Merge branch 'main' into HSM_debug

Author: jackctj117

.github/workflows/clang-format-check.yml

@@ -43,6 +43,7 @@ jobs:
         else
           status=$?
         fi
+
         if [ "$status" -eq 0 ]; then
           echo "✅ Code is properly formatted!"
           exit 0
@@ -56,10 +57,14 @@ jobs:
           echo ""
           echo "Please run the following command locally on your feature branch and commit the changes:"
           echo "  git-clang-format-15 $BASE_REF"
-          exit 1
+          exit 0
+          # TEMPORARY DISABLE DUE TO BUGS
+          #exit 1
         else
           echo "❌ git-clang-format-15 failed with exit code $status"
           echo "Output (if any):"
           cat "$DIFF_FILE"
-          exit 1
+          exit 0
+          # TEMPORARY DISABLE DUE TO BUGS
+          #exit 1
         fi

.github/workflows/code-coverage.yml

@@ -0,0 +1,53 @@
+name: Code Coverage
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  coverage:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    # List compiler version
+    - name: List compiler and gcov version
+      run: |
+        gcc --version
+        gcov --version
+
+    # Install gcovr for coverage report generation
+    - name: Install gcovr
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y gcovr
+
+    # Checkout wolfssl
+    - name: Checkout wolfssl
+      uses: actions/checkout@v4
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+    # Run coverage
+    - name: Build and run tests with coverage
+      run: cd test && make coverage WOLFSSL_DIR=../wolfssl
+
+    # Display coverage summary in the action log
+    - name: Display coverage summary
+      run: |
+        echo "=== Coverage Summary ==="
+        cd test
+        gcovr Build --root .. --filter '\.\./src/.*' --filter '\.\./wolfhsm/.*' --print-summary
+
+    # Upload coverage report as artifact
+    - name: Upload coverage report
+      uses: actions/upload-artifact@v4
+      with:
+        name: coverage-report
+        path: coverage/
+        retention-days: 30
+

.gitignore

@@ -14,3 +14,8 @@ compile_commands.json
 tools/static-analysis/reports/
 *.xml
 *.html
+
+# Code coverage
+*.gcda
+*.gcno
+coverage/

benchmark/bench_modules/wh_bench_mod_aes.c

@@ -25,6 +25,10 @@
 
 #if defined(WOLFHSM_CFG_BENCH_ENABLE)
 
+#if defined(WOLFHSM_CFG_DMA) && defined(WOLFHSM_CFG_TEST_POSIX)
+#include "port/posix/posix_transport_shm.h"
+#endif /* WOLFHSM_CFG_DMA && WOLFHSM_CFG_TEST_POSIX */
+
 #if !defined(NO_AES)
 
 /* 128-bit key */
@@ -440,6 +444,164 @@ int wh_Bench_Mod_Aes256CBCDecrypt(whClientContext*  client,
 #endif /* HAVE_AES_CBC */
 
 #if defined(HAVE_AESGCM)
+#ifdef WOLFHSM_CFG_DMA
+static int _benchAesGcmDma(whClientContext* client, whBenchOpContext* ctx,
+                           int id, const uint8_t* key, size_t keyLen,
+                           int encrypt)
+{
+    int            ret       = 0;
+    int            needEvict = 0;
+    whKeyId        keyId     = WH_KEYID_ERASED;
+    Aes            aes[1];
+    char           keyLabel[]                  = "key label";
+    byte           iv[WC_AES_BLOCK_SIZE]       = {0, 1, 2,  3,  4,  5,  6,  7,
+                                                  8, 9, 10, 11, 12, 13, 14, 15};
+    byte           authData[WC_AES_BLOCK_SIZE] = {0, 1, 2,  3,  4,  5,  6,  7,
+                                                  8, 9, 10, 11, 12, 13, 14, 15};
+    byte           authTag[WC_AES_BLOCK_SIZE]  = {0, 1, 2,  3,  4,  5,  6,  7,
+                                                  8, 9, 10, 11, 12, 13, 14, 15};
+    const size_t   inLen = WOLFHSM_CFG_BENCH_DMA_BUFFER_SIZE / 2;
+    int            i;
+    const uint8_t* in  = NULL;
+    uint8_t*       out = NULL;
+
+#if defined(WOLFHSM_CFG_TEST_POSIX)
+    /* Allocate buffers using XMALLOC with heap hints for DMA */
+    if (ctx->transportType == WH_BENCH_TRANSPORT_POSIX_DMA) {
+        void* heap =
+            posixTransportShm_GetDmaHeap(client->comm->transport_context);
+        in = XMALLOC(inLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (in == NULL) {
+            WH_BENCH_PRINTF("Failed to allocate memory for DMA input\n");
+            return WH_ERROR_NOSPACE;
+        }
+
+        out = XMALLOC(inLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (out == NULL) {
+            WH_BENCH_PRINTF("Failed to allocate memory for DMA output\n");
+            XFREE((uint8_t*)in, heap, DYNAMIC_TYPE_TMP_BUFFER);
+            return WH_ERROR_NOSPACE;
+        }
+    }
+    else
+#endif /* WOLFHSM_CFG_TEST_POSIX */
+    {
+        in  = WH_BENCH_DMA_BUFFER;
+        out = (uint8_t*)in + inLen;
+    }
+
+#if defined(WOLFHSM_CFG_BENCH_INIT_DATA_BUFFERS)
+    /* Initialize the buffers with something non-zero */
+    memset((uint8_t*)in, 0xAA, inLen);
+    memset(out, 0xAA, inLen);
+#endif
+
+    /* initialize the aes struct */
+    ret = wc_AesInit(aes, NULL, WH_DEV_ID_DMA);
+    if (ret != 0) {
+        WH_BENCH_PRINTF("Failed to wc_AesInit %d\n", ret);
+        return ret;
+    }
+
+    /* cache the key on the HSM */
+    ret = wh_Client_KeyCache(client, 0, (uint8_t*)keyLabel, sizeof(keyLabel),
+                             (uint8_t*)key, keyLen, &keyId);
+    if (ret != 0) {
+        WH_BENCH_PRINTF("Failed to wh_Client_KeyCache %d\n", ret);
+        goto exit;
+    }
+
+    needEvict = 1;
+
+    /* set the keyId on the struct */
+    ret = wh_Client_AesSetKeyId(aes, keyId);
+    if (ret != 0) {
+        WH_BENCH_PRINTF("Failed to wh_Client_SetKeyIdAes %d\n", ret);
+        goto exit;
+    }
+
+    /* set the iv */
+    ret = wc_AesSetIV(aes, iv);
+    if (ret != 0) {
+        WH_BENCH_PRINTF("Failed to wc_AesSetIV %d\n", ret);
+        goto exit;
+    }
+
+    ret = wh_Bench_SetDataSize(ctx, id, inLen);
+    if (ret != 0) {
+        WH_BENCH_PRINTF("Failed to wh_Bench_SetDataSize %d\n", ret);
+        goto exit;
+    }
+
+    for (i = 0; i < WOLFHSM_CFG_BENCH_CRYPT_ITERS; i++) {
+        int benchStartRet;
+        int benchStopRet;
+
+        if (encrypt == ENCRYPT) {
+            benchStartRet = wh_Bench_StartOp(ctx, id);
+
+            ret = wh_Client_AesGcmDma(client, aes, ENCRYPT, in, inLen, iv,
+                                      sizeof(iv), authData, sizeof(authData),
+                                      NULL, authTag, sizeof(authTag), out);
+
+            benchStopRet = wh_Bench_StopOp(ctx, id);
+        }
+        else {
+            benchStartRet = wh_Bench_StartOp(ctx, id);
+
+            ret = wh_Client_AesGcmDma(client, aes, DECRYPT, in, inLen, iv,
+                                      sizeof(iv), authData, sizeof(authData),
+                                      authTag, NULL, sizeof(authTag), out);
+
+            benchStopRet = wh_Bench_StopOp(ctx, id);
+
+            /* Squash auth error since we are using dummy data */
+            if (ret == AES_GCM_AUTH_E) {
+                ret = 0;
+            }
+        }
+
+        if (benchStartRet != 0) {
+            WH_BENCH_PRINTF("Failed to wh_Bench_StartOp %d\n", benchStartRet);
+            ret = benchStartRet;
+            goto exit;
+        }
+        if (ret != 0) {
+            WH_BENCH_PRINTF("Failed to wh_Client_AesGcmDma %d\n", ret);
+            goto exit;
+        }
+        if (benchStopRet != 0) {
+            WH_BENCH_PRINTF("Failed to wh_Bench_StopOp %d\n", benchStopRet);
+            ret = benchStopRet;
+            goto exit;
+        }
+    }
+
+exit:
+    wc_AesFree(aes);
+
+    if (needEvict) {
+        int evictRet = wh_Client_KeyEvict(client, keyId);
+        if (evictRet != 0) {
+            WH_BENCH_PRINTF("Failed to evict key from cache: %d\n", evictRet);
+            ret = evictRet;
+        }
+    }
+
+#if defined(WOLFHSM_CFG_TEST_POSIX)
+    if (ctx->transportType == WH_BENCH_TRANSPORT_POSIX_DMA) {
+        /* if static memory was used with DMA then use XFREE */
+        void* heap =
+            posixTransportShm_GetDmaHeap(client->comm->transport_context);
+        XFREE((uint8_t*)in, heap, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(out, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+#endif /* WOLFHSM_CFG_TEST_POSIX */
+
+    return ret;
+}
+#endif /* WOLFHSM_CFG_DMA */
+
 static int _benchAesGcm(whClientContext* client, whBenchOpContext* ctx, int id,
                         const uint8_t* key, size_t keyLen, int encrypt)
 {
@@ -598,6 +760,74 @@ int wh_Bench_Mod_Aes256GCMDecrypt(whClientContext*  client,
     return _benchAesGcm(client, ctx, id, (uint8_t*)key256, sizeof(key256),
                         DECRYPT);
 }
+
+int wh_Bench_Mod_Aes128GCMEncryptDma(whClientContext*  client,
+                                     whBenchOpContext* ctx, int id,
+                                     void* params)
+{
+#if defined(WOLFHSM_CFG_DMA)
+    (void)params;
+    return _benchAesGcmDma(client, ctx, id, (uint8_t*)key128, sizeof(key128),
+                           ENCRYPT);
+#else
+    (void)client;
+    (void)ctx;
+    (void)id;
+    (void)params;
+    return WH_ERROR_NOTIMPL;
+#endif
+}
+
+int wh_Bench_Mod_Aes128GCMDecryptDma(whClientContext*  client,
+                                     whBenchOpContext* ctx, int id,
+                                     void* params)
+{
+#if defined(WOLFHSM_CFG_DMA)
+    (void)params;
+    return _benchAesGcmDma(client, ctx, id, (uint8_t*)key128, sizeof(key128),
+                           DECRYPT);
+#else
+    (void)client;
+    (void)ctx;
+    (void)id;
+    (void)params;
+    return WH_ERROR_NOTIMPL;
+#endif
+}
+
+int wh_Bench_Mod_Aes256GCMEncryptDma(whClientContext*  client,
+                                     whBenchOpContext* ctx, int id,
+                                     void* params)
+{
+#if defined(WOLFHSM_CFG_DMA)
+    (void)params;
+    return _benchAesGcmDma(client, ctx, id, (uint8_t*)key256, sizeof(key256),
+                           ENCRYPT);
+#else
+    (void)client;
+    (void)ctx;
+    (void)id;
+    (void)params;
+    return WH_ERROR_NOTIMPL;
+#endif
+}
+
+int wh_Bench_Mod_Aes256GCMDecryptDma(whClientContext*  client,
+                                     whBenchOpContext* ctx, int id,
+                                     void* params)
+{
+#if defined(WOLFHSM_CFG_DMA)
+    (void)params;
+    return _benchAesGcmDma(client, ctx, id, (uint8_t*)key256, sizeof(key256),
+                           DECRYPT);
+#else
+    (void)client;
+    (void)ctx;
+    (void)id;
+    (void)params;
+    return WH_ERROR_NOTIMPL;
+#endif
+}
 #endif /* HAVE_AESGCM */
 
 #endif /* !defined(NO_AES) */

benchmark/bench_modules/wh_bench_mod_all.h

@@ -51,6 +51,14 @@ int wh_Bench_Mod_Aes128GCMEncrypt(whClientContext*  client,
 int wh_Bench_Mod_Aes128GCMDecrypt(whClientContext*  client,
                                   whBenchOpContext* ctx, int id, void* params);
 
+int wh_Bench_Mod_Aes128GCMEncryptDma(whClientContext*  client,
+                                     whBenchOpContext* ctx, int id,
+                                     void* params);
+
+int wh_Bench_Mod_Aes128GCMDecryptDma(whClientContext*  client,
+                                     whBenchOpContext* ctx, int id,
+                                     void* params);
+
 int wh_Bench_Mod_Aes256CTREncrypt(whClientContext*  client,
                                   whBenchOpContext* ctx, int id, void* params);
 
@@ -75,6 +83,14 @@ int wh_Bench_Mod_Aes256GCMEncrypt(whClientContext*  client,
 int wh_Bench_Mod_Aes256GCMDecrypt(whClientContext*  client,
                                   whBenchOpContext* ctx, int id, void* params);
 
+int wh_Bench_Mod_Aes256GCMEncryptDma(whClientContext*  client,
+                                     whBenchOpContext* ctx, int id,
+                                     void* params);
+
+int wh_Bench_Mod_Aes256GCMDecryptDma(whClientContext*  client,
+                                     whBenchOpContext* ctx, int id,
+                                     void* params);
+
 /*
  * CMAC benchmark module prototypes (wh_bench_mod_cmac.c)
  */
@@ -143,6 +159,12 @@ int wh_Bench_Mod_HmacSha3256(whClientContext* client, whBenchOpContext* ctx,
 int wh_Bench_Mod_HmacSha3256Dma(whClientContext* client, whBenchOpContext* ctx,
                                 int id, void* params);
 
+/*
+ * HKDF benchmark module prototypes (wh_bench_mod_hkdf.c)
+ */
+int wh_Bench_Mod_HkdfSha256(whClientContext* client, whBenchOpContext* ctx,
+                            int id, void* params);
+
 /*
  * ECC benchmark module prototypes (wh_bench_mod_ecc.c)
  */