Merge pull request #189 from AlexLanzano/enable-keywrap-macro

Implement configure option to enable key wrap feature

Author: bigbrett

examples/demo/client/wh_demo_client_all.c

@@ -46,10 +46,12 @@ int wh_DemoClient_All(whClientContext* clientContext)
     }
 #endif
 
+#ifdef WOLFHSM_CFG_KEYWRAP
     rc = wh_DemoClient_KeyWrapBasic(clientContext);
     if (rc != 0) {
         return rc;
     }
+#endif /* WOLFHSM_CFG_KEYWRAP */
 
     /**Crypto demos */
 #ifndef NO_RSA

examples/demo/client/wh_demo_client_keywrap.c

@@ -33,8 +33,9 @@
 
 #include "wh_demo_client_keywrap.h"
 
+#ifdef WOLFHSM_CFG_KEYWRAP
+
 #ifndef NO_AES
-#define HAVE_AESGCM
 #ifdef HAVE_AESGCM
 
 #define WH_TEST_AES_KEYSIZE 16
@@ -160,3 +161,4 @@ int wh_DemoClient_KeyWrapBasic(whClientContext* clientContext)
     wc_FreeRng(rng);
     return ret;
 }
+#endif /* WOLFHSM_CFG_KEYWRAP */

examples/posix/tcp/wh_client_tcp/wolfhsm_cfg.h

@@ -29,6 +29,6 @@
 #define WOLFHSM_CFG_ENABLE_CLIENT
 #define WOLFHSM_CFG_HEXDUMP
 #define WOLFHSM_CFG_COMM_DATA_LEN 1280
-
+#define WOLFHSM_CFG_KEYWRAP
 
 #endif /* WOLFHSM_CFG_H_ */

examples/posix/tcp/wh_server_tcp/wolfhsm_cfg.h

@@ -45,5 +45,6 @@
 #define WOLFHSM_CFG_CERTIFICATE_MANAGER_ACERT
 
 #define XMEMFENCE() __atomic_thread_fence(__ATOMIC_SEQ_CST)
+#define WOLFHSM_CFG_KEYWRAP
 
 #endif /* WOLFHSM_CFG_H_ */

src/wh_server_keystore.c

@@ -344,6 +344,7 @@ static int _FindInCache(whServerContext* server, whKeyId keyId, int* out_index,
     return ret;
 }
 
+#ifdef WOLFHSM_CFG_KEYWRAP
 static int _ExistsInCache(whServerContext* server, whKeyId keyId)
 {
     int            ret           = 0;
@@ -364,6 +365,8 @@ static int _ExistsInCache(whServerContext* server, whKeyId keyId)
     return 1;
 }
 
+#endif /* WOLFHSM_CFG_KEYWRAP */
+
 /* try to put the specified key into cache if it isn't already, return pointers
  * to meta and the cached data*/
 int wh_Server_KeystoreFreshenKey(whServerContext* server, whKeyId keyId,
@@ -551,6 +554,7 @@ int wh_Server_KeystoreEraseKey(whServerContext* server, whNvmId keyId)
     return wh_Nvm_DestroyObjects(server->nvm, 1, &keyId);
 }
 
+#ifdef WOLFHSM_CFG_KEYWRAP
 #ifndef NO_AES
 #ifdef HAVE_AESGCM
 
@@ -898,6 +902,8 @@ _HandleUnwrapAndCacheKeyRequest(whServerContext*                         server,
     return wh_Server_KeystoreCacheKey(server, &metadata, key);
 }
 
+#endif /* WOLFHSM_CFG_KEYWRAP */
+
 int wh_Server_HandleKeyRequest(whServerContext* server, uint16_t magic,
                                uint16_t action, uint16_t req_size,
                                const void* req_packet, uint16_t* out_resp_size,
@@ -1180,6 +1186,8 @@ int wh_Server_HandleKeyRequest(whServerContext* server, uint16_t magic,
                 *out_resp_size = sizeof(resp);
             }
         } break;
+
+#ifdef WOLFHSM_CFG_KEYWRAP
         case WH_KEY_WRAP: {
             whMessageKeystore_WrapRequest  wrapReq  = {0};
             whMessageKeystore_WrapResponse wrapResp = {0};
@@ -1290,6 +1298,8 @@ int wh_Server_HandleKeyRequest(whServerContext* server, uint16_t magic,
 
         } break;
 
+#endif /* WOLFHSM_CFG_KEYWRAP */
+
         default:
             ret = WH_ERROR_BADARGS;
             break;

test/config/wolfhsm_cfg.h

@@ -46,4 +46,6 @@
 /* Enable Image Manager feature */
 #define WOLFHSM_CFG_SERVER_IMG_MGR
 
+#define WOLFHSM_CFG_KEYWRAP
+
 #endif /* WOLFHSM_CFG_H_ */

test/wh_test.c

@@ -111,7 +111,11 @@ int whTest_ClientConfig(whClientConfig* clientCfg)
 
 #if !defined(WOLFHSM_CFG_NO_CRYPTO)
     WH_TEST_RETURN_ON_FAIL(whTest_CryptoClientConfig(clientCfg));
+
+#if defined(WOLFHSM_CFG_KEYWRAP)
     WH_TEST_RETURN_ON_FAIL(whTest_KeyWrapClientConfig(clientCfg));
+#endif /*WOLFHSM_CFG_KEYWRAP */
+
 #endif /* !WOLFHSM_CFG_NO_CRYPTO */
 
 #if defined(WOLFHSM_CFG_SHE_EXTENSION)

test/wh_test_keywrap.c

@@ -29,6 +29,8 @@
 
 #include "wolfhsm/wh_error.h"
 
+#ifdef WOLFHSM_CFG_KEYWRAP
+
 #ifdef WOLFHSM_CFG_ENABLE_CLIENT
 #include "wolfhsm/wh_client.h"
 #include "wolfhsm/wh_client_crypto.h"
@@ -199,5 +201,6 @@ int whTest_KeyWrapClientConfig(whClientConfig* config)
 
     return ret;
 }
-#endif /* WOLFHSM_CFG_ENABLE_CLIENT */
 #endif /* !WOLFHSM_CFG_NO_CRYPTO */
+#endif /* WOLFHSM_CFG_ENABLE_CLIENT */
+#endif /* WOLFHSM_CFG_KEYWRAP */

wolfhsm/wh_settings.h

@@ -36,6 +36,9 @@
  *  WOLFHSM_CFG_SHE_EXTENSION - If defined, include AutoSAR SHE functionality
  *      Default: Not defined
  *
+ *  WOLFHSM_CFG_KEYWRAP - If defined, include the key wrap functionality
+ *      Default: Not defined
+ *
  *  WOLFHSM_CFG_KEYWRAP_MAX_KEY_SIZE - The maximum size (in bytes) of a key that
  *  can be wrapped
  *      Default: 512
@@ -233,15 +236,12 @@
 #endif
 #endif
 
-#if !defined(NO_AES)
-#if defined(HAVE_AESGCM)
+#if defined(WOLFHSM_CFG_KEYWRAP)
 
 #ifndef WOLFHSM_CFG_KEYWRAP_MAX_KEY_SIZE
 #define WOLFHSM_CFG_KEYWRAP_MAX_KEY_SIZE 2000
 #endif
 
-#endif
-#endif
 
 #if defined(WOLFHSM_CFG_NO_CRYPTO)
 #error "WOLFHSM_CFG_KEYWRAP is incompatible with WOLFHSM_CFG_NO_CRYPTO"
@@ -252,6 +252,7 @@
     "WOLFHSM_CFG_KEYWRAP requires NO_AES to be undefined and HAVE_AESGCM to be defined"
 #endif
 
+#endif /* WOLFHSM_CFG_KEYWRAP */
 
 #if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER_ACERT)
 #if !defined(WOLFSSL_ACERT) || !defined(WOLFSSL_ASN_TEMPLATE)