Skip to content

Commit 7987f9a

Browse files
miyazakhmiyazakh
committed
Add crypto timeout to RNG and AES
1 parent 398de7f commit 7987f9a

File tree

10 files changed

+480
-23
lines changed

10 files changed

+480
-23
lines changed

src/wh_client_crypto.c

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -233,10 +233,25 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size)
233233

234234
/* Send request and get response */
235235
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
236+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
237+
if (ret == WH_ERROR_OK) {
238+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
239+
}
240+
#endif
236241
if (ret == 0) {
237242
do {
238243
ret = wh_Client_RecvResponse(ctx, &group, &action, &res_len,
239244
dataPtr);
245+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
246+
if (ret == WH_ERROR_NOTREADY) {
247+
/* Check for crypto timeout */
248+
if (wh_CommClient_CheckTimeout(ctx->comm)
249+
== WH_ERROR_CRYPTIMEOUT) {
250+
ret = WH_ERROR_CRYPTIMEOUT;
251+
break;
252+
}
253+
}
254+
#endif
240255
} while (ret == WH_ERROR_NOTREADY);
241256
}
242257
if (ret == WH_ERROR_OK) {
@@ -418,14 +433,30 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
418433
wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
419434
#endif
420435
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
436+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
437+
if (ret == WH_ERROR_OK) {
438+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
439+
}
440+
#endif
421441
/* read response */
422442
if (ret == WH_ERROR_OK) {
423443
/* Response packet */
424444
uint16_t res_len = 0;
425445
do {
426446
ret =
427447
wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
448+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
449+
if (ret == WH_ERROR_NOTREADY) {
450+
/* Check for crypto timeout */
451+
if (wh_CommClient_CheckTimeout(ctx->comm)
452+
== WH_ERROR_CRYPTIMEOUT) {
453+
ret = WH_ERROR_CRYPTIMEOUT;
454+
break;
455+
}
456+
}
457+
#endif
428458
} while (ret == WH_ERROR_NOTREADY);
459+
429460
if (ret == WH_ERROR_OK) {
430461
ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
431462
if (ret == WH_ERROR_OK) {
@@ -540,14 +571,30 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
540571
wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
541572
#endif
542573
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
574+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
575+
if (ret == WH_ERROR_OK) {
576+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
577+
}
578+
#endif
543579
/* read response */
544580
if (ret == WH_ERROR_OK) {
545581
/* Response packet */
546582
uint16_t res_len = 0;
547583
do {
548584
ret =
549585
wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
586+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
587+
if (ret == WH_ERROR_NOTREADY) {
588+
/* Check for crypto timeout */
589+
if (wh_CommClient_CheckTimeout(ctx->comm)
590+
== WH_ERROR_CRYPTIMEOUT) {
591+
ret = WH_ERROR_CRYPTIMEOUT;
592+
break;
593+
}
594+
}
595+
#endif
550596
} while (ret == WH_ERROR_NOTREADY);
597+
551598
if (ret == WH_ERROR_OK) {
552599
ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
553600
if (ret == WH_ERROR_OK) {
@@ -659,14 +706,30 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
659706
wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
660707
#endif
661708
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
709+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
710+
if (ret == WH_ERROR_OK) {
711+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
712+
}
713+
#endif
662714
/* read response */
663715
if (ret == WH_ERROR_OK) {
664716
/* Response packet */
665717
uint16_t res_len = 0;
666718
do {
667719
ret =
668720
wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
721+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
722+
if (ret == WH_ERROR_NOTREADY) {
723+
/* Check for crypto timeout */
724+
if (wh_CommClient_CheckTimeout(ctx->comm)
725+
== WH_ERROR_CRYPTIMEOUT) {
726+
ret = WH_ERROR_CRYPTIMEOUT;
727+
break;
728+
}
729+
}
730+
#endif
669731
} while (ret == WH_ERROR_NOTREADY);
732+
670733
if (ret == WH_ERROR_OK) {
671734
ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
672735
if (ret == WH_ERROR_OK) {
@@ -793,11 +856,26 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
793856

794857
/* Send request and receive response */
795858
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
859+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
860+
if (ret == WH_ERROR_OK) {
861+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
862+
}
863+
#endif
796864
if (ret == 0) {
797865
uint16_t res_len = 0;
798866
do {
799867
ret =
800868
wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
869+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
870+
if (ret == WH_ERROR_NOTREADY) {
871+
/* Check for crypto timeout */
872+
if (wh_CommClient_CheckTimeout(ctx->comm)
873+
== WH_ERROR_CRYPTIMEOUT) {
874+
ret = WH_ERROR_CRYPTIMEOUT;
875+
break;
876+
}
877+
}
878+
#endif
801879
} while (ret == WH_ERROR_NOTREADY);
802880

803881
if (ret == WH_ERROR_OK) {
@@ -987,11 +1065,26 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc,
9871065
wh_Utils_Hexdump("[client] AESGCM DMA req packet: \n", dataPtr, reqLen);
9881066
#endif
9891067
ret = wh_Client_SendRequest(ctx, group, action, reqLen, dataPtr);
1068+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
1069+
if (ret == WH_ERROR_OK) {
1070+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
1071+
}
1072+
#endif
9901073
if (ret == 0) {
9911074
uint16_t resLen = 0;
9921075
do {
9931076
ret =
9941077
wh_Client_RecvResponse(ctx, &group, &action, &resLen, dataPtr);
1078+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
1079+
if (ret == WH_ERROR_NOTREADY) {
1080+
/* Check for crypto timeout */
1081+
if (wh_CommClient_CheckTimeout(ctx->comm)
1082+
== WH_ERROR_CRYPTIMEOUT) {
1083+
ret = WH_ERROR_CRYPTIMEOUT;
1084+
break;
1085+
}
1086+
}
1087+
#endif
9951088
} while (ret == WH_ERROR_NOTREADY);
9961089

9971090
if (ret == WH_ERROR_OK) {

src/wh_comm.c

Lines changed: 53 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,11 @@ int wh_CommClient_Init(whCommClient* context, const whCommClientConfig* config)
7474
context->transport_context = config->transport_context;
7575
context->client_id = config->client_id;
7676
context->connect_cb = config->connect_cb;
77-
77+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
78+
context->crypt_timeout_cb = config->crypt_timeout_cb;
79+
context->cryptimeout_enabled = config->cryptimeout_enabled;
80+
context->crypt_timeout = config->crypt_timeout;
81+
#endif
7882
if (context->transport_cb->Init != NULL) {
7983
rc = context->transport_cb->Init(context->transport_context,
8084
config->transport_config, NULL, NULL);
@@ -211,6 +215,54 @@ int wh_CommClient_Cleanup(whCommClient* context)
211215
return rc;
212216
}
213217

218+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
219+
/* Set Crypto Time Out if needed */
220+
int wh_CommClient_InitCryptTimeout(whCommClient* context)
221+
{
222+
if (context == NULL || context->crypt_timeout_cb == NULL ||
223+
context->crypt_timeout_cb->GetCurrentTime == NULL) {
224+
return WH_ERROR_BADARGS;
225+
}
226+
227+
if (context->cryptimeout_enabled == 1) {
228+
context->crypt_timeout_cb->start_time =
229+
context->crypt_timeout_cb->GetCurrentTime(1);
230+
}
231+
232+
return WH_ERROR_OK;
233+
}
234+
235+
/* Check Crypto Timeout */
236+
int wh_CommClient_CheckTimeout(whCommClient* context)
237+
{
238+
uint32_t current_ms = 0;
239+
uint32_t elapsed_ms = 0;
240+
uint32_t timeout_ms = 0;
241+
242+
if (context == NULL || context->crypt_timeout_cb == NULL) {
243+
return WH_ERROR_BADARGS;
244+
}
245+
timeout_ms = (uint32_t)(context->crypt_timeout.tv_sec * 1000 +
246+
context->crypt_timeout.tv_usec / 1000);
247+
248+
if (context->cryptimeout_enabled == 1 && timeout_ms > 0) {
249+
/* check timeout by user cb if defined */
250+
if (context->crypt_timeout_cb->CheckTimeout != NULL) {
251+
return context->crypt_timeout_cb->CheckTimeout(
252+
&context->crypt_timeout_cb->start_time, timeout_ms);
253+
}
254+
else {
255+
/* expect to return time in milliseconds */
256+
current_ms = context->crypt_timeout_cb->GetCurrentTime(0);
257+
elapsed_ms = current_ms - context->crypt_timeout_cb->start_time;
258+
if (elapsed_ms > timeout_ms) {
259+
return WH_ERROR_CRYPTIMEOUT;
260+
}
261+
}
262+
}
263+
return WH_ERROR_OK;
264+
}
265+
#endif /* WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT */
214266
#endif /* WOLFHSM_CFG_ENABLE_CLIENT */
215267

216268
/** Server Functions */

test/Makefile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,9 @@ else
135135
DEF += -DWOLFHSM_CFG_IS_TEST_SERVER
136136
endif
137137

138+
ifeq ($(CRYPTIMEOUT),1)
139+
DEF += -DWOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT
140+
endif
138141

139142
## Source files
140143
# Assembly source files

test/config/wolfhsm_cfg.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,4 +61,11 @@
6161

6262
#define WOLFHSM_CFG_SERVER_NVM_FLASH_LOG
6363

64+
/* Enable client crypto timeout feature for testing */
65+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) && \
66+
defined(WOLFHSM_CFG_TEST_POSIX)
67+
#define WOLFHSM_CFG_CLIENT_CRYPTIMEOUT_SEC (2)
68+
#define WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT
69+
#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */
70+
6471
#endif /* WOLFHSM_CFG_H_ */

test/wh_test_common.c

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,9 @@
2626
#include <wolfhsm/wh_error.h>
2727

2828
#include "wh_test_common.h"
29-
29+
#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT)
30+
#include <sys/time.h> /* For gettimeofday */
31+
#endif
3032

3133
/**
3234
* Helper function to configure and select an NVM backend for testing.
@@ -90,3 +92,34 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type,
9092

9193
return 0;
9294
}
95+
96+
#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT)
97+
uint32_t whTest_GetCurrentTime(int reset)
98+
{
99+
struct timeval tv;
100+
(void)reset;
101+
if (gettimeofday(&tv, 0) < 0)
102+
return 0;
103+
/* Convert to milliseconds number. */
104+
return (uint32_t)(tv.tv_sec * 1000 + tv.tv_usec / 1000);
105+
}
106+
/* start_time stores the time (in milliseconds) returned by the GetCurrentTime()
107+
* callback when the operation started.
108+
* The actual unit depends on the GetCurrentTime() implementation.
109+
* timeout_ms represents the timeout in milliseconds, which is derived from
110+
* the crypt_timeout value in whCommClientConfig.
111+
*/
112+
int whTest_CheckCryptoTimeout(uint32_t* start_time, uint32_t timeout_ms)
113+
{
114+
uint32_t current_time = whTest_GetCurrentTime(0);
115+
uint32_t elapsed_time = current_time - *start_time;
116+
117+
if (timeout_ms == 0) {
118+
return WH_ERROR_OK;
119+
}
120+
if (elapsed_time > timeout_ms) {
121+
return WH_ERROR_CRYPTIMEOUT;
122+
}
123+
return WH_ERROR_OK;
124+
}
125+
#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */

test/wh_test_common.h

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -139,4 +139,14 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type,
139139
whTestNvmBackendUnion* nvmSetup, whNvmConfig* nvmCfg,
140140
whFlashRamsimCfg* fCfg, whFlashRamsimCtx* fCtx,
141141
const whFlashCb* fCb);
142+
uint32_t whTest_GetCurrentTime(int reset);
143+
int whTest_CheckCryptoTimeout(uint32_t* start_time, uint32_t timeout_ms);
144+
145+
#define WH_CLIENT_CRYPTO_TIMEOUT_CB \
146+
{ \
147+
.GetCurrentTime = whTest_GetCurrentTime, \
148+
.CheckTimeout = whTest_CheckCryptoTimeout, \
149+
.start_time = 0, \
150+
}
151+
142152
#endif /* WH_TEST_COMMON_H_ */

0 commit comments

Comments
 (0)