Skip to content

Commit 3f08169

Browse files
bigbrettbigbrett
authored
Merge pull request #226 from AlexLanzano/datawrap
Implement generic data wrap/unwrap helper functions
2 parents ecf2edd + d0a9423 commit 3f08169

File tree

11 files changed

+958
-175
lines changed

11 files changed

+958
-175
lines changed

src/wh_client_keywrap.c

Lines changed: 251 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -17,17 +17,18 @@ int wh_Client_KeyWrapRequest(whClientContext* ctx,
1717
uint16_t serverKeyId, void* key, uint16_t keySz,
1818
whNvmMetadata* metadata)
1919
{
20-
uint16_t group = WH_MESSAGE_GROUP_KEY;
21-
uint16_t action = WH_KEY_WRAP;
22-
whMessageKeystore_WrapRequest* req = NULL;
23-
uint8_t* reqData;
20+
uint16_t group = WH_MESSAGE_GROUP_KEY;
21+
uint16_t action = WH_KEY_KEYWRAP;
22+
whMessageKeystore_KeyWrapRequest* req = NULL;
23+
uint8_t* reqData;
2424

2525
if (ctx == NULL || key == NULL || metadata == NULL) {
2626
return WH_ERROR_BADARGS;
2727
}
2828

2929
/* Set the request pointer to the shared comm data memory region */
30-
req = (whMessageKeystore_WrapRequest*)wh_CommClient_GetDataPtr(ctx->comm);
30+
req =
31+
(whMessageKeystore_KeyWrapRequest*)wh_CommClient_GetDataPtr(ctx->comm);
3132
if (req == NULL) {
3233
return WH_ERROR_BADARGS;
3334
}
@@ -51,19 +52,20 @@ int wh_Client_KeyWrapResponse(whClientContext* ctx,
5152
enum wc_CipherType cipherType,
5253
void* wrappedKeyOut, uint16_t wrappedKeySz)
5354
{
54-
int ret;
55-
uint16_t group;
56-
uint16_t action;
57-
uint16_t size;
58-
whMessageKeystore_WrapResponse* resp = NULL;
59-
uint8_t* respData;
55+
int ret;
56+
uint16_t group;
57+
uint16_t action;
58+
uint16_t size;
59+
whMessageKeystore_KeyWrapResponse* resp = NULL;
60+
uint8_t* respData;
6061

6162
if (ctx == NULL || wrappedKeyOut == NULL) {
6263
return WH_ERROR_BADARGS;
6364
}
6465

6566
/* Set the response pointer to the shared comm data memory region */
66-
resp = (whMessageKeystore_WrapResponse*)wh_CommClient_GetDataPtr(ctx->comm);
67+
resp =
68+
(whMessageKeystore_KeyWrapResponse*)wh_CommClient_GetDataPtr(ctx->comm);
6769
if (resp == NULL) {
6870
return WH_ERROR_BADARGS;
6971
}
@@ -74,7 +76,7 @@ int wh_Client_KeyWrapResponse(whClientContext* ctx,
7476
return ret;
7577
}
7678

77-
if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_WRAP ||
79+
if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_KEYWRAP ||
7880
size < sizeof(*resp) || size > sizeof(*resp) + wrappedKeySz ||
7981
resp->wrappedKeySz != wrappedKeySz || resp->cipherType != cipherType) {
8082
return WH_ERROR_ABORTED;
@@ -124,18 +126,19 @@ int wh_Client_KeyUnwrapAndExportRequest(whClientContext* ctx,
124126
uint16_t wrappedKeySz)
125127

126128
{
127-
uint16_t group = WH_MESSAGE_GROUP_KEY;
128-
uint16_t action = WH_KEY_UNWRAPEXPORT;
129-
whMessageKeystore_UnwrapAndExportRequest* req = NULL;
130-
uint8_t* reqData;
129+
uint16_t group = WH_MESSAGE_GROUP_KEY;
130+
uint16_t action = WH_KEY_KEYUNWRAPEXPORT;
131+
whMessageKeystore_KeyUnwrapAndExportRequest* req = NULL;
132+
uint8_t* reqData;
131133

132134
if (ctx == NULL || wrappedKeyIn == NULL) {
133135
return WH_ERROR_BADARGS;
134136
}
135137

136138
/* Set the request pointer to the shared comm data memory region */
137-
req = (whMessageKeystore_UnwrapAndExportRequest*)wh_CommClient_GetDataPtr(
138-
ctx->comm);
139+
req =
140+
(whMessageKeystore_KeyUnwrapAndExportRequest*)wh_CommClient_GetDataPtr(
141+
ctx->comm);
139142
if (req == NULL) {
140143
return WH_ERROR_BADARGS;
141144
}
@@ -158,20 +161,21 @@ int wh_Client_KeyUnwrapAndExportResponse(whClientContext* ctx,
158161
whNvmMetadata* metadataOut,
159162
void* keyOut, uint16_t keySz)
160163
{
161-
int ret;
162-
uint16_t group;
163-
uint16_t action;
164-
uint16_t size;
165-
whMessageKeystore_UnwrapAndExportResponse* resp = NULL;
166-
uint8_t* respData;
164+
int ret;
165+
uint16_t group;
166+
uint16_t action;
167+
uint16_t size;
168+
whMessageKeystore_KeyUnwrapAndExportResponse* resp = NULL;
169+
uint8_t* respData;
167170

168171
if (ctx == NULL || metadataOut == NULL || keyOut == NULL) {
169172
return WH_ERROR_BADARGS;
170173
}
171174

172175
/* Set the response pointer to the shared comm data memory region */
173-
resp = (whMessageKeystore_UnwrapAndExportResponse*)wh_CommClient_GetDataPtr(
174-
ctx->comm);
176+
resp =
177+
(whMessageKeystore_KeyUnwrapAndExportResponse*)wh_CommClient_GetDataPtr(
178+
ctx->comm);
175179
if (resp == NULL) {
176180
return WH_ERROR_BADARGS;
177181
}
@@ -182,7 +186,7 @@ int wh_Client_KeyUnwrapAndExportResponse(whClientContext* ctx,
182186
return ret;
183187
}
184188

185-
if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_UNWRAPEXPORT ||
189+
if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_KEYUNWRAPEXPORT ||
186190
size < sizeof(*resp) ||
187191
size > sizeof(*resp) + sizeof(*metadataOut) + keySz ||
188192
resp->cipherType != cipherType) {
@@ -238,16 +242,16 @@ int wh_Client_KeyUnwrapAndCacheRequest(whClientContext* ctx,
238242
uint16_t wrappedKeySz)
239243
{
240244
uint16_t group = WH_MESSAGE_GROUP_KEY;
241-
uint16_t action = WH_KEY_UNWRAPCACHE;
245+
uint16_t action = WH_KEY_KEYUNWRAPCACHE;
242246

243-
whMessageKeystore_UnwrapAndCacheRequest* req = NULL;
244-
uint8_t* reqData;
247+
whMessageKeystore_KeyUnwrapAndCacheRequest* req = NULL;
248+
uint8_t* reqData;
245249

246250
if (ctx == NULL || wrappedKeyIn == NULL)
247251
return WH_ERROR_BADARGS;
248252

249253
/* Set the request pointer to the shared comm data memory region */
250-
req = (whMessageKeystore_UnwrapAndCacheRequest*)wh_CommClient_GetDataPtr(
254+
req = (whMessageKeystore_KeyUnwrapAndCacheRequest*)wh_CommClient_GetDataPtr(
251255
ctx->comm);
252256
if (req == NULL) {
253257
return WH_ERROR_BADARGS;
@@ -270,18 +274,19 @@ int wh_Client_KeyUnwrapAndCacheResponse(whClientContext* ctx,
270274
enum wc_CipherType cipherType,
271275
uint16_t* keyIdOut)
272276
{
273-
int ret;
274-
uint16_t group;
275-
uint16_t action;
276-
uint16_t size;
277-
whMessageKeystore_UnwrapAndCacheResponse* resp = NULL;
277+
int ret;
278+
uint16_t group;
279+
uint16_t action;
280+
uint16_t size;
281+
whMessageKeystore_KeyUnwrapAndCacheResponse* resp = NULL;
278282

279283
if (ctx == NULL || keyIdOut == NULL)
280284
return WH_ERROR_BADARGS;
281285

282286
/* Set the response pointer to the shared comm data memory region */
283-
resp = (whMessageKeystore_UnwrapAndCacheResponse*)wh_CommClient_GetDataPtr(
284-
ctx->comm);
287+
resp =
288+
(whMessageKeystore_KeyUnwrapAndCacheResponse*)wh_CommClient_GetDataPtr(
289+
ctx->comm);
285290
if (resp == NULL) {
286291
return WH_ERROR_BADARGS;
287292
}
@@ -292,7 +297,7 @@ int wh_Client_KeyUnwrapAndCacheResponse(whClientContext* ctx,
292297
return ret;
293298
}
294299

295-
if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_UNWRAPCACHE ||
300+
if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_KEYUNWRAPCACHE ||
296301
size < sizeof(*resp) || resp->cipherType != cipherType) {
297302
return WH_ERROR_ABORTED;
298303
}
@@ -331,5 +336,211 @@ int wh_Client_KeyUnwrapAndCache(whClientContext* ctx,
331336
return ret;
332337
}
333338

339+
int wh_Client_DataWrapRequest(whClientContext* ctx,
340+
enum wc_CipherType cipherType,
341+
uint16_t serverKeyId, void* dataIn,
342+
uint32_t dataInSz)
343+
{
344+
uint16_t group = WH_MESSAGE_GROUP_KEY;
345+
uint16_t action = WH_KEY_DATAWRAP;
346+
347+
whMessageKeystore_DataWrapRequest* req = NULL;
348+
uint8_t* reqData;
349+
350+
if (ctx == NULL || dataIn == NULL) {
351+
return WH_ERROR_BADARGS;
352+
}
353+
354+
/* Set the request pointer to the shared comm data memory region */
355+
req =
356+
(whMessageKeystore_DataWrapRequest*)wh_CommClient_GetDataPtr(ctx->comm);
357+
if (req == NULL) {
358+
return WH_ERROR_BADARGS;
359+
}
360+
361+
req->dataSz = dataInSz;
362+
req->serverKeyId = serverKeyId;
363+
req->cipherType = cipherType;
364+
365+
/* Place the wrapped key right after the request */
366+
reqData = (uint8_t*)(req + 1);
367+
memcpy(reqData, dataIn, dataInSz);
368+
369+
return wh_Client_SendRequest(ctx, group, action, sizeof(*req) + dataInSz,
370+
(uint8_t*)req);
371+
}
372+
373+
int wh_Client_DataWrapResponse(whClientContext* ctx,
374+
enum wc_CipherType cipherType,
375+
void* wrappedDataOut, uint32_t wrappedDataSz)
376+
{
377+
int ret;
378+
uint16_t group;
379+
uint16_t action;
380+
uint16_t size;
381+
whMessageKeystore_DataWrapResponse* resp = NULL;
382+
uint8_t* respData;
383+
384+
if (ctx == NULL || wrappedDataOut == NULL) {
385+
return WH_ERROR_BADARGS;
386+
}
387+
388+
/* Set the response pointer to the shared comm data memory region */
389+
resp = (whMessageKeystore_DataWrapResponse*)wh_CommClient_GetDataPtr(
390+
ctx->comm);
391+
if (resp == NULL) {
392+
return WH_ERROR_BADARGS;
393+
}
394+
395+
/* Receive the response */
396+
ret = wh_Client_RecvResponse(ctx, &group, &action, &size, (uint8_t*)resp);
397+
if (ret != WH_ERROR_OK) {
398+
return ret;
399+
}
400+
401+
if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_DATAWRAP ||
402+
size < sizeof(*resp) || size > sizeof(*resp) + wrappedDataSz ||
403+
resp->wrappedDataSz != wrappedDataSz ||
404+
resp->cipherType != cipherType) {
405+
return WH_ERROR_ABORTED;
406+
}
407+
408+
if (resp->rc != 0) {
409+
return resp->rc;
410+
}
411+
412+
/* Copy the wrapped key from the response data into wrappedKeyOut */
413+
respData = (uint8_t*)(resp + 1);
414+
memcpy(wrappedDataOut, respData, wrappedDataSz);
415+
416+
return WH_ERROR_OK;
417+
}
418+
419+
int wh_Client_DataWrap(whClientContext* ctx, enum wc_CipherType cipherType,
420+
uint16_t serverKeyId, void* dataIn, uint32_t dataInSz,
421+
void* wrappedDataOut, uint32_t wrappedDataOutSz)
422+
{
423+
int ret;
424+
if (ctx == NULL || wrappedDataOut == NULL || dataIn == NULL) {
425+
return WH_ERROR_BADARGS;
426+
}
427+
428+
ret = wh_Client_DataWrapRequest(ctx, cipherType, serverKeyId, dataIn,
429+
dataInSz);
430+
if (ret != WH_ERROR_OK) {
431+
return ret;
432+
}
433+
434+
do {
435+
ret = wh_Client_DataWrapResponse(ctx, cipherType, wrappedDataOut,
436+
wrappedDataOutSz);
437+
438+
} while (ret == WH_ERROR_NOTREADY);
439+
440+
return ret;
441+
}
442+
443+
int wh_Client_DataUnwrapRequest(whClientContext* ctx,
444+
enum wc_CipherType cipherType,
445+
uint16_t serverKeyId, void* wrappedDataIn,
446+
uint32_t wrappedDataInSz)
447+
{
448+
uint16_t group = WH_MESSAGE_GROUP_KEY;
449+
uint16_t action = WH_KEY_DATAUNWRAP;
450+
451+
whMessageKeystore_DataUnwrapRequest* req = NULL;
452+
uint8_t* reqData;
453+
454+
if (ctx == NULL || wrappedDataIn == NULL) {
455+
return WH_ERROR_BADARGS;
456+
}
457+
458+
/* Set the request pointer to the shared comm data memory region */
459+
req = (whMessageKeystore_DataUnwrapRequest*)wh_CommClient_GetDataPtr(
460+
ctx->comm);
461+
if (req == NULL) {
462+
return WH_ERROR_BADARGS;
463+
}
464+
465+
req->wrappedDataSz = wrappedDataInSz;
466+
req->serverKeyId = serverKeyId;
467+
req->cipherType = cipherType;
468+
469+
/* Place the wrapped data right after the request */
470+
reqData = (uint8_t*)(req + 1);
471+
memcpy(reqData, wrappedDataIn, wrappedDataInSz);
472+
473+
return wh_Client_SendRequest(ctx, group, action,
474+
sizeof(*req) + wrappedDataInSz, (uint8_t*)req);
475+
}
476+
477+
int wh_Client_DataUnwrapResponse(whClientContext* ctx,
478+
enum wc_CipherType cipherType, void* dataOut,
479+
uint32_t dataSz)
480+
{
481+
int ret;
482+
uint16_t group;
483+
uint16_t action;
484+
uint16_t size;
485+
whMessageKeystore_DataUnwrapResponse* resp = NULL;
486+
uint8_t* respData;
487+
488+
if (ctx == NULL || dataOut == NULL) {
489+
return WH_ERROR_BADARGS;
490+
}
491+
492+
/* Set the response pointer to the shared comm data memory region */
493+
resp = (whMessageKeystore_DataUnwrapResponse*)wh_CommClient_GetDataPtr(
494+
ctx->comm);
495+
if (resp == NULL) {
496+
return WH_ERROR_BADARGS;
497+
}
498+
499+
/* Receive the response */
500+
ret = wh_Client_RecvResponse(ctx, &group, &action, &size, (uint8_t*)resp);
501+
if (ret != WH_ERROR_OK) {
502+
return ret;
503+
}
504+
505+
if (group != WH_MESSAGE_GROUP_KEY || action != WH_KEY_DATAUNWRAP ||
506+
size < sizeof(*resp) || size > sizeof(*resp) + dataSz ||
507+
resp->dataSz != dataSz || resp->cipherType != cipherType) {
508+
return WH_ERROR_ABORTED;
509+
}
510+
511+
if (resp->rc != 0) {
512+
return resp->rc;
513+
}
514+
515+
/* Copy the wrapped key from the response data into wrappedKeyOut */
516+
respData = (uint8_t*)(resp + 1);
517+
memcpy(dataOut, respData, dataSz);
518+
519+
return WH_ERROR_OK;
520+
}
521+
int wh_Client_DataUnwrap(whClientContext* ctx, enum wc_CipherType cipherType,
522+
uint16_t serverKeyId, void* wrappedDataIn,
523+
uint32_t wrappedDataInSz, void* dataOut,
524+
uint32_t dataOutSz)
525+
{
526+
int ret;
527+
if (ctx == NULL || wrappedDataIn == NULL || dataOut == NULL) {
528+
return WH_ERROR_BADARGS;
529+
}
530+
531+
ret = wh_Client_DataUnwrapRequest(ctx, cipherType, serverKeyId,
532+
wrappedDataIn, wrappedDataInSz);
533+
if (ret != WH_ERROR_OK) {
534+
return ret;
535+
}
536+
537+
do {
538+
ret = wh_Client_DataUnwrapResponse(ctx, cipherType, dataOut, dataOutSz);
539+
540+
} while (ret == WH_ERROR_NOTREADY);
541+
542+
return ret;
543+
}
544+
334545
#endif /* WOLFHSM_CFG_ENABLE_CLIENT */
335546
#endif /* WOLFHSM_CFG_KEYWRAP */

0 commit comments

Comments
 (0)