be customized + * by WH_BASE_TIMEOUT_UNIT. + * + * Returns: + * WH_ERROR_OK - Not timed out, + * WH_ERROR_TIMEOUT - Timed out. + */ + int (*CheckTimeout)(uint64_t* start_time, uint64_t timeout_val); +} whClientTimeOutCb; +typedef struct { + whClientTimeOutCb cb; + wh_timeval timeout_val; + /* start_time stores the time returned by the GetCurrentTime() + * callback when the operation started. + * The actual unit depends on the GetCurrentTime() implementation. + */ + uint64_t start_time; + uint8_t timeout_enabled; + uint8_t WH_PAD[7]; +} whClientTimeOutContext; + +typedef struct { + whClientTimeOutCb cb; + wh_timeval timeout_val; + uint8_t timeout_enabled; +} whClientTimeOutConfig; + /* Client context */ struct whClientContext_t { uint16_t last_req_id; @@ -124,6 +177,9 @@ struct whClientContext_t { #ifdef WOLFHSM_CFG_DMA whClientDmaContext dma; #endif /* WOLFHSM_CFG_DMA */ +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) + whClientTimeOutContext timeout; +#endif whCommClient comm[1]; }; @@ -135,6 +191,9 @@ struct whClientConfig_t { #ifdef WOLFHSM_CFG_DMA whClientDmaConfig* dmaConfig; #endif /* WOLFHSM_CFG_DMA */ +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) + whClientTimeOutConfig* timeoutConfig; +#endif }; typedef struct whClientConfig_t whClientConfig; @@ -2640,4 +2699,17 @@ int wh_Client_CertVerifyAcertDma(whClientContext* c, const void* cert, #define WH_CLIENT_KEYID_MAKE_WRAPPED_META(_clientId, _id) \ WH_MAKE_KEYID(WH_KEYTYPE_WRAPPED, (_clientId), (_id)) +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) +/* Init Client Timeout */ +int wh_Client_InitCryptTimeout(whClientContext* context); +/* Check Client Timeout */ +int wh_Client_CheckTimeout(whClientContext* context); +/* Register Client Timeout Callback */ +int wh_Client_timeoutRegisterCb(whClientContext* client, + whClientTimeOutCb* cb); +/* Enable Client Timeout */ +int wh_Client_timeoutEnable(whClientContext* client, + wh_timeval* timeout_val); +#endif /* WOLFHSM_CFG_CLIENT_TIMEOUT */ + #endif /* !WOLFHSM_WH_CLIENT_H_ */ diff --git a/wolfhsm/wh_comm.h b/wolfhsm/wh_comm.h index 73d02854..826e5221 100644 --- a/wolfhsm/wh_comm.h +++ b/wolfhsm/wh_comm.h @@ -152,46 +152,16 @@ typedef struct { */ int (*Cleanup)(void* context); } whTransportClientCb; -typedef struct { - /* Get current time callback. - * This callback is mandatory when using the crypt-timeout feature. - * reset: If non-zero, reset internal time tracking to zero. - * Returns: Current time - */ - uint64_t (*GetCurrentTime)(int reset); - /* Timeout check callback. Optional. - * If not defined, an internal implementation is used for timeout checking. - * Returns: WH_ERROR_OK if not timed out, - * WH_ERROR_CRYPTIMEOUT if timed out. - */ - int (*CheckTimeout)(uint64_t* start_time, uint64_t timeout_ms); - uint8_t WH_PAD[8]; -} whCryptoClientTimeOutCb; - -#ifdef WOLFSSL_TIMEVAL - typedef WOLFSSL_TIMEVAL WOLFHSM_TIMEVAL; -#else - typedef struct { - uint64_t tv_sec; /* Seconds. */ - uint64_t tv_usec; /* Microseconds. */ - } WOLFHSM_TIMEVAL; -#endif + + + typedef struct { const whTransportClientCb* transport_cb; -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) - whCryptoClientTimeOutCb* crypt_timeout_cb; - WOLFHSM_TIMEVAL crypt_timeout; -#endif void* transport_context; const void* transport_config; whCommSetConnectedCb connect_cb; uint8_t client_id; -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) - uint8_t crypt_timeout_enabled; - uint8_t WH_PAD[6]; -#else uint8_t WH_PAD[7]; -#endif } whCommClientConfig; /* Context structure for a client. Note the client context will track the @@ -202,34 +172,16 @@ typedef struct { uint64_t packet[WH_COMM_MTU_U64_COUNT]; void* transport_context; const whTransportClientCb* transport_cb; -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) - whCryptoClientTimeOutCb* crypt_timeout_cb; - WOLFHSM_TIMEVAL crypt_timeout; -#endif whCommSetConnectedCb connect_cb; whCommHeader* hdr; uint8_t* data; -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) - /* start_time stores the time returned by the GetCurrentTime() - * callback when the operation started. - * The actual unit depends on the GetCurrentTime() implementation. - */ - uint64_t crypt_start_time; - /* cached conversion of crypt_timeout */ - uint64_t crypt_timeout_ms; -#endif int initialized; uint16_t reqid; uint16_t seq; uint16_t size; uint8_t client_id; uint8_t server_id; -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) - uint8_t crypt_timeout_enabled; - uint8_t WH_PAD[11]; -#else uint8_t WH_PAD[4]; -#endif } whCommClient; @@ -261,15 +213,6 @@ uint8_t* wh_CommClient_GetDataPtr(whCommClient* context); * unfinished requests can be ignored. */ int wh_CommClient_Cleanup(whCommClient* context); - -#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) -/* Set Crypt Timeout */ -int wh_CommClient_InitCryptTimeout(whCommClient* context); -/* Check Crypt Timeout */ -int wh_CommClient_CheckTimeout(whCommClient* context); - -#endif /* WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT */ - /** CommServer component types */ /* Server transport interface */ diff --git a/wolfhsm/wh_error.h b/wolfhsm/wh_error.h index 176b3bfa..42a12ee1 100644 --- a/wolfhsm/wh_error.h +++ b/wolfhsm/wh_error.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2024 wolfSSL Inc. + * Copyright (C) 2025 wolfSSL Inc. * * This file is part of wolfHSM. * @@ -45,7 +45,7 @@ enum WH_ERROR_ENUM { compile-time configuration */ WH_ERROR_USAGE = -2009, /* Operation not permitted based on object/key usage flags */ - WH_ERROR_CRYPTIMEOUT = -2010, /* Cryptographic operation timed out */ + WH_ERROR_TIMEOUT = -2010, /* operation timed out */ /* NVM and keystore specific status returns */ WH_ERROR_LOCKED = -2100, /* Unlock and retry if necessary */ diff --git a/wolfhsm/wh_settings.h b/wolfhsm/wh_settings.h index f02dda5f..3087aa54 100644 --- a/wolfhsm/wh_settings.h +++ b/wolfhsm/wh_settings.h @@ -527,4 +527,12 @@ #endif /* WOLFHSM_CFG_DMA */ +/* CLIENT TIMEOUT CONFIGURATION */ +#ifdef WOLFHSM_CFG_CLIENT_TIMEOUT + #if !defined(WH_BASE_TIMEOUT_UNIT) + /* Default time unit is milliseconds */ + #define WH_BASE_TIMEOUT_UNIT 1000ULL +#endif +#endif /* !WOLFHSM_CFG_CLIENT_TIMEOUT */ + #endif /* !WOLFHSM_WH_SETTINGS_H_ */ From fa97ca8a42274e26f73f2354a26a40e3ffb81343 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 14 Nov 2025 18:58:20 +0900 Subject: [PATCH 3/5] Addressed code review --- src/wh_client.c | 14 +- src/wh_client_crypto.c | 94 ++++------- test/wh_test_crypto.c | 358 +++++++++++++++++++++++++++-------------- wolfhsm/wh_client.h | 14 +- wolfhsm/wh_comm.h | 2 - 5 files changed, 283 insertions(+), 199 deletions(-) diff --git a/src/wh_client.c b/src/wh_client.c index 4734a642..bcf7d784 100644 --- a/src/wh_client.c +++ b/src/wh_client.c @@ -1527,10 +1527,10 @@ static uint64_t wh_timeval_to_64(const wh_timeval* tv) { if (tv == NULL) return 0; return (uint64_t)tv->tv_sec * WH_BASE_TIMEOUT_UNIT - + (uint64_t)((tv->tv_usec) / WH_BASE_TIMEOUT_UNIT); + + (uint64_t)((tv->tv_usec * WH_BASE_TIMEOUT_UNIT) / 1000000ULL); } -/* Set Time Out if needed */ -int wh_Client_InitCryptTimeout(whClientContext* c) +/* Start Timeout */ +int wh_Client_TimeoutStart(whClientContext* c) { if (c == NULL) { return WH_ERROR_BADARGS; @@ -1549,8 +1549,8 @@ int wh_Client_InitCryptTimeout(whClientContext* c) return WH_ERROR_OK; } -/* Check Crypto Timeout */ -int wh_Client_CheckTimeout(whClientContext* c) +/* Check Timeout */ +int wh_Client_TimeoutCheck(whClientContext* c) { uint64_t current_ = 0; uint64_t elapsed_ = 0; @@ -1589,7 +1589,7 @@ int wh_Client_CheckTimeout(whClientContext* c) return WH_ERROR_OK; } -int wh_Client_timeoutRegisterCb(whClientContext* client, +int wh_Client_TimeoutRegisterCb(whClientContext* client, whClientTimeOutCb* cb) { /* No NULL check for cb, since it is optional and always NULL checked before @@ -1604,7 +1604,7 @@ int wh_Client_timeoutRegisterCb(whClientContext* client, return WH_ERROR_OK; } -int wh_Client_timeoutEnable(whClientContext* client, +int wh_Client_TimeoutSet(whClientContext* client, wh_timeval* timeout_val) { if (NULL == client) { diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 1d918720..a5278f0a 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -181,17 +181,26 @@ static int _getCryptoResponse(uint8_t* respBuf, uint16_t type, return header->rc; } -static int _wait_response_with_crypttimeout(whClientContext *ctx, - uint16_t *out_group, uint16_t *out_action, - uint16_t *out_size, void* data) +static int _SendRecieveWithTimeout(whClientContext *ctx, + uint16_t *group, uint16_t *action, uint16_t req_len, + uint16_t *res_len, void* data) { + int ret = WH_ERROR_OK; + + ret = wh_Client_SendRequest(ctx, *group, *action, req_len, data); +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) + if (ret == WH_ERROR_OK) { + ret = wh_Client_TimeoutStart(ctx); + } +#endif + do { - ret = wh_Client_RecvResponse(ctx, out_group, out_action, out_size, data); + ret = wh_Client_RecvResponse(ctx, group, action, res_len, data); #if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) if (ret == WH_ERROR_NOTREADY) { /* Check for crypto timeout */ - int chk = wh_Client_CheckTimeout(ctx); + int chk = wh_Client_TimeoutCheck(ctx); if (chk == WH_ERROR_TIMEOUT) { return WH_ERROR_TIMEOUT; } else if (chk < 0 && chk != WH_ERROR_OK) { @@ -251,17 +260,11 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size) (unsigned int)size); WH_DEBUG_CLIENT_VERBOSE("RNG: req:%p\n", req); - /* Send request and get response */ - ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) - if (ret == WH_ERROR_OK) { - ret = wh_Client_InitCryptTimeout(ctx); - } -#endif + /* Send request and get response with Timeout */ if (ret == 0) { do { - ret = _wait_response_with_crypttimeout(ctx, &group, &action, &res_len, - dataPtr); + ret = _SendRecieveWithTimeout(ctx, &group, &action, + req_len, &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); } if (ret == WH_ERROR_OK) { @@ -435,20 +438,15 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] tmp: \n", req_tmp, AES_BLOCK_SIZE); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); - ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) - if (ret == WH_ERROR_OK) { - ret = wh_Client_InitCryptTimeout(ctx); - } -#endif - /* read response */ + + /* Send and get response with Timeout */ if (ret == WH_ERROR_OK) { /* Response packet */ uint16_t res_len = 0; do { ret = - _wait_response_with_crypttimeout(ctx, &group, &action, - &res_len, dataPtr); + _SendRecieveWithTimeout(ctx, &group, &action, + req_len, &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -554,20 +552,15 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] key: \n", req_key, key_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); - ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_ENABLE_CWOLFHSM_CFG_CLIENT_TIMEOUTLIENT_TIMEOUT) - if (ret == WH_ERROR_OK) { - ret = wh_Client_InitCryptTimeout(ctx); - } -#endif - /* read response */ + + /* Send and get response with Timeout */ if (ret == WH_ERROR_OK) { /* Response packet */ uint16_t res_len = 0; do { ret = - _wait_response_with_crypttimeout(ctx, &group, &action, - &res_len, dataPtr); + _SendRecieveWithTimeout(ctx, &group, &action, + req_len, &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -670,20 +663,14 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] key: \n", req_key, key_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); - ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) - if (ret == WH_ERROR_OK) { - ret = wh_Client_InitCryptTimeout(ctx); - } -#endif - /* read response */ + /* Send and get response with Timeout */ if (ret == WH_ERROR_OK) { /* Response packet */ uint16_t res_len = 0; do { ret = - _wait_response_with_crypttimeout(ctx, &group, &action, - &res_len, dataPtr); + _SendRecieveWithTimeout(ctx, &group, &action, + req_len, &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -799,19 +786,13 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, WH_DEBUG_VERBOSE_HEXDUMP("[client] AESGCM req packet: \n", dataPtr, req_len); - /* Send request and receive response */ - ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) - if (ret == WH_ERROR_OK) { - ret = wh_Client_InitCryptTimeout(ctx); - } -#endif + /* Send and get response with Timeout */ if (ret == 0) { uint16_t res_len = 0; do { ret = - _wait_response_with_crypttimeout(ctx, &group, &action, - &res_len, dataPtr); + _SendRecieveWithTimeout(ctx, &group, &action, + req_len, &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -1004,20 +985,13 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc, /* Send request and receive response */ reqLen = sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req); WH_DEBUG_VERBOSE_HEXDUMP("[client] AESGCM DMA req packet: \n", dataPtr, reqLen); - if (ret == WH_ERROR_OK) { - ret = wh_Client_SendRequest(ctx, group, action, reqLen, dataPtr); - } -#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) - if (ret == WH_ERROR_OK) { - ret = wh_Client_InitCryptTimeout(ctx); - } -#endif + /* Send and get response with Timeout */ if (ret == 0) { uint16_t resLen = 0; do { ret = - _wait_response_with_crypttimeout(ctx, &group, &action, - &resLen, dataPtr); + _SendRecieveWithTimeout(ctx, &group, &action, + reqLen, &resLen, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c index 43dbe5b4..3068b717 100644 --- a/test/wh_test_crypto.c +++ b/test/wh_test_crypto.c @@ -158,6 +158,38 @@ static int whTest_ShowNvmAvailable(whClientContext* ctx) #ifdef WOLFHSM_CFG_ENABLE_CLIENT +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) +static int whTest_CryptoRngTimeout(whClientContext* ctx, int devId) +{ + byte block[32]; + int ret; + WC_RNG rng; + + ret = wc_InitRng_ex(&rng, NULL, devId); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_InitRng_ex %d\n", ret); + } else { + pause_server(); + ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + printf("RNG DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + if (ret != WH_ERROR_OK) { + WH_ERROR_PRINT("Failed to re-init comms %d\n", ret); + } + } else { + WH_ERROR_PRINT("Failed to timeout wc_InitRng_ex %d\n", ret); + } + } + ret = wc_FreeRng(&rng); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_FreeRng %d\n", ret); + } + return ret; +} +#endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ + static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng) { (void)ctx; /* Unused */ @@ -178,35 +210,8 @@ static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - /* delay the server so scheduling doesn't interfere with the - * timing */ - if (ctx->timeout.timeout_enabled == 1) { - pause_server(); - } -#endif ret = wc_RNG_GenerateBlock(rng, med, sizeof(med)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - resume_server(); - } -#endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1 && - ret == WH_ERROR_TIMEOUT) { - printf("RNG DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); - ret = wc_FreeRng(rng); - if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_FreeRng %d\n", ret); - } - ret = wh_Client_CommInit(ctx, NULL, NULL); - if (ret != WH_ERROR_OK) { - WH_ERROR_PRINT("Failed to re-init comms %d\n", ret); - } - return ret; - } else -#endif WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); } else { ret = wc_RNG_GenerateBlock(rng, big, sizeof(big)); @@ -2864,10 +2869,205 @@ static int whTest_NonExportableKeystore(whClientContext* ctx, int devId, } #ifndef NO_AES -static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) -{ #define WH_TEST_AES_KEYSIZE 16 #define WH_TEST_AES_TEXTSIZE 16 +#define WH_TEST_AES_AUTHSIZE 16 +#define WH_TEST_AES_TAGSIZE 16 +#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) +static int whTestCryptoTimeout_Aes(whClientContext* ctx, int devId) +{ + int ret; + Aes aes[1]; + uint8_t iv[AES_BLOCK_SIZE] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, + 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, + 0x0C, 0x0D, 0x0E, 0x0F}; + uint8_t key[WH_TEST_AES_KEYSIZE] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, + 0x77, 0x88, 0x99, 0x00, 0xAA, 0xBB, + 0xCC, 0xDD, 0xEE, 0xFF}; + + uint8_t plainIn[WH_TEST_AES_TEXTSIZE] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, + 0xCC, 0xDD, 0xEE, 0xFF}; + uint8_t cipher[WH_TEST_AES_TEXTSIZE] = { 0 }; + uint8_t plainOut[WH_TEST_AES_TEXTSIZE] = { 0 }; +#ifdef HAVE_AESGCM + uint8_t authTag[WH_TEST_AES_TAGSIZE] = { 0 }; + uint8_t authIn[WH_TEST_AES_TAGSIZE] = { 0 }; +#endif /* HAVE_AESGCM */ + +#ifdef WOLFSSL_AES_COUNTER +#ifdef WOLFHSM_CFG_DMA + if (devId != WH_DEV_ID_DMA) { +#endif + ret = wc_AesInit(aes, NULL, devId); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret); + } + if (ret == 0) { + ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret); + } else { + pause_server(); + ret = wc_AesCtrEncrypt(aes, cipher, plainIn, sizeof(plainIn)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + printf("AES CTR DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } else { + WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); + } + } + (void)wc_AesFree(aes); + } +#ifdef WOLFHSM_CFG_DMA + } +#endif /* WOLFHSM_CFG_DMA */ +#endif /* WOLFSSL_AES_COUNTER */ + +#ifdef HAVE_AES_ECB + if (ret == 0 +#ifdef WOLFHSM_CFG_DMA + && devId != WH_DEV_ID_DMA +#endif + ) { + /* test aes ECB with client side key */ + ret = wc_AesInit(aes, NULL, devId); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret); + } + else { + ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); + } + else { + pause_server(); + ret = wc_AesEcbEncrypt(aes, cipher, plainIn, sizeof(plainIn)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + ret = wh_Client_CommInit(ctx, NULL, NULL); + } else { + WH_ERROR_PRINT("Failed to wc_AesEcbEncrypt %d\n", ret); + } + } + if (ret == 0) { + ret = wc_AesSetKey(aes, key, sizeof(key), iv, + AES_DECRYPTION); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); + } else { + pause_server(); + ret = wc_AesEcbDecrypt(aes, plainOut, cipher, + sizeof(cipher)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + printf("AES ECB DEVID=0x%X TIMEOUT TEST SUCCESS\n", + devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } else { + WH_ERROR_PRINT("Failed to wc_AesEcbDecrypt %d\n", + ret); + } + } + } + (void)wc_AesFree(aes); + } + } +#endif /* HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC + if (ret == 0 +#ifdef WOLFHSM_CFG_DMA + && devId != WH_DEV_ID_DMA +#endif + ) { +/* test aes CBC with client side key */ + ret = wc_AesInit(aes, NULL, devId); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret); + } else { + ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); + } else { + pause_server(); + ret = wc_AesCbcEncrypt(aes, cipher, plainIn, + sizeof(plainIn)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + ret = wh_Client_CommInit(ctx, NULL, NULL); + } else { + WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret); + } + } + if (ret == 0) { + ret = wc_AesSetKey(aes, key, sizeof(key), iv, + AES_DECRYPTION); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); + } else { + pause_server(); + ret = wc_AesCbcDecrypt(aes, plainOut, cipher, + sizeof(cipher)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + printf("AES CBC DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } else { + WH_ERROR_PRINT("Failed to wc_AesCbcDecrypt %d\n", ret); + } + } + } + (void)wc_AesFree(aes); + } + } +#endif /* HAVE_AES_CBC */ +#ifdef HAVE_AESGCM + if (ret == 0) { + /* test aes GCM with client side key */ + ret = wc_AesInit(aes, NULL, devId); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret); + } else { + ret = wc_AesGcmSetKey(aes, key, sizeof(key)); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesGcmSetKey %d\n", ret); + } else { + pause_server(); + ret = wc_AesGcmEncrypt(aes, cipher, plainIn, + sizeof(plainIn), iv, sizeof(iv), authTag, + sizeof(authTag), authIn, sizeof(authIn)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + ret = wh_Client_CommInit(ctx, NULL, NULL); + } else { + WH_ERROR_PRINT("Failed to wc_AesGcmEncrypt %d\n", ret); + } + } + if (ret == 0) { + pause_server(); + ret = wc_AesGcmDecrypt(aes, plainOut, cipher, + sizeof(cipher), iv, sizeof(iv), authTag, + sizeof(authTag), authIn, sizeof(authIn)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + printf("AES GCM DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } else { + WH_ERROR_PRINT("Failed to wc_AesGcmDecrypt %d\n", ret); + } + } + (void)wc_AesFree(aes); + } + } +#endif /* HAVE_AESGCM */ + + return ret; +} +#endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ + +static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) +{ int ret = 0; Aes aes[1]; uint8_t iv[AES_BLOCK_SIZE]; @@ -2907,21 +3107,8 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - pause_server(); - } -#endif ret = wc_AesCtrEncrypt(aes, cipher, plainIn, sizeof(plainIn)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - resume_server(); - } -#endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled != 1) -#endif WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); } else { @@ -3019,15 +3206,6 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES CTR DEVID=0x%X SUCCESS\n", devId); } } -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - else { - if (ctx->timeout.timeout_enabled == 1 && - ret == WH_ERROR_TIMEOUT) { - printf("AES CTR DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); - ret = wh_Client_CommInit(ctx, NULL, NULL); - } - } -#endif #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_ECB @@ -3043,21 +3221,8 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - pause_server(); - } -#endif ret = wc_AesEcbEncrypt(aes, cipher, plainIn, sizeof(plainIn)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - resume_server(); - } -#endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled != 1) -#endif WH_ERROR_PRINT("Failed to wc_AesEcbEncrypt %d\n", ret); } else { @@ -3154,15 +3319,6 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES ECB DEVID=0x%X SUCCESS\n", devId); } } -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - else { - if (ctx->timeout.timeout_enabled == 1 && - ret == WH_ERROR_TIMEOUT) { - printf("AES ECB DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); - ret = wh_Client_CommInit(ctx, NULL, NULL); - } - } -#endif #endif /* HAVE_AES_ECB */ #ifdef HAVE_AES_CBC @@ -3180,22 +3336,9 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - pause_server(); - } -#endif ret = wc_AesCbcEncrypt(aes, cipher, plainIn, sizeof(plainIn)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - resume_server(); - } -#endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled != 1) -#endif WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret); } else { ret = wc_AesSetKey(aes, key, sizeof(key), iv, @@ -3286,20 +3429,9 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES CBC DEVID=0x%X SUCCESS\n", devId); } } -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - else { - if (ctx->timeout.timeout_enabled == 1 && - ret == WH_ERROR_TIMEOUT) { - printf("AES CBC DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); - ret = wh_Client_CommInit(ctx, NULL, NULL); - } - } -#endif #endif /* HAVE_AES_CBC */ #ifdef HAVE_AESGCM -#define WH_TEST_AES_AUTHSIZE 16 -#define WH_TEST_AES_TAGSIZE 16 uint8_t authIn[WH_TEST_AES_AUTHSIZE]; uint8_t authTag[WH_TEST_AES_TAGSIZE] = { 0 }; @@ -3321,23 +3453,10 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesGcmSetKey %d\n", ret); } else { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - pause_server(); - } -#endif ret = wc_AesGcmEncrypt(aes, cipher, plainIn, sizeof(plainIn), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled == 1) { - resume_server(); - } -#endif if (ret != 0) { -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - if (ctx->timeout.timeout_enabled != 1) -#endif WH_ERROR_PRINT("Failed to wc_AesGcmEncrypt %d\n", ret); } else { ret = wc_AesGcmDecrypt(aes, plainOut, cipher, @@ -3411,15 +3530,6 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) WH_TEST_PRINT("AES GCM DEVID=0x%X SUCCESS\n", devId); } } -#if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) - else { - if (ctx->timeout.timeout_enabled == 1 && - ret == WH_ERROR_TIMEOUT) { - printf("AES GCM DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); - ret = wh_Client_CommInit(ctx, NULL, NULL); - } - } -#endif #endif /* HAVE_AES_GCM */ return ret; } @@ -4958,7 +5068,7 @@ static int EnableTimeout(whClientContext* client, wh_timeval* timeout_val) int ret = 0; /* configure timeout */ - ret = wh_Client_timeoutEnable(client, timeout_val); + ret = wh_Client_TimeoutSet(client, timeout_val); if (ret != 0) { WH_ERROR_PRINT("Failed to enable timeout:%d\n", ret); } @@ -4970,7 +5080,7 @@ static int DisableTimeout(whClientContext* client) int ret = 0; /* disable timeout */ - ret = wh_Client_timeoutEnable(client, NULL); + ret = wh_Client_TimeoutSet(client, NULL); if (ret != 0) { WH_ERROR_PRINT("Failed to disable timeout:%d\n", ret); } @@ -5004,7 +5114,7 @@ int whTest_CryptoClientConfig(whClientConfig* config) } #if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) /* configure timeout */ - ret = wh_Client_timeoutRegisterCb(client, timeOutCb); + ret = wh_Client_TimeoutRegisterCb(client, timeOutCb); if (ret != 0) { WH_ERROR_PRINT("Failed to register timeout cb:%d\n", ret); } @@ -5033,7 +5143,7 @@ int whTest_CryptoClientConfig(whClientConfig* config) } if (ret == 0) { /* expect to have TIMEOUT */ - ret = whTest_CryptoRng(client, WH_DEV_ID, rng); + ret = whTest_CryptoRngTimeout(client, WH_DEV_ID); } DisableTimeout(client); #endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ @@ -5088,7 +5198,7 @@ int whTest_CryptoClientConfig(whClientConfig* config) } i = 0; while ((ret == WH_ERROR_OK) && (i < WH_NUM_DEVIDS)) { - ret = whTestCrypto_Aes(client, WH_DEV_IDS_ARRAY[i], rng); + ret = whTestCryptoTimeout_Aes(client, WH_DEV_IDS_ARRAY[i]); if (ret == WH_ERROR_OK) { i++; } diff --git a/wolfhsm/wh_client.h b/wolfhsm/wh_client.h index 68bd6684..45d3b8c8 100644 --- a/wolfhsm/wh_client.h +++ b/wolfhsm/wh_client.h @@ -118,6 +118,7 @@ typedef struct { uint64_t tv_sec; /* Seconds. */ uint64_t tv_usec; /* Microseconds. */ } wh_timeval; + typedef struct { /* Get current time callback. * This callback is mandatory when using the timeout feature. @@ -148,6 +149,7 @@ typedef struct { */ int (*CheckTimeout)(uint64_t* start_time, uint64_t timeout_val); } whClientTimeOutCb; + typedef struct { whClientTimeOutCb cb; wh_timeval timeout_val; @@ -2700,15 +2702,15 @@ int wh_Client_CertVerifyAcertDma(whClientContext* c, const void* cert, WH_MAKE_KEYID(WH_KEYTYPE_WRAPPED, (_clientId), (_id)) #if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) -/* Init Client Timeout */ -int wh_Client_InitCryptTimeout(whClientContext* context); +/* Start Client Timeout */ +int wh_Client_TimeoutStart(whClientContext* context); /* Check Client Timeout */ -int wh_Client_CheckTimeout(whClientContext* context); +int wh_Client_TimeoutCheck(whClientContext* context); /* Register Client Timeout Callback */ -int wh_Client_timeoutRegisterCb(whClientContext* client, +int wh_Client_TimeoutRegisterCb(whClientContext* client, whClientTimeOutCb* cb); -/* Enable Client Timeout */ -int wh_Client_timeoutEnable(whClientContext* client, +/* Set Client Timeout */ +int wh_Client_TimeoutSet(whClientContext* client, wh_timeval* timeout_val); #endif /* WOLFHSM_CFG_CLIENT_TIMEOUT */ diff --git a/wolfhsm/wh_comm.h b/wolfhsm/wh_comm.h index 826e5221..f68cd2cf 100644 --- a/wolfhsm/wh_comm.h +++ b/wolfhsm/wh_comm.h @@ -153,8 +153,6 @@ typedef struct { int (*Cleanup)(void* context); } whTransportClientCb; - - typedef struct { const whTransportClientCb* transport_cb; void* transport_context; From 8aa32356a3ddfdf6940dd1be52f7c1be23dcf78c Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 14 Nov 2025 19:37:26 +0900 Subject: [PATCH 4/5] apply clang-format --- src/wh_client.c | 28 +++--- src/wh_client_crypto.c | 38 ++++--- test/config/wolfhsm_cfg.h | 3 +- test/wh_test_common.c | 3 +- test/wh_test_common.h | 8 +- test/wh_test_crypto.c | 183 ++++++++++++++++++---------------- test/wh_test_wolfcrypt_test.c | 10 +- wolfhsm/wh_client.h | 22 ++-- wolfhsm/wh_error.h | 2 +- wolfhsm/wh_settings.h | 6 +- 10 files changed, 153 insertions(+), 150 deletions(-) diff --git a/src/wh_client.c b/src/wh_client.c index bcf7d784..7e5151c4 100644 --- a/src/wh_client.c +++ b/src/wh_client.c @@ -82,9 +82,9 @@ int wh_Client_Init(whClientContext* c, const whClientConfig* config) #endif #if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) if (NULL != config->timeoutConfig) { - c->timeout.timeout_val = config->timeoutConfig->timeout_val; + c->timeout.timeout_val = config->timeoutConfig->timeout_val; c->timeout.timeout_enabled = config->timeoutConfig->timeout_enabled; - c->timeout.start_time = 0; + c->timeout.start_time = 0; } #endif rc = wh_CommClient_Init(c->comm, config->comm); @@ -1525,9 +1525,10 @@ int wh_Client_KeyExportDma(whClientContext* c, uint16_t keyId, #if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) static uint64_t wh_timeval_to_64(const wh_timeval* tv) { - if (tv == NULL) return 0; - return (uint64_t)tv->tv_sec * WH_BASE_TIMEOUT_UNIT - + (uint64_t)((tv->tv_usec * WH_BASE_TIMEOUT_UNIT) / 1000000ULL); + if (tv == NULL) + return 0; + return (uint64_t)tv->tv_sec * WH_BASE_TIMEOUT_UNIT + + (uint64_t)((tv->tv_usec * WH_BASE_TIMEOUT_UNIT) / 1000000ULL); } /* Start Timeout */ int wh_Client_TimeoutStart(whClientContext* c) @@ -1575,8 +1576,7 @@ int wh_Client_TimeoutCheck(whClientContext* c) /* check timeout by user cb if defined */ if (c->timeout.cb.CheckTimeout != NULL) { - return c->timeout.cb.CheckTimeout( - &c->timeout.start_time, timeout_); + return c->timeout.cb.CheckTimeout(&c->timeout.start_time, timeout_); } /* Otherwise compute elapsed using user-provided GetCurrentTime */ @@ -1589,8 +1589,7 @@ int wh_Client_TimeoutCheck(whClientContext* c) return WH_ERROR_OK; } -int wh_Client_TimeoutRegisterCb(whClientContext* client, - whClientTimeOutCb* cb) +int wh_Client_TimeoutRegisterCb(whClientContext* client, whClientTimeOutCb* cb) { /* No NULL check for cb, since it is optional and always NULL checked before * it is called */ @@ -1599,13 +1598,12 @@ int wh_Client_TimeoutRegisterCb(whClientContext* client, } client->timeout.cb.GetCurrentTime = cb->GetCurrentTime; - client->timeout.cb.CheckTimeout = cb->CheckTimeout; + client->timeout.cb.CheckTimeout = cb->CheckTimeout; return WH_ERROR_OK; } -int wh_Client_TimeoutSet(whClientContext* client, - wh_timeval* timeout_val) +int wh_Client_TimeoutSet(whClientContext* client, wh_timeval* timeout_val) { if (NULL == client) { return WH_ERROR_BADARGS; @@ -1613,9 +1611,9 @@ int wh_Client_TimeoutSet(whClientContext* client, if (timeout_val != NULL) { client->timeout.timeout_enabled = 1; - memcpy(&client->timeout.timeout_val, timeout_val, - sizeof(wh_timeval)); - } else { + memcpy(&client->timeout.timeout_val, timeout_val, sizeof(wh_timeval)); + } + else { client->timeout.timeout_enabled = 0; memset(&client->timeout.timeout_val, 0, sizeof(wh_timeval)); } diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index a5278f0a..14e22fd3 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -181,9 +181,9 @@ static int _getCryptoResponse(uint8_t* respBuf, uint16_t type, return header->rc; } -static int _SendRecieveWithTimeout(whClientContext *ctx, - uint16_t *group, uint16_t *action, uint16_t req_len, - uint16_t *res_len, void* data) +static int _SendRecieveWithTimeout(whClientContext* ctx, uint16_t* group, + uint16_t* action, uint16_t req_len, + uint16_t* res_len, void* data) { int ret = WH_ERROR_OK; @@ -203,7 +203,8 @@ static int _SendRecieveWithTimeout(whClientContext *ctx, int chk = wh_Client_TimeoutCheck(ctx); if (chk == WH_ERROR_TIMEOUT) { return WH_ERROR_TIMEOUT; - } else if (chk < 0 && chk != WH_ERROR_OK) { + } + else if (chk < 0 && chk != WH_ERROR_OK) { return chk; } } @@ -263,8 +264,8 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size) /* Send request and get response with Timeout */ if (ret == 0) { do { - ret = _SendRecieveWithTimeout(ctx, &group, &action, - req_len, &res_len, dataPtr); + ret = _SendRecieveWithTimeout(ctx, &group, &action, req_len, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); } if (ret == WH_ERROR_OK) { @@ -444,9 +445,8 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, /* Response packet */ uint16_t res_len = 0; do { - ret = - _SendRecieveWithTimeout(ctx, &group, &action, - req_len, &res_len, dataPtr); + ret = _SendRecieveWithTimeout(ctx, &group, &action, req_len, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -558,9 +558,8 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, /* Response packet */ uint16_t res_len = 0; do { - ret = - _SendRecieveWithTimeout(ctx, &group, &action, - req_len, &res_len, dataPtr); + ret = _SendRecieveWithTimeout(ctx, &group, &action, req_len, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -668,9 +667,8 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, /* Response packet */ uint16_t res_len = 0; do { - ret = - _SendRecieveWithTimeout(ctx, &group, &action, - req_len, &res_len, dataPtr); + ret = _SendRecieveWithTimeout(ctx, &group, &action, req_len, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -790,9 +788,8 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, if (ret == 0) { uint16_t res_len = 0; do { - ret = - _SendRecieveWithTimeout(ctx, &group, &action, - req_len, &res_len, dataPtr); + ret = _SendRecieveWithTimeout(ctx, &group, &action, req_len, + &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { @@ -989,9 +986,8 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc, if (ret == 0) { uint16_t resLen = 0; do { - ret = - _SendRecieveWithTimeout(ctx, &group, &action, - reqLen, &resLen, dataPtr); + ret = _SendRecieveWithTimeout(ctx, &group, &action, reqLen, &resLen, + dataPtr); } while (ret == WH_ERROR_NOTREADY); if (ret == WH_ERROR_OK) { diff --git a/test/config/wolfhsm_cfg.h b/test/config/wolfhsm_cfg.h index 3cec89e9..db09fa1a 100644 --- a/test/config/wolfhsm_cfg.h +++ b/test/config/wolfhsm_cfg.h @@ -69,8 +69,7 @@ #define WOLFHSM_CFG_SERVER_NVM_FLASH_LOG /* Enable client crypto timeout feature for testing */ -#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) && \ - defined(WOLFHSM_CFG_TEST_POSIX) +#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) && defined(WOLFHSM_CFG_TEST_POSIX) #define WOLFHSM_CFG_CLIENT_TIMEOUT_USEC (500000) /* 500ms */ #define WOLFHSM_CFG_TEST_CLIENT_TIMEOUT #endif /* WOLFHSM_CFG_TEST_CLIENT_TIMEOUT */ diff --git a/test/wh_test_common.c b/test/wh_test_common.c index f5b387f7..4e618d54 100644 --- a/test/wh_test_common.c +++ b/test/wh_test_common.c @@ -107,8 +107,7 @@ uint64_t whTest_GetCurrentTime(int reset) return 0; /* Convert to milliseconds number. */ - return (uint64_t)ts.tv_sec * 1000ULL + - (uint64_t)ts.tv_nsec / 1000000ULL; + return (uint64_t)ts.tv_sec * 1000ULL + (uint64_t)ts.tv_nsec / 1000000ULL; #else struct timeval tv; if (gettimeofday(&tv, 0) < 0) diff --git a/test/wh_test_common.h b/test/wh_test_common.h index f549a431..53b04026 100644 --- a/test/wh_test_common.h +++ b/test/wh_test_common.h @@ -147,10 +147,10 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type, uint64_t whTest_GetCurrentTime(int reset); int whTest_CheckTimeout(uint64_t* start_time, uint64_t timeout_val); -#define WH_CLIENT_TIMEOUT_CB \ - { \ - .GetCurrentTime = whTest_GetCurrentTime, \ - .CheckTimeout = whTest_CheckTimeout, \ +#define WH_CLIENT_TIMEOUT_CB \ + { \ + .GetCurrentTime = whTest_GetCurrentTime, \ + .CheckTimeout = whTest_CheckTimeout, \ } #endif /* WH_TEST_COMMON_H_ */ diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c index 3068b717..642b2c91 100644 --- a/test/wh_test_crypto.c +++ b/test/wh_test_crypto.c @@ -89,7 +89,7 @@ enum { #define PLAINTEXT "mytextisbigplain" #ifdef WOLFHSM_CFG_IS_TEST_SERVER -int server_pause = 0; +int server_pause = 0; #if defined(WOLFHSM_CFG_TEST_POSIX) pthread_mutex_t lock; @@ -161,24 +161,26 @@ static int whTest_ShowNvmAvailable(whClientContext* ctx) #if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) static int whTest_CryptoRngTimeout(whClientContext* ctx, int devId) { - byte block[32]; - int ret; + byte block[32]; + int ret; WC_RNG rng; ret = wc_InitRng_ex(&rng, NULL, devId); if (ret != 0) { WH_ERROR_PRINT("Failed to wc_InitRng_ex %d\n", ret); - } else { + } + else { pause_server(); ret = wc_RNG_GenerateBlock(&rng, block, sizeof(block)); resume_server(); if (ret == WH_ERROR_TIMEOUT) { - printf("RNG DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + printf("RNG DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); ret = wh_Client_CommInit(ctx, NULL, NULL); - if (ret != WH_ERROR_OK) { - WH_ERROR_PRINT("Failed to re-init comms %d\n", ret); + if (ret != WH_ERROR_OK) { + WH_ERROR_PRINT("Failed to re-init comms %d\n", ret); + } } - } else { + else { WH_ERROR_PRINT("Failed to timeout wc_InitRng_ex %d\n", ret); } } @@ -212,7 +214,7 @@ static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng) } else { ret = wc_RNG_GenerateBlock(rng, med, sizeof(med)); if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); + WH_ERROR_PRINT("Failed to wc_RNG_GenerateBlock %d\n", ret); } else { ret = wc_RNG_GenerateBlock(rng, big, sizeof(big)); if (ret != 0) { @@ -2876,50 +2878,52 @@ static int whTest_NonExportableKeystore(whClientContext* ctx, int devId, #if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) static int whTestCryptoTimeout_Aes(whClientContext* ctx, int devId) { - int ret; - Aes aes[1]; - uint8_t iv[AES_BLOCK_SIZE] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, - 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, - 0x0C, 0x0D, 0x0E, 0x0F}; + int ret; + Aes aes[1]; + uint8_t iv[AES_BLOCK_SIZE] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, + 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, + 0x0C, 0x0D, 0x0E, 0x0F}; uint8_t key[WH_TEST_AES_KEYSIZE] = {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}; uint8_t plainIn[WH_TEST_AES_TEXTSIZE] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, - 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, - 0xCC, 0xDD, 0xEE, 0xFF}; - uint8_t cipher[WH_TEST_AES_TEXTSIZE] = { 0 }; - uint8_t plainOut[WH_TEST_AES_TEXTSIZE] = { 0 }; + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, + 0xCC, 0xDD, 0xEE, 0xFF}; + uint8_t cipher[WH_TEST_AES_TEXTSIZE] = {0}; + uint8_t plainOut[WH_TEST_AES_TEXTSIZE] = {0}; #ifdef HAVE_AESGCM - uint8_t authTag[WH_TEST_AES_TAGSIZE] = { 0 }; - uint8_t authIn[WH_TEST_AES_TAGSIZE] = { 0 }; + uint8_t authTag[WH_TEST_AES_TAGSIZE] = {0}; + uint8_t authIn[WH_TEST_AES_TAGSIZE] = {0}; #endif /* HAVE_AESGCM */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFHSM_CFG_DMA if (devId != WH_DEV_ID_DMA) { #endif - ret = wc_AesInit(aes, NULL, devId); - if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret); - } - if (ret == 0) { - ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, AES_ENCRYPTION); + ret = wc_AesInit(aes, NULL, devId); if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret); - } else { - pause_server(); - ret = wc_AesCtrEncrypt(aes, cipher, plainIn, sizeof(plainIn)); - resume_server(); - if (ret == WH_ERROR_TIMEOUT) { - printf("AES CTR DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); - ret = wh_Client_CommInit(ctx, NULL, NULL); - } else { - WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); + WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret); + } + if (ret == 0) { + ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) { + WH_ERROR_PRINT("Failed to wc_AesSetKeyDirect %d\n", ret); + } + else { + pause_server(); + ret = wc_AesCtrEncrypt(aes, cipher, plainIn, sizeof(plainIn)); + resume_server(); + if (ret == WH_ERROR_TIMEOUT) { + printf("AES CTR DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + ret = wh_Client_CommInit(ctx, NULL, NULL); + } + else { + WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); + } } + (void)wc_AesFree(aes); } - (void)wc_AesFree(aes); - } #ifdef WOLFHSM_CFG_DMA } #endif /* WOLFHSM_CFG_DMA */ @@ -2928,7 +2932,7 @@ static int whTestCryptoTimeout_Aes(whClientContext* ctx, int devId) #ifdef HAVE_AES_ECB if (ret == 0 #ifdef WOLFHSM_CFG_DMA - && devId != WH_DEV_ID_DMA + && devId != WH_DEV_ID_DMA #endif ) { /* test aes ECB with client side key */ @@ -2947,27 +2951,28 @@ static int whTestCryptoTimeout_Aes(whClientContext* ctx, int devId) resume_server(); if (ret == WH_ERROR_TIMEOUT) { ret = wh_Client_CommInit(ctx, NULL, NULL); - } else { + } + else { WH_ERROR_PRINT("Failed to wc_AesEcbEncrypt %d\n", ret); } } if (ret == 0) { - ret = wc_AesSetKey(aes, key, sizeof(key), iv, - AES_DECRYPTION); + ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_DECRYPTION); if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); - } else { + } + else { pause_server(); - ret = wc_AesEcbDecrypt(aes, plainOut, cipher, - sizeof(cipher)); + ret = + wc_AesEcbDecrypt(aes, plainOut, cipher, sizeof(cipher)); resume_server(); if (ret == WH_ERROR_TIMEOUT) { printf("AES ECB DEVID=0x%X TIMEOUT TEST SUCCESS\n", - devId); + devId); ret = wh_Client_CommInit(ctx, NULL, NULL); - } else { - WH_ERROR_PRINT("Failed to wc_AesEcbDecrypt %d\n", - ret); + } + else { + WH_ERROR_PRINT("Failed to wc_AesEcbDecrypt %d\n", ret); } } } @@ -2981,39 +2986,43 @@ static int whTestCryptoTimeout_Aes(whClientContext* ctx, int devId) && devId != WH_DEV_ID_DMA #endif ) { -/* test aes CBC with client side key */ + /* test aes CBC with client side key */ ret = wc_AesInit(aes, NULL, devId); if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret); - } else { + } + else { ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); - } else { + } + else { pause_server(); - ret = wc_AesCbcEncrypt(aes, cipher, plainIn, - sizeof(plainIn)); + ret = wc_AesCbcEncrypt(aes, cipher, plainIn, sizeof(plainIn)); resume_server(); if (ret == WH_ERROR_TIMEOUT) { ret = wh_Client_CommInit(ctx, NULL, NULL); - } else { + } + else { WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret); } } if (ret == 0) { - ret = wc_AesSetKey(aes, key, sizeof(key), iv, - AES_DECRYPTION); + ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_DECRYPTION); if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesSetKey %d\n", ret); - } else { + } + else { pause_server(); - ret = wc_AesCbcDecrypt(aes, plainOut, cipher, - sizeof(cipher)); + ret = + wc_AesCbcDecrypt(aes, plainOut, cipher, sizeof(cipher)); resume_server(); if (ret == WH_ERROR_TIMEOUT) { - printf("AES CBC DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); + printf("AES CBC DEVID=0x%X TIMEOUT TEST SUCCESS\n", + devId); ret = wh_Client_CommInit(ctx, NULL, NULL); - } else { + } + else { WH_ERROR_PRINT("Failed to wc_AesCbcDecrypt %d\n", ret); } } @@ -3028,32 +3037,36 @@ static int whTestCryptoTimeout_Aes(whClientContext* ctx, int devId) ret = wc_AesInit(aes, NULL, devId); if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesInit %d\n", ret); - } else { + } + else { ret = wc_AesGcmSetKey(aes, key, sizeof(key)); if (ret != 0) { WH_ERROR_PRINT("Failed to wc_AesGcmSetKey %d\n", ret); - } else { + } + else { pause_server(); - ret = wc_AesGcmEncrypt(aes, cipher, plainIn, - sizeof(plainIn), iv, sizeof(iv), authTag, - sizeof(authTag), authIn, sizeof(authIn)); + ret = wc_AesGcmEncrypt(aes, cipher, plainIn, sizeof(plainIn), + iv, sizeof(iv), authTag, sizeof(authTag), + authIn, sizeof(authIn)); resume_server(); if (ret == WH_ERROR_TIMEOUT) { ret = wh_Client_CommInit(ctx, NULL, NULL); - } else { + } + else { WH_ERROR_PRINT("Failed to wc_AesGcmEncrypt %d\n", ret); } } if (ret == 0) { pause_server(); - ret = wc_AesGcmDecrypt(aes, plainOut, cipher, - sizeof(cipher), iv, sizeof(iv), authTag, - sizeof(authTag), authIn, sizeof(authIn)); + ret = wc_AesGcmDecrypt(aes, plainOut, cipher, sizeof(cipher), + iv, sizeof(iv), authTag, sizeof(authTag), + authIn, sizeof(authIn)); resume_server(); if (ret == WH_ERROR_TIMEOUT) { printf("AES GCM DEVID=0x%X TIMEOUT TEST SUCCESS\n", devId); ret = wh_Client_CommInit(ctx, NULL, NULL); - } else { + } + else { WH_ERROR_PRINT("Failed to wc_AesGcmDecrypt %d\n", ret); } } @@ -3109,7 +3122,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) else { ret = wc_AesCtrEncrypt(aes, cipher, plainIn, sizeof(plainIn)); if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); + WH_ERROR_PRINT("Failed to wc_AesCtrEncrypt %d\n", ret); } else { ret = wc_AesSetKeyDirect(aes, key, sizeof(key), iv, @@ -3223,7 +3236,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) else { ret = wc_AesEcbEncrypt(aes, cipher, plainIn, sizeof(plainIn)); if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesEcbEncrypt %d\n", ret); + WH_ERROR_PRINT("Failed to wc_AesEcbEncrypt %d\n", ret); } else { ret = @@ -3339,7 +3352,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) ret = wc_AesCbcEncrypt(aes, cipher, plainIn, sizeof(plainIn)); if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret); + WH_ERROR_PRINT("Failed to wc_AesCbcEncrypt %d\n", ret); } else { ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_DECRYPTION); @@ -3457,7 +3470,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) sizeof(plainIn), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (ret != 0) { - WH_ERROR_PRINT("Failed to wc_AesGcmEncrypt %d\n", ret); + WH_ERROR_PRINT("Failed to wc_AesGcmEncrypt %d\n", ret); } else { ret = wc_AesGcmDecrypt(aes, plainOut, cipher, sizeof(plainIn), iv, sizeof(iv), authTag, @@ -5065,7 +5078,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) #if defined(WOLFHSM_CFG_TEST_CLIENT_TIMEOUT) static int EnableTimeout(whClientContext* client, wh_timeval* timeout_val) { - int ret = 0; + int ret = 0; /* configure timeout */ ret = wh_Client_TimeoutSet(client, timeout_val); @@ -5077,7 +5090,7 @@ static int EnableTimeout(whClientContext* client, wh_timeval* timeout_val) static int DisableTimeout(whClientContext* client) { - int ret = 0; + int ret = 0; /* disable timeout */ ret = wh_Client_TimeoutSet(client, NULL); @@ -5407,18 +5420,18 @@ int whTest_CryptoServerConfig(whServerConfig* config) while(am_connected == WH_COMM_CONNECTED) { #ifdef WOLFHSM_CFG_IS_TEST_SERVER - #ifdef WOLFHSM_CFG_TEST_POSIX +#ifdef WOLFHSM_CFG_TEST_POSIX pthread_mutex_lock(&lock); - #endif +#endif while (server_pause) { - #ifdef WOLFHSM_CFG_TEST_POSIX +#ifdef WOLFHSM_CFG_TEST_POSIX pthread_cond_wait(&cond, &lock); - #endif +#endif } server_pause = 0; - #ifdef WOLFHSM_CFG_TEST_POSIX +#ifdef WOLFHSM_CFG_TEST_POSIX pthread_mutex_unlock(&lock); - #endif +#endif #endif ret = wh_Server_HandleRequestMessage(server); if ((ret != WH_ERROR_NOTREADY) && @@ -5543,7 +5556,7 @@ static int wh_ClientServer_MemThreadTest(whTestNvmBackendType nvmType) .transport_cb = tccb, .transport_context = (void*)tmcc, .transport_config = (void*)tmcf, - .client_id = WH_TEST_DEFAULT_CLIENT_ID, + .client_id = WH_TEST_DEFAULT_CLIENT_ID, }}; #ifdef WOLFHSM_CFG_DMA diff --git a/test/wh_test_wolfcrypt_test.c b/test/wh_test_wolfcrypt_test.c index 03248608..fbe74d58 100644 --- a/test/wh_test_wolfcrypt_test.c +++ b/test/wh_test_wolfcrypt_test.c @@ -192,11 +192,11 @@ static int wh_ClientServer_MemThreadTest(void) /* Client configuration/contexts */ whTransportClientCb tccb[1] = {WH_TRANSPORT_MEM_CLIENT_CB}; whTransportMemClientContext tmcc[1] = {0}; - whCommClientConfig cc_conf[1] = {{ - .transport_cb = tccb, - .transport_context = (void*)tmcc, - .transport_config = (void*)tmcf, - .client_id = WH_TEST_DEFAULT_CLIENT_ID, + whCommClientConfig cc_conf[1] = {{ + .transport_cb = tccb, + .transport_context = (void*)tmcc, + .transport_config = (void*)tmcf, + .client_id = WH_TEST_DEFAULT_CLIENT_ID, }}; whClientConfig c_conf[1] = {{ .comm = cc_conf, diff --git a/wolfhsm/wh_client.h b/wolfhsm/wh_client.h index 45d3b8c8..0cacaf09 100644 --- a/wolfhsm/wh_client.h +++ b/wolfhsm/wh_client.h @@ -138,10 +138,10 @@ typedef struct { * GetCurrentTime() to return time in milliseconds as well. * * Parameters: - * start_time - Pointer to the start time value as returned by GetCurrentTime(). - * timeout_value - Timeout value conversion in defined time units. - * The default is in milliseconds, but it can be customized - * by WH_BASE_TIMEOUT_UNIT. + * start_time - Pointer to the start time value as returned by + * GetCurrentTime(). timeout_value - Timeout value conversion in defined + * time units. The default is in milliseconds, but it can be customized by + * WH_BASE_TIMEOUT_UNIT. * * Returns: * WH_ERROR_OK - Not timed out, @@ -152,20 +152,20 @@ typedef struct { typedef struct { whClientTimeOutCb cb; - wh_timeval timeout_val; + wh_timeval timeout_val; /* start_time stores the time returned by the GetCurrentTime() * callback when the operation started. * The actual unit depends on the GetCurrentTime() implementation. */ uint64_t start_time; - uint8_t timeout_enabled; + uint8_t timeout_enabled; uint8_t WH_PAD[7]; } whClientTimeOutContext; typedef struct { whClientTimeOutCb cb; - wh_timeval timeout_val; - uint8_t timeout_enabled; + wh_timeval timeout_val; + uint8_t timeout_enabled; } whClientTimeOutConfig; /* Client context */ @@ -2707,11 +2707,9 @@ int wh_Client_TimeoutStart(whClientContext* context); /* Check Client Timeout */ int wh_Client_TimeoutCheck(whClientContext* context); /* Register Client Timeout Callback */ -int wh_Client_TimeoutRegisterCb(whClientContext* client, - whClientTimeOutCb* cb); +int wh_Client_TimeoutRegisterCb(whClientContext* client, whClientTimeOutCb* cb); /* Set Client Timeout */ -int wh_Client_TimeoutSet(whClientContext* client, - wh_timeval* timeout_val); +int wh_Client_TimeoutSet(whClientContext* client, wh_timeval* timeout_val); #endif /* WOLFHSM_CFG_CLIENT_TIMEOUT */ #endif /* !WOLFHSM_WH_CLIENT_H_ */ diff --git a/wolfhsm/wh_error.h b/wolfhsm/wh_error.h index 42a12ee1..1df375da 100644 --- a/wolfhsm/wh_error.h +++ b/wolfhsm/wh_error.h @@ -45,7 +45,7 @@ enum WH_ERROR_ENUM { compile-time configuration */ WH_ERROR_USAGE = -2009, /* Operation not permitted based on object/key usage flags */ - WH_ERROR_TIMEOUT = -2010, /* operation timed out */ + WH_ERROR_TIMEOUT = -2010, /* operation timed out */ /* NVM and keystore specific status returns */ WH_ERROR_LOCKED = -2100, /* Unlock and retry if necessary */ diff --git a/wolfhsm/wh_settings.h b/wolfhsm/wh_settings.h index 3087aa54..710506a6 100644 --- a/wolfhsm/wh_settings.h +++ b/wolfhsm/wh_settings.h @@ -529,9 +529,9 @@ /* CLIENT TIMEOUT CONFIGURATION */ #ifdef WOLFHSM_CFG_CLIENT_TIMEOUT - #if !defined(WH_BASE_TIMEOUT_UNIT) - /* Default time unit is milliseconds */ - #define WH_BASE_TIMEOUT_UNIT 1000ULL +#if !defined(WH_BASE_TIMEOUT_UNIT) +/* Default time unit is milliseconds */ +#define WH_BASE_TIMEOUT_UNIT 1000ULL #endif #endif /* !WOLFHSM_CFG_CLIENT_TIMEOUT */ From 0002776f091b7a5669c8a866c025ce5fbe606795 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 14 Nov 2025 20:15:32 +0900 Subject: [PATCH 5/5] fix scan build failure --- src/wh_client_crypto.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 14e22fd3..fd42d802 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -194,22 +194,23 @@ static int _SendRecieveWithTimeout(whClientContext* ctx, uint16_t* group, ret = wh_Client_TimeoutStart(ctx); } #endif - - do { - ret = wh_Client_RecvResponse(ctx, group, action, res_len, data); -#if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) - if (ret == WH_ERROR_NOTREADY) { - /* Check for crypto timeout */ - int chk = wh_Client_TimeoutCheck(ctx); - if (chk == WH_ERROR_TIMEOUT) { - return WH_ERROR_TIMEOUT; - } - else if (chk < 0 && chk != WH_ERROR_OK) { - return chk; + if (ret == WH_ERROR_OK) { + do { + ret = wh_Client_RecvResponse(ctx, group, action, res_len, data); + #if defined(WOLFHSM_CFG_CLIENT_TIMEOUT) + if (ret == WH_ERROR_NOTREADY) { + /* Check for crypto timeout */ + int chk = wh_Client_TimeoutCheck(ctx); + if (chk == WH_ERROR_TIMEOUT) { + return WH_ERROR_TIMEOUT; + } + else if (chk < 0 && chk != WH_ERROR_OK) { + return chk; + } } - } -#endif - } while (ret == WH_ERROR_NOTREADY); + #endif + } while (ret == WH_ERROR_NOTREADY); + } return ret; }