Add DMA support for RNG, add support for seed gen

bigbrett · bigbrett · commit 189268dbe7f6 · 2025-10-16T16:53:29.000-06:00
diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c
@@ -257,6 +257,73 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size)
     return ret;
 }
 
+#ifdef WOLFHSM_CFG_DMA
+int wh_Client_RngGenerateDma(whClientContext* ctx, uint8_t* out, uint32_t size)
+{
+    int                             ret     = WH_ERROR_OK;
+    uint8_t*                        dataPtr = NULL;
+    whMessageCrypto_RngDmaRequest*  req     = NULL;
+    whMessageCrypto_RngDmaResponse* resp    = NULL;
+    uint16_t                        respSz  = 0;
+    uintptr_t                       outAddr = 0;
+
+    if ((ctx == NULL) || (out == NULL) || (size == 0)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    /* Get data pointer from the context to use as request/response storage */
+    dataPtr = (uint8_t*)wh_CommClient_GetDataPtr(ctx->comm);
+    if (dataPtr == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+
+    /* Setup generic header and get pointer to request data */
+    req = (whMessageCrypto_RngDmaRequest*)_createCryptoRequest(
+        dataPtr, WC_ALGO_TYPE_RNG);
+
+    /* Set up output buffer address and size */
+    req->output.sz = size;
+
+    /* Perform address translation for output buffer (PRE operation) */
+    ret = wh_Client_DmaProcessClientAddress(
+        ctx, (uintptr_t)out, (void**)&outAddr, req->output.sz,
+        WH_DMA_OPER_CLIENT_WRITE_PRE, (whDmaFlags){0});
+    req->output.addr = outAddr;
+
+    if (ret == WH_ERROR_OK) {
+        /* Send the request to the server */
+        ret = wh_Client_SendRequest(
+            ctx, WH_MESSAGE_GROUP_CRYPTO_DMA, WC_ALGO_TYPE_RNG,
+            sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req),
+            (uint8_t*)dataPtr);
+    }
+
+    if (ret == WH_ERROR_OK) {
+        /* Wait for and receive the response */
+        do {
+            ret = wh_Client_RecvResponse(ctx, NULL, NULL, &respSz,
+                                         (uint8_t*)dataPtr);
+        } while (ret == WH_ERROR_NOTREADY);
+    }
+
+    if (ret == WH_ERROR_OK) {
+        /* Get response structure pointer, validates generic header rc */
+        ret = _getCryptoResponse(dataPtr, WC_ALGO_TYPE_RNG, (uint8_t**)&resp);
+        /* Nothing more to do on success, as server will have written random
+         * bytes directly to client memory */
+    }
+
+    /* Perform address translation cleanup (POST operation)
+     * This is called regardless of successful operation to give the callback a
+     * chance for cleanup */
+    (void)wh_Client_DmaProcessClientAddress(
+        ctx, (uintptr_t)out, (void**)&outAddr, size,
+        WH_DMA_OPER_CLIENT_WRITE_POST, (whDmaFlags){0});
+
+    return ret;
+}
+#endif /* WOLFHSM_CFG_DMA */
+
 #ifndef NO_AES
 
 #ifdef WOLFSSL_AES_COUNTER
diff --git a/src/wh_client_cryptocb.c b/src/wh_client_cryptocb.c
@@ -395,6 +395,13 @@ int wh_Client_CryptoCb(int devId, wc_CryptoInfo* info, void* inCtx)
 
         ret = wh_Client_RngGenerate(ctx, out, size);
     } break;
+    case WC_ALGO_TYPE_SEED: {
+        /* Extract info parameters */
+        uint8_t* seed = info->seed.seed;
+        uint32_t size = info->seed.sz;
+
+        ret = wh_Client_RngGenerate(ctx, seed, size);
+    } break;
 #endif /* !WC_NO_RNG */
 
 #ifdef WOLFSSL_CMAC
@@ -846,6 +853,23 @@ int wh_Client_CryptoCbDma(int devId, wc_CryptoInfo* info, void* inCtx)
         break;
 #endif /* !NO_AES || !NO_DES */
 
+#ifndef WC_NO_RNG
+    case WC_ALGO_TYPE_RNG: {
+        /* Extract info parameters */
+        uint8_t* out  = info->rng.out;
+        uint32_t size = info->rng.sz;
+
+        ret = wh_Client_RngGenerateDma(ctx, out, size);
+    } break;
+    case WC_ALGO_TYPE_SEED: {
+        /* Extract info parameters */
+        uint8_t* seed = info->seed.seed;
+        uint32_t size = info->seed.sz;
+
+        ret = wh_Client_RngGenerateDma(ctx, seed, size);
+    } break;
+#endif /* !WC_NO_RNG */
+
     case WC_ALGO_TYPE_NONE:
     default:
         ret = CRYPTOCB_UNAVAILABLE;
diff --git a/src/wh_message_crypto.c b/src/wh_message_crypto.c
@@ -1045,3 +1045,29 @@ int wh_MessageCrypto_TranslateAesDmaResponse(
     WH_T32(magic, dest, src, outSz);
     return 0;
 }
+
+/* RNG DMA Request translation */
+int wh_MessageCrypto_TranslateRngDmaRequest(
+    uint16_t magic, const whMessageCrypto_RngDmaRequest* src,
+    whMessageCrypto_RngDmaRequest* dest)
+{
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    return wh_MessageCrypto_TranslateDmaBuffer(magic, &src->output,
+                                               &dest->output);
+}
+
+/* RNG DMA Response translation */
+int wh_MessageCrypto_TranslateRngDmaResponse(
+    uint16_t magic, const whMessageCrypto_RngDmaResponse* src,
+    whMessageCrypto_RngDmaResponse* dest)
+{
+    if ((src == NULL) || (dest == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    return wh_MessageCrypto_TranslateDmaAddrStatus(magic, &src->dmaAddrStatus,
+                                                   &dest->dmaAddrStatus);
+}
diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c
@@ -4536,7 +4536,66 @@ static int _HandleCmacDma(whServerContext* ctx, uint16_t magic, uint16_t seq,
     /* return value populates rc in response message */
     return ret;
 }
-#endif /* WOLFHSM_CFG_DMA */
+#endif /* WOLFSSL_CMAC */
+
+#ifndef WC_NO_RNG
+static int _HandleRngDma(whServerContext* ctx, uint16_t magic, uint16_t seq,
+                         const void* cryptoDataIn, uint16_t inSize,
+                         void* cryptoDataOut, uint16_t* outSize)
+{
+    (void)seq;
+    (void)inSize;
+
+    int                            ret = 0;
+    whMessageCrypto_RngDmaRequest  req;
+    whMessageCrypto_RngDmaResponse res;
+    void*                          outAddr = NULL;
+
+    /* Translate the request */
+    ret = wh_MessageCrypto_TranslateRngDmaRequest(
+        magic, (whMessageCrypto_RngDmaRequest*)cryptoDataIn, &req);
+    if (ret != WH_ERROR_OK) {
+        return ret;
+    }
+
+    /* Process the output address (PRE operation) */
+    if (ret == WH_ERROR_OK) {
+        ret = wh_Server_DmaProcessClientAddress(
+            ctx, req.output.addr, &outAddr, req.output.sz,
+            WH_DMA_OPER_CLIENT_WRITE_PRE, (whServerDmaFlags){0});
+        if (ret == WH_ERROR_ACCESS) {
+            res.dmaAddrStatus.badAddr = req.output;
+        }
+    }
+
+    /* Generate random bytes directly into client memory */
+    if (ret == WH_ERROR_OK) {
+#ifdef DEBUG_CRYPTOCB_VERBOSE
+        printf("[server] RNG DMA: generating %llu bytes to addr=%p\n",
+               (long long unsigned int)req.output.sz, outAddr);
+#endif
+        ret = wc_RNG_GenerateBlock(ctx->crypto->rng, outAddr, req.output.sz);
+    }
+
+    /* Process the output address (POST operation) */
+    if (ret == WH_ERROR_OK) {
+        ret = wh_Server_DmaProcessClientAddress(
+            ctx, req.output.addr, &outAddr, req.output.sz,
+            WH_DMA_OPER_CLIENT_WRITE_POST, (whServerDmaFlags){0});
+        if (ret == WH_ERROR_ACCESS) {
+            res.dmaAddrStatus.badAddr = req.output;
+        }
+    }
+
+    /* Translate the response */
+    (void)wh_MessageCrypto_TranslateRngDmaResponse(
+        magic, &res, (whMessageCrypto_RngDmaResponse*)cryptoDataOut);
+    *outSize = sizeof(res);
+
+    /* return value populates rc in response message */
+    return ret;
+}
+#endif /* !WC_NO_RNG */
 
 int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic,
                                      uint16_t action, uint16_t seq,
@@ -4657,6 +4716,13 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic,
             break;
 #endif /* WOLFSSL_CMAC */
 
+#ifndef WC_NO_RNG
+        case WC_ALGO_TYPE_RNG:
+            ret = _HandleRngDma(ctx, magic, seq, cryptoDataIn, cryptoInSize,
+                                cryptoDataOut, &cryptoOutSize);
+            break;
+#endif /* !WC_NO_RNG */
+
         case WC_ALGO_TYPE_NONE:
         default:
             ret = NOT_COMPILED_IN;
diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c
@@ -155,7 +155,7 @@ static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng)
         }
     }
     if (ret == 0) {
-        printf("RNG SUCCESS\n");
+        printf("RNG DEVID=0x%X SUCCESS\n", devId);
     }
     return ret;
 }
@@ -3561,8 +3561,13 @@ int whTest_CryptoClientConfig(whClientConfig* config)
     }
 #endif /* WOLFHSM_CFG_TEST_VERBOSE */
 
-    if (ret == 0) {
-        ret = whTest_CryptoRng(client, WH_DEV_ID, rng);
+    i = 0;
+    while ((ret == WH_ERROR_OK) && (i < WH_NUM_DEVIDS)) {
+        ret = whTest_CryptoRng(client, WH_DEV_IDS_ARRAY[i], rng);
+        if (ret == WH_ERROR_OK) {
+            wc_FreeRng(rng);
+            i++;
+        }
     }
 
     if (ret == 0) {
diff --git a/wolfhsm/wh_client_crypto.h b/wolfhsm/wh_client_crypto.h
@@ -64,6 +64,22 @@
  */
 int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size);
 
+#ifdef WOLFHSM_CFG_DMA
+/**
+ * @brief Generate random bytes using DMA
+ *
+ * This function requests the server to generate random bytes directly into
+ * client memory using DMA, eliminating the need for chunking and copying
+ * through the communication buffer.
+ *
+ * @param[in] ctx Pointer to the client context
+ * @param[out] out Pointer to where the bytes are to be placed
+ * @param[in] size Number of bytes to generate
+ * @return int Returns 0 on success or a negative error code on failure.
+ */
+int wh_Client_RngGenerateDma(whClientContext* ctx, uint8_t* out, uint32_t size);
+#endif /* WOLFHSM_CFG_DMA */
+
 #ifdef HAVE_CURVE25519
 /**
  * @brief Associates a Curve25519 key with a specific key ID.
diff --git a/wolfhsm/wh_message_crypto.h b/wolfhsm/wh_message_crypto.h
@@ -974,4 +974,23 @@ int wh_MessageCrypto_TranslateMlDsaVerifyDmaResponse(
     uint16_t magic, const whMessageCrypto_MlDsaVerifyDmaResponse* src,
     whMessageCrypto_MlDsaVerifyDmaResponse* dest);
 
+/* RNG DMA Request */
+typedef struct {
+    whMessageCrypto_DmaBuffer output; /* Output buffer for random bytes */
+} whMessageCrypto_RngDmaRequest;
+
+/* RNG DMA Response */
+typedef struct {
+    whMessageCrypto_DmaAddrStatus dmaAddrStatus;
+} whMessageCrypto_RngDmaResponse;
+
+/* RNG DMA translation functions */
+int wh_MessageCrypto_TranslateRngDmaRequest(
+    uint16_t magic, const whMessageCrypto_RngDmaRequest* src,
+    whMessageCrypto_RngDmaRequest* dest);
+
+int wh_MessageCrypto_TranslateRngDmaResponse(
+    uint16_t magic, const whMessageCrypto_RngDmaResponse* src,
+    whMessageCrypto_RngDmaResponse* dest);
+
 #endif /* !WOLFHSM_WH_MESSAGE_CRYPTO_H_ */

Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,7 @@ static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng)`
`155`	`155`	`}`
`156`	`156`	`}`
`157`	`157`	`if (ret == 0) {`
`158`		`- printf("RNG SUCCESS\n");`
	`158`	`+ printf("RNG DEVID=0x%X SUCCESS\n", devId);`
`159`	`159`	`}`
`160`	`160`	`return ret;`
`161`	`161`	`}`
`@@ -3561,8 +3561,13 @@ int whTest_CryptoClientConfig(whClientConfig* config)`
`3561`	`3561`	`}`
`3562`	`3562`	`#endif /* WOLFHSM_CFG_TEST_VERBOSE */`
`3563`	`3563`
`3564`		`- if (ret == 0) {`
`3565`		`- ret = whTest_CryptoRng(client, WH_DEV_ID, rng);`
	`3564`	`+ i = 0;`
	`3565`	`+ while ((ret == WH_ERROR_OK) && (i < WH_NUM_DEVIDS)) {`
	`3566`	`+ ret = whTest_CryptoRng(client, WH_DEV_IDS_ARRAY[i], rng);`
	`3567`	`+ if (ret == WH_ERROR_OK) {`
	`3568`	`+ wc_FreeRng(rng);`
	`3569`	`+ i++;`
	`3570`	`+ }`
`3566`	`3571`	`}`
`3567`	`3572`
`3568`	`3573`	`if (ret == 0) {`