Add WOLFHSM_CFG_CANCEL_API for opt-in cancellation support

Refactor and fix cmac cancellation tests

Author: jackctj117

src/wh_client.c

@@ -76,8 +76,10 @@ int wh_Client_Init(whClientContext* c, const whClientConfig* config)
     }
 
     memset(c, 0, sizeof(*c));
+#ifdef WOLFHSM_CFG_CANCEL_API
     /* register the cancel callback */
     c->cancelCb = config->cancelCb;
+#endif
 
     rc = wh_CommClient_Init(c->comm, config->comm);
 
@@ -470,6 +472,7 @@ int wh_Client_CommClose(whClientContext* c)
     return rc;
 }
 
+#ifdef WOLFHSM_CFG_CANCEL_API
 int wh_Client_EnableCancel(whClientContext* c)
 {
     if (c == NULL)
@@ -535,6 +538,7 @@ int wh_Client_Cancel(whClientContext* c)
     }
     return ret;
 }
+#endif /* WOLFHSM_CFG_CANCEL_API */
 
 int wh_Client_EchoRequest(whClientContext* c, uint16_t size, const void* data)
 {

src/wh_client_crypto.c

@@ -2394,11 +2394,13 @@ int wh_Client_Cmac(whClientContext* ctx, Cmac* cmac, CmacType type,
     if (ret == WH_ERROR_OK) {
         /* Update the local type since call succeeded */
         cmac->type = type;
+#ifdef WOLFHSM_CFG_CANCEL_API
         /* if the client marked they may want to cancel, handle the
          * response in a separate call */
         if (ctx->cancelable) {
             return ret;
         }
+#endif
 
         uint16_t res_len = 0;
         do {
@@ -2434,6 +2436,7 @@ int wh_Client_Cmac(whClientContext* ctx, Cmac* cmac, CmacType type,
 
 #endif /* !NO_AES */
 
+#ifdef WOLFHSM_CFG_CANCEL_API
 int wh_Client_CmacCancelableResponse(whClientContext* c, Cmac* cmac,
                                      uint8_t* out, uint16_t* outSz)
 {
@@ -2485,6 +2488,7 @@ int wh_Client_CmacCancelableResponse(whClientContext* c, Cmac* cmac,
     }
     return ret;
 }
+#endif /* WOLFHSM_CFG_CANCEL_API */
 
 #ifdef WOLFHSM_CFG_DMA
 int wh_Client_CmacDma(whClientContext* ctx, Cmac* cmac, CmacType type,

src/wh_server.c

@@ -150,6 +150,7 @@ int wh_Server_GetConnected(whServerContext *server,
     return WH_ERROR_OK;
 }
 
+#ifdef WOLFHSM_CFG_CANCEL_API
 int wh_Server_GetCanceledSequence(whServerContext* server, uint16_t* outSeq)
 {
     if (server == NULL || outSeq == NULL)
@@ -167,6 +168,7 @@ int wh_Server_SetCanceledSequence(whServerContext* server, uint16_t cancelSeq)
     server->cancelSeq = cancelSeq;
     return WH_ERROR_OK;
 }
+#endif /* WOLFHSM_CFG_CANCEL_API */
 
 static int _wh_Server_HandleCommRequest(whServerContext* server,
         uint16_t magic, uint16_t action, uint16_t seq,
@@ -376,13 +378,17 @@ int wh_Server_HandleRequestMessage(whServerContext* server)
 
         /* Send a response */
         /* TODO: Respond with ErrorResponse if handler returns an error */
-        if (rc == 0 || rc == WH_ERROR_CANCEL) {
+#ifdef WOLFHSM_CFG_CANCEL_API
+        if (rc == WH_ERROR_CANCEL) {
             /* notify the client that their request was canceled */
-            if (rc == WH_ERROR_CANCEL) {
-                kind = WH_MESSAGE_KIND(WH_MESSAGE_GROUP_CANCEL, 0);
-                size = 0;
-                data = NULL;
-            }
+            kind = WH_MESSAGE_KIND(WH_MESSAGE_GROUP_CANCEL, 0);
+            size = 0;
+            data = NULL;
+            /* reset RC so the cancellation response is sent */
+            rc = 0;
+        }
+#endif
+        if (rc == 0) {
             do {
                 rc = wh_CommServer_SendResponse(server->comm, magic, kind, seq,
                     size, data);

src/wh_server_crypto.c

@@ -54,6 +54,25 @@
 
 #include "wolfhsm/wh_message_crypto.h"
 
+/** Helper functions */
+#ifdef WOLFHSM_CFG_CANCEL_API
+/**
+ * Check if the current operation should be canceled
+ * @param ctx Server context
+ * @param seq Sequence number to check against
+ * @return WH_ERROR_CANCEL if canceled, 0 if not canceled, or error code
+ */
+static int _CheckCancellation(whServerContext* ctx, uint16_t seq)
+{
+    uint16_t cancelSeq;
+    int      ret = wh_Server_GetCanceledSequence(ctx, &cancelSeq);
+    if (ret == 0 && cancelSeq == seq) {
+        return WH_ERROR_CANCEL;
+    }
+    return ret;
+}
+#endif
+
 /** Forward declarations */
 #ifndef NO_RSA
 #ifdef WOLFSSL_KEY_GEN
@@ -1798,8 +1817,7 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq,
     }
 
     uint32_t i;
-    word32 len;
-    uint16_t cancelSeq;
+    word32   len;
     whKeyId keyId = WH_KEYID_ERASED;
 
     /* Setup fixed size fields */
@@ -1890,49 +1908,60 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq,
             }
             /* Handle CMAC update, checking for cancellation */
             if (ret == 0 && req.inSz != 0) {
+#ifndef WOLFHSM_CFG_CANCEL_API
+                (void)seq;
+#endif
                 for (i = 0; ret == 0 && i < req.inSz; i += AES_BLOCK_SIZE) {
                     if (i + AES_BLOCK_SIZE > req.inSz) {
                         blockSz = req.inSz - i;
                     }
                     ret = wc_CmacUpdate(ctx->crypto->algoCtx.cmac, in + i,
                         blockSz);
+#ifdef WOLFHSM_CFG_CANCEL_API
                     if (ret == 0) {
-                        ret = wh_Server_GetCanceledSequence(ctx, &cancelSeq);
-                        if (ret == 0 && cancelSeq == seq) {
-                            ret = WH_ERROR_CANCEL;
-                        }
+                        ret = _CheckCancellation(ctx, seq);
                     }
+#endif
                 }
 #ifdef DEBUG_CRYPTOCB_VERBOSE
                 printf("[server] cmac update done. ret:%d\n", ret);
 #endif
             }
-            /* do final and evict the struct if outSz is set, otherwise cache the
-             * struct for a future call */
-            if ((ret == 0 && req.outSz != 0) || ret == WH_ERROR_CANCEL) {
-                if (ret != WH_ERROR_CANCEL) {
-                    keyId = req.keyId;
-                    len = req.outSz;
+
+            /* Check if we should finalize and evict, or cache for future calls
+             */
+            if (ret == 0 && req.outSz != 0) {
+                /* Finalize CMAC operation */
+                keyId = req.keyId;
+                len   = req.outSz;
 #ifdef DEBUG_CRYPTOCB_VERBOSE
-                    printf("[server] cmac final keyId:%x len:%d\n",keyId, len);
+                printf("[server] cmac final keyId:%x len:%d\n", keyId, len);
 #endif
-                    ret = wc_CmacFinal(ctx->crypto->algoCtx.cmac, out, &len);
-                    res.outSz = len;
-                    res.keyId = WH_KEYID_ERASED;
-                }
-                /* evict the key, canceling means abandoning the current state */
-                if (ret == 0 || ret == WH_ERROR_CANCEL) {
-                    if (!WH_KEYID_ISERASED(keyId)) {
-                        /* Don't override return value except on failure */
-                        int tmpRet = wh_Server_KeystoreEvictKey(
-                            ctx, WH_MAKE_KEYID(WH_KEYTYPE_CRYPTO,
-                                               ctx->comm->client_id, keyId));
-                        if (tmpRet != 0) {
-                            ret = tmpRet;
-                        }
+                ret       = wc_CmacFinal(ctx->crypto->algoCtx.cmac, out, &len);
+                res.outSz = len;
+                res.keyId = WH_KEYID_ERASED;
+
+                /* Evict the key from cache */
+                if (!WH_KEYID_ISERASED(keyId)) {
+                    /* Don't override return value except on failure */
+                    int tmpRet = wh_Server_KeystoreEvictKey(
+                        ctx, WH_MAKE_KEYID(WH_KEYTYPE_CRYPTO,
+                                           ctx->comm->client_id, keyId));
+                    if (tmpRet != 0) {
+                        ret = tmpRet;
                     }
                 }
             }
+#ifdef WOLFHSM_CFG_CANCEL_API
+            else if (ret == WH_ERROR_CANCEL) {
+                /* Handle cancellation - evict key and abandon state */
+                if (!WH_KEYID_ISERASED(req.keyId)) {
+                    wh_Server_KeystoreEvictKey(
+                        ctx, WH_MAKE_KEYID(WH_KEYTYPE_CRYPTO,
+                                           ctx->comm->client_id, req.keyId));
+                }
+            }
+#endif
             /* Cache the CMAC struct for a future update call */
             else if (ret == 0) {
                 /* cache/re-cache updated struct */
@@ -2930,9 +2959,13 @@ int wh_Server_HandleCryptoRequest(whServerContext* ctx, uint16_t magic,
     /* Since crypto error codes are propagated to the client in the response
      * packet, return success to the caller unless a cancellation has occurred
      */
+#ifdef WOLFHSM_CFG_CANCEL_API
     if (ret != WH_ERROR_CANCEL) {
         ret = WH_ERROR_OK;
     }
+#else
+    ret = WH_ERROR_OK;
+#endif
     return ret;
 }
 
@@ -4303,9 +4336,13 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic,
     /* Since crypto error codes are propagated to the client in the response
      * packet, return success to the caller unless a cancellation has occurred
      */
+#ifdef WOLFHSM_CFG_CANCEL_API
     if (ret != WH_ERROR_CANCEL) {
         ret = WH_ERROR_OK;
     }
+#else
+    ret = WH_ERROR_OK;
+#endif
     return ret;
 }
 #endif /* WOLFHSM_CFG_DMA */

test/config/wolfhsm_cfg.h

@@ -48,4 +48,10 @@
 
 #define WOLFHSM_CFG_KEYWRAP
 
+/* Only enable cancellation tests in POSIX test harness if using the
+ * instrumented tests server. Otherwise CMAC is too fast to test cancellation */
+#ifdef WOLFHSM_CFG_IS_TEST_SERVER
+#define WOLFHSM_CFG_CANCEL_API
+#endif
+
 #endif /* WOLFHSM_CFG_H_ */

test/wh_test_crypto.c

@@ -84,16 +84,16 @@ enum {
 #ifdef WOLFHSM_CFG_IS_TEST_SERVER
 /* Flag causing the server loop to sleep(1) */
 int serverDelay = 0;
-#endif
 
 #if defined(WOLFHSM_CFG_TEST_POSIX) && defined(WOLFHSM_CFG_ENABLE_CLIENT) && \
-    defined(WOLFHSM_CFG_ENABLE_SERVER)
+    defined(WOLFHSM_CFG_ENABLE_SERVER) && defined(WOLFHSM_CFG_CANCEL_API)
 /* pointer to expose server context cancel sequence to the client cancel
  * callback */
 static uint16_t* cancelSeqP;
 
 #endif /* WOLFHSM_CFG_TEST_POSIX && WOLFHSM_CFG_ENABLE_CLIENT && \
-          WOLFHSM_CFG_ENABLE_SERVER */
+          WOLFHSM_CFG_ENABLE_SERVER && WOLFHSM_CFG_CANCEL_API */
+#endif /* WOLFHSM_CFG_IS_TEST_SERVER */
 
 #if defined(WOLFHSM_CFG_TEST_VERBOSE) && defined(WOLFHSM_CFG_ENABLE_CLIENT)
 static int whTest_ShowNvmAvailable(whClientContext* ctx)
@@ -2460,22 +2460,21 @@ static int whTestCrypto_Cmac(whClientContext* ctx, int devId, WC_RNG* rng)
         }
     }
 
-#if !defined(WOLFHSM_CFG_TEST_CLIENT_ONLY_TCP)
+#if defined(WOLFHSM_CFG_CANCEL_API) && \
+    !defined(WOLFHSM_CFG_TEST_CLIENT_ONLY_TCP)
     /* test CMAC cancellation for supported devIds */
     if (ret == 0
 #ifdef WOLFHSM_CFG_DMA
         && devId != WH_DEV_ID_DMA
 #endif
     ) {
-#ifdef WOLFHSM_CFG_IS_TEST_SERVER
-        #define WH_TEST_CMAC_TEXTSIZE 1000
+#define WH_TEST_CMAC_TEXTSIZE 1000
         char cmacFodder[WH_TEST_CMAC_TEXTSIZE] = {0};
-#endif
+
         ret = wh_Client_EnableCancel(ctx);
         if (ret != 0) {
             WH_ERROR_PRINT("Failed to wh_Client_EnableCancel %d\n", ret);
         }
-#ifdef WOLFHSM_CFG_IS_TEST_SERVER
         if (ret == 0) {
             ret = wc_InitCmac_ex(cmac, knownCmacKey, sizeof(knownCmacKey),
                                  WC_CMAC_AES, NULL, NULL, devId);
@@ -2490,11 +2489,13 @@ static int whTestCrypto_Cmac(whClientContext* ctx, int devId, WC_RNG* rng)
                 }
                 else {
 
+#if WOLFHSM_CFG_IS_TEST_SERVER
                     /* TODO: use hsm pause/resume functionality on real hardware
                      */
                     /* delay the server so scheduling doesn't interfere with the
                      * timing */
                     serverDelay = 1;
+#endif
 
                     ret = wc_CmacUpdate(cmac, (byte*)cmacFodder,
                                         sizeof(cmacFodder));
@@ -2508,7 +2509,9 @@ static int whTestCrypto_Cmac(whClientContext* ctx, int devId, WC_RNG* rng)
                                 "Failed to wh_Client_CancelRequest %d\n", ret);
                         }
                         else {
+#if WOLFHSM_CFG_IS_TEST_SERVER
                             serverDelay = 0;
+#endif
                             do {
                                 ret = wh_Client_CancelResponse(ctx);
                             } while (ret == WH_ERROR_NOTREADY);
@@ -2523,7 +2526,6 @@ static int whTestCrypto_Cmac(whClientContext* ctx, int devId, WC_RNG* rng)
                 }
             }
         }
-#endif /* WOLFHSM_CFG_IS_TEST_SERVER */
         if (ret == 0) {
             /* test cancelable request and response work for standard CMAC
                 * request with no cancellation */
@@ -2596,7 +2598,7 @@ static int whTestCrypto_Cmac(whClientContext* ctx, int devId, WC_RNG* rng)
             }
         }
     }
-#endif /* !defined(WOLFHSM_CFG_TEST_CLIENT_ONLY_TCP) */
+#endif /* WOLFHSM_CFG_CANCEL_API */
     if (ret == 0) {
         printf("CMAC DEVID=0x%X SUCCESS\n", devId);
     }
@@ -3508,7 +3510,8 @@ int whTest_CryptoServerConfig(whServerConfig* config)
         return WH_ERROR_BADARGS;
     }
 
-#if defined(WOLFHSM_CFG_TEST_POSIX)
+#if defined(WOLFHSM_CFG_IS_TEST_SERVER) && defined(WOLFHSM_CFG_TEST_POSIX) && \
+    defined(WOLFHSM_CFG_CANCEL_API)
     /* expose server ctx to client cancel callback */
     cancelSeqP = &server->cancelSeq;
 #endif
@@ -3578,13 +3581,15 @@ static void* _whServerTask(void* cf)
 #if defined(WOLFHSM_CFG_TEST_POSIX) && defined(WOLFHSM_CFG_ENABLE_CLIENT) && \
     defined(WOLFHSM_CFG_ENABLE_SERVER)
 
+#if defined(WOLFHSM_CFG_IS_TEST_SERVER) && defined(WOLFHSM_CFG_CANCEL_API)
 /* Test client cancel callback that directly sets the sequence to cancel in the
  * server context */
 static int _cancelCb(uint16_t seq)
 {
     *cancelSeqP = seq;
     return 0;
 }
+#endif
 
 static void _whClientServerThreadTest(whClientConfig* c_conf,
                                 whServerConfig* s_conf)
@@ -3622,6 +3627,7 @@ static int wh_ClientServer_MemThreadTest(void)
         .resp       = (whTransportMemCsr*)resp,
         .resp_size  = sizeof(resp),
     }};
+
     /* Client configuration/contexts */
     whTransportClientCb         tccb[1]   = {WH_TRANSPORT_MEM_CLIENT_CB};
     whTransportMemClientContext tmcc[1]   = {0};
@@ -3637,11 +3643,14 @@ static int wh_ClientServer_MemThreadTest(void)
 #endif
     whClientConfig c_conf[1] = {{
         .comm     = cc_conf,
-        .cancelCb = _cancelCb,
 #ifdef WOLFHSM_CFG_DMA
         .dmaConfig = &clientDmaConfig,
+#endif
+#ifdef WOLFHSM_CFG_CANCEL_API
+        .cancelCb = _cancelCb,
 #endif
     }};
+
     /* Server configuration/contexts */
     whTransportServerCb         tscb[1]   = {WH_TRANSPORT_MEM_SERVER_CB};
     whTransportMemServerContext tmsc[1]   = {0};