Add crypto timeout to RNG and AES

Author: miyazakh

src/wh_client_crypto.c

@@ -221,11 +221,23 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size)
 
         /* Send request and get response */
         ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+        if (ret == WH_ERROR_OK) {
+            ret = wh_CommClient_InitCryptTimeout(ctx->comm);
+        }
+#endif
         if (ret == 0) {
             do {
                 ret = wh_Client_RecvResponse(ctx, &group, &action, &res_len,
                                              dataPtr);
-            } while (ret == WH_ERROR_NOTREADY);
+            } while ((ret == WH_ERROR_NOTREADY)
+                #if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+                    &&
+                    ((ret = wh_CommClient_CheckTimeout(ctx->comm)) !=
+                                                        WH_ERROR_CRYPTIMEOUT));
+                #else
+                    );
+                #endif
         }
         if (ret == WH_ERROR_OK) {
             /* Get response */
@@ -339,14 +351,26 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
     wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
 #endif
     ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+    if (ret == WH_ERROR_OK) {
+        ret = wh_CommClient_InitCryptTimeout(ctx->comm);
+    }
+#endif
     /* read response */
     if (ret == WH_ERROR_OK) {
         /* Response packet */
         uint16_t res_len = 0;
         do {
             ret =
                 wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
-        } while (ret == WH_ERROR_NOTREADY);
+        } while ((ret == WH_ERROR_NOTREADY)
+        #if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+                &&
+                ((ret = wh_CommClient_CheckTimeout(ctx->comm)) !=
+                                                        WH_ERROR_CRYPTIMEOUT));
+        #else
+                );
+        #endif
         if (ret == WH_ERROR_OK) {
             ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
             if (ret == WH_ERROR_OK) {
@@ -460,14 +484,26 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
     wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
 #endif
     ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+    if (ret == WH_ERROR_OK) {
+        ret = wh_CommClient_InitCryptTimeout(ctx->comm);
+    }
+#endif
     /* read response */
     if (ret == WH_ERROR_OK) {
         /* Response packet */
         uint16_t res_len = 0;
         do {
             ret =
                 wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
-        } while (ret == WH_ERROR_NOTREADY);
+        } while ((ret == WH_ERROR_NOTREADY)
+        #if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+                &&
+                ((ret = wh_CommClient_CheckTimeout(ctx->comm)) !=
+                                                        WH_ERROR_CRYPTIMEOUT));
+        #else
+                );
+        #endif
         if (ret == WH_ERROR_OK) {
             ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
             if (ret == WH_ERROR_OK) {
@@ -576,14 +612,26 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
     wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
 #endif
     ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+    if (ret == WH_ERROR_OK) {
+        ret = wh_CommClient_InitCryptTimeout(ctx->comm);
+    }
+#endif
     /* read response */
     if (ret == WH_ERROR_OK) {
         /* Response packet */
         uint16_t res_len = 0;
         do {
             ret =
                 wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
-        } while (ret == WH_ERROR_NOTREADY);
+        } while ((ret == WH_ERROR_NOTREADY)
+        #if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+                &&
+                ((ret = wh_CommClient_CheckTimeout(ctx->comm)) !=
+                                                        WH_ERROR_CRYPTIMEOUT));
+        #else
+                );
+        #endif
         if (ret == WH_ERROR_OK) {
             ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
             if (ret == WH_ERROR_OK) {
@@ -708,12 +756,24 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
 
     /* Send request and receive response */
     ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+    if (ret == WH_ERROR_OK) {
+        ret = wh_CommClient_InitCryptTimeout(ctx->comm);
+    }
+#endif
     if (ret == 0) {
         uint16_t res_len = 0;
         do {
             ret =
                 wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
-        } while (ret == WH_ERROR_NOTREADY);
+        } while ((ret == WH_ERROR_NOTREADY)
+        #if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+                &&
+                ((ret = wh_CommClient_CheckTimeout(ctx->comm)) !=
+                                                        WH_ERROR_CRYPTIMEOUT));
+        #else
+                );
+        #endif
 
         if (ret == WH_ERROR_OK) {
             /* Get response */
@@ -902,12 +962,24 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc,
     wh_Utils_Hexdump("[client] AESGCM DMA req packet: \n", dataPtr, reqLen);
 #endif
     ret = wh_Client_SendRequest(ctx, group, action, reqLen, dataPtr);
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+    if (ret == WH_ERROR_OK) {
+        ret = wh_CommClient_InitCryptTimeout(ctx->comm);
+    }
+#endif
     if (ret == 0) {
         uint16_t resLen = 0;
         do {
             ret =
                 wh_Client_RecvResponse(ctx, &group, &action, &resLen, dataPtr);
-        } while (ret == WH_ERROR_NOTREADY);
+        } while ((ret == WH_ERROR_NOTREADY)
+        #if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+                &&
+                ((ret = wh_CommClient_CheckTimeout(ctx->comm)) !=
+                                                        WH_ERROR_CRYPTIMEOUT));
+        #else
+                );
+        #endif
 
         if (ret == WH_ERROR_OK) {
             /* Get response */

src/wh_comm.c

@@ -74,7 +74,11 @@ int wh_CommClient_Init(whCommClient* context, const whCommClientConfig* config)
     context->transport_context  = config->transport_context;
     context->client_id          = config->client_id;
     context->connect_cb         = config->connect_cb;
-
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+    context->crypt_timeout_cb   = config->crypt_timeout_cb;
+    context->cryptimeout_enabled= config->cryptimeout_enabled;
+    context->crypt_timeout      = config->crypt_timeout;
+#endif
     if (context->transport_cb->Init != NULL) {
         rc = context->transport_cb->Init(context->transport_context,
                 config->transport_config, NULL, NULL);
@@ -211,6 +215,53 @@ int wh_CommClient_Cleanup(whCommClient* context)
     return rc;
 }
 
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
+/* Set Crypto Time Out if needed */
+int wh_CommClient_InitCryptTimeout(whCommClient* context)
+{
+    if (context == NULL || context->crypt_timeout_cb == NULL ||
+        context->crypt_timeout_cb->GetCurrentTime == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+
+    if (context->cryptimeout_enabled == 1) {
+        context->crypt_timeout_cb->start_time =
+                        context->crypt_timeout_cb->GetCurrentTime(1);
+    }
+
+    return WH_ERROR_OK;
+}
+
+/* Check Crypto Timeout */
+int wh_CommClient_CheckTimeout(whCommClient* context)
+{
+    uint32_t current_ms = 0;
+    uint32_t elapsed_ms = 0;
+    uint32_t timeout_ms = 0;
+
+    if (context == NULL || context->crypt_timeout_cb == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+    timeout_ms = (uint32_t)(context->crypt_timeout.tv_sec * 1000 +
+                            context->crypt_timeout.tv_usec / 1000);
+
+    if (context->cryptimeout_enabled == 1 && timeout_ms > 0) {
+        /* check timeout by user cb if defined */
+        if (context->crypt_timeout_cb->CheckTimeout != NULL) {
+            return context->crypt_timeout_cb->CheckTimeout(
+                    &context->crypt_timeout_cb->start_time, timeout_ms);
+        } else {
+            /* expect to return time in milliseconds */
+            current_ms = context->crypt_timeout_cb->GetCurrentTime(0);
+            elapsed_ms = current_ms - context->crypt_timeout_cb->start_time;
+            if (elapsed_ms > timeout_ms) {
+                return WH_ERROR_CRYPTIMEOUT;
+            }
+        }
+    }
+    return WH_ERROR_OK;
+}
+#endif /* WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT */
 #endif /* WOLFHSM_CFG_ENABLE_CLIENT */
 
 /** Server Functions */

test/Makefile

@@ -129,6 +129,9 @@ else
 	DEF += -DWOLFHSM_CFG_IS_TEST_SERVER
 endif
 
+ifeq ($(CRYPTIMEOUT),1)
+	DEF += -DWOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT
+endif
 
 ## Source files
 # Assembly source files

test/config/wolfhsm_cfg.h

@@ -58,4 +58,11 @@
 
 #define WOLFHSM_CFG_SERVER_NVM_FLASH_LOG
 
+/* Enable client crypto timeout feature for testing */
+#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) && \
+    defined(WOLFHSM_CFG_TEST_POSIX)
+#define WOLFHSM_CFG_CLIENT_CRYPTIMEOUT_SEC (2)
+ #define WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT
+#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */
+
 #endif /* WOLFHSM_CFG_H_ */

test/wh_test_common.c

@@ -26,7 +26,9 @@
 #include <wolfhsm/wh_error.h>
 
 #include "wh_test_common.h"
-
+#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT)
+#include <sys/time.h> /* For gettimeofday */
+#endif
 
 /**
  * Helper function to configure and select an NVM backend for testing.
@@ -90,3 +92,34 @@ int whTest_NvmCfgBackend(whTestNvmBackendType   type,
 
     return 0;
 }
+
+#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT)
+uint32_t whTest_GetCurrentTime(int reset)
+{
+    struct timeval tv;
+    (void)reset;
+    if (gettimeofday(&tv, 0) < 0)
+        return 0;
+    /* Convert to milliseconds number. */
+    return (uint32_t)(tv.tv_sec * 1000 + tv.tv_usec / 1000);
+}
+/* start_time stores the time (in milliseconds) returned by the GetCurrentTime()
+ * callback when the operation started.
+ * The actual unit depends on the GetCurrentTime() implementation.
+ * timeout_ms represents the timeout in milliseconds, which is derived from
+ * the crypt_timeout value in whCommClientConfig.
+ */
+int whTest_CheckCryptoTimeout(uint32_t* start_time, uint32_t timeout_ms)
+{
+    uint32_t current_time = whTest_GetCurrentTime(0);
+    uint32_t elapsed_time = current_time - *start_time;
+
+    if (timeout_ms == 0) {
+        return WH_ERROR_OK;
+    }
+    if (elapsed_time > timeout_ms) {
+        return WH_ERROR_CRYPTIMEOUT;
+    }
+    return WH_ERROR_OK;
+}
+#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */

test/wh_test_common.h

@@ -138,4 +138,14 @@ int whTest_NvmCfgBackend(whTestNvmBackendType   type,
                          whTestNvmBackendUnion* nvmSetup, whNvmConfig* nvmCfg,
                          whFlashRamsimCfg* fCfg, whFlashRamsimCtx* fCtx,
                          const whFlashCb* fCb);
+uint32_t whTest_GetCurrentTime(int reset);
+int whTest_CheckCryptoTimeout(uint32_t* start_time, uint32_t timeout_ms);
+
+#define WH_CLIENT_CRYPTO_TIMEOUT_CB               \
+{                                                 \
+    .GetCurrentTime = whTest_GetCurrentTime,      \
+    .CheckTimeout  = whTest_CheckCryptoTimeout,   \
+    .start_time = 0,                              \
+}
+
 #endif /* WH_TEST_COMMON_H_ */