Implement request/response functions for aes cbc. Update crypto affinity test to new aes cbc functions

Author: AlexLanzano

src/wh_client_crypto.c

@@ -482,7 +482,7 @@ int wh_Client_AesCtrDma(whClientContext* ctx, Aes* aes, int enc,
 
     /* Setup generic header and get pointer to request data */
     req = (whMessageCrypto_AesCtrDmaRequest*)_createCryptoRequest(
-        dataPtr, WC_CIPHER_AES_CTR);
+        dataPtr, WC_CIPHER_AES_CTR, ctx->cryptoAffinity);
     uint8_t* req_iv = (uint8_t*)req + sizeof(whMessageCrypto_AesCtrDmaRequest);
     uint8_t* req_tmp = req_iv + AES_IV_SIZE;
     uint8_t* req_key = req_tmp + AES_BLOCK_SIZE;
@@ -713,7 +713,7 @@ int wh_Client_AesEcbDma(whClientContext* ctx, Aes* aes, int enc,
 
     /* Setup generic header and get pointer to request data */
     req = (whMessageCrypto_AesEcbDmaRequest*)_createCryptoRequest(
-        dataPtr, WC_CIPHER_AES_ECB);
+        dataPtr, WC_CIPHER_AES_ECB, ctx->cryptoAffinity);
     uint8_t* req_key = (uint8_t*)req + sizeof(whMessageCrypto_AesEcbDmaRequest);
     uint32_t req_len = sizeof(whMessageCrypto_GenericRequestHeader) +
                        sizeof(*req);
@@ -840,7 +840,7 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
     }
     /* Setup generic header and get pointer to request data */
     req = (whMessageCrypto_AesCbcRequest*)_createCryptoRequest(
-        dataPtr, WC_CIPHER_AES_CBC);
+        dataPtr, WC_CIPHER_AES_CBC, ctx->cryptoAffinity);
     uint8_t* req_in  = (uint8_t*)(req + 1);
     uint8_t* req_key = req_in + len;
     uint8_t* req_iv  = req_key + key_len;
@@ -1034,6 +1034,114 @@ int wh_Client_AesCbcDma(whClientContext* ctx, Aes* aes, int enc,
     return ret;
 }
 #endif /* WOLFHSM_CFG_DMA */
+
+int wh_Client_AesCbcRequest(whClientContext* ctx, Aes* aes, int enc,
+                            const uint8_t* in, uint32_t len)
+{
+    whMessageCrypto_AesCbcRequest* req;
+    uint8_t*                       dataPtr;
+
+    if ((ctx == NULL) || (aes == NULL) || ((len % AES_BLOCK_SIZE) != 0) ||
+        (in == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    uint16_t blocks = len / AES_BLOCK_SIZE;
+
+    if (blocks == 0) {
+        return WH_ERROR_OK;
+    }
+
+    uint32_t       key_len = aes->keylen;
+    const uint8_t* key     = (const uint8_t*)(aes->devKey);
+    whKeyId        key_id  = WH_DEVCTX_TO_KEYID(aes->devCtx);
+    uint8_t*       iv      = (uint8_t*)aes->reg;
+    uint32_t       iv_len  = AES_IV_SIZE;
+
+    dataPtr = wh_CommClient_GetDataPtr(ctx->comm);
+    if (dataPtr == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+
+    req = (whMessageCrypto_AesCbcRequest*)_createCryptoRequest(
+        dataPtr, WC_CIPHER_AES_CBC, ctx->cryptoAffinity);
+    uint8_t* req_in  = (uint8_t*)(req + 1);
+    uint8_t* req_key = req_in + len;
+    uint8_t* req_iv  = req_key + key_len;
+    uint32_t req_len = sizeof(whMessageCrypto_GenericRequestHeader) +
+                       sizeof(*req) + len + key_len + iv_len;
+
+    if (req_len > WOLFHSM_CFG_COMM_DATA_LEN) {
+        return WH_ERROR_BADARGS;
+    }
+
+    req->enc    = enc;
+    req->keyLen = key_len;
+    req->sz     = len;
+    req->keyId  = key_id;
+    if ((in != NULL) && (len > 0)) {
+        memcpy(req_in, in, len);
+    }
+    if ((key != NULL) && (key_len > 0)) {
+        memcpy(req_key, key, key_len);
+    }
+    if ((iv != NULL) && (iv_len > 0)) {
+        memcpy(req_iv, iv, iv_len);
+    }
+
+    /* For decryption, update the IV with the last ciphertext block before
+     * sending, since the input buffer may be reused for output (in-place) */
+    if (enc == 0) {
+        uint32_t last_offset = (blocks - 1) * AES_BLOCK_SIZE;
+        memcpy(iv, in + last_offset, iv_len);
+    }
+
+    return wh_Client_SendRequest(ctx, WH_MESSAGE_GROUP_CRYPTO,
+                                 WC_ALGO_TYPE_CIPHER, req_len, dataPtr);
+}
+
+int wh_Client_AesCbcResponse(whClientContext* ctx, Aes* aes, uint8_t* out,
+                             uint32_t* out_size)
+{
+    int                             ret;
+    uint8_t*                        dataPtr;
+    uint16_t                        group   = 0;
+    uint16_t                        action  = 0;
+    uint16_t                        res_len = 0;
+    whMessageCrypto_AesCbcResponse* res;
+
+    if ((ctx == NULL) || (aes == NULL)) {
+        return WH_ERROR_BADARGS;
+    }
+
+    dataPtr = wh_CommClient_GetDataPtr(ctx->comm);
+    if (dataPtr == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+
+    ret = wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
+    if (ret == WH_ERROR_OK) {
+        ret = _getCryptoResponse(dataPtr, WC_CIPHER_AES_CBC, (uint8_t**)&res);
+        if (ret == WH_ERROR_OK) {
+            uint8_t* res_out = (uint8_t*)(res + 1);
+            if (out != NULL) {
+                memcpy(out, res_out, res->sz);
+                /* For encryption, update the IV with the last ciphertext
+                 * block for CBC chaining */
+                if (res->sz >= AES_BLOCK_SIZE) {
+                    uint32_t last_offset =
+                        ((res->sz / AES_BLOCK_SIZE) - 1) * AES_BLOCK_SIZE;
+                    memcpy((uint8_t*)aes->reg, out + last_offset, AES_IV_SIZE);
+                }
+            }
+            if (out_size != NULL) {
+                *out_size = res->sz;
+            }
+        }
+    }
+
+    return ret;
+}
 #endif /* HAVE_AES_CBC */
 
 #ifdef HAVE_AESGCM

src/wh_server_crypto.c

@@ -2388,9 +2388,10 @@ static int _HandleAesCtr(whServerContext* ctx, uint16_t magic, int devId,
 
 
 #ifdef WOLFHSM_CFG_DMA
-static int _HandleAesCtrDma(whServerContext* ctx, uint16_t magic, uint16_t seq,
-                            const void* cryptoDataIn, uint16_t inSize,
-                            void* cryptoDataOut, uint16_t* outSize)
+static int _HandleAesCtrDma(whServerContext* ctx, uint16_t magic, int devId,
+                            uint16_t seq, const void* cryptoDataIn,
+                            uint16_t inSize, void* cryptoDataOut,
+                            uint16_t* outSize)
 {
     int                               ret = WH_ERROR_OK;
     whMessageCrypto_AesCtrDmaRequest  req;
@@ -2500,7 +2501,7 @@ static int _HandleAesCtrDma(whServerContext* ctx, uint16_t magic, uint16_t seq,
     }
 
     if (ret == WH_ERROR_OK) {
-        ret = wc_AesInit(aes, NULL, ctx->crypto->devId);
+        ret = wc_AesInit(aes, NULL, devId);
     }
 
     if (ret == WH_ERROR_OK) {
@@ -2687,9 +2688,10 @@ static int _HandleAesEcb(whServerContext* ctx, uint16_t magic, int devId,
 }
 
 #ifdef WOLFHSM_CFG_DMA
-static int _HandleAesEcbDma(whServerContext* ctx, uint16_t magic, uint16_t seq,
-                            const void* cryptoDataIn, uint16_t inSize,
-                            void* cryptoDataOut, uint16_t* outSize)
+static int _HandleAesEcbDma(whServerContext* ctx, uint16_t magic, int devId,
+                            uint16_t seq, const void* cryptoDataIn,
+                            uint16_t inSize, void* cryptoDataOut,
+                            uint16_t* outSize)
 {
     int                               ret = WH_ERROR_OK;
     whMessageCrypto_AesEcbDmaRequest  req;
@@ -2786,7 +2788,7 @@ static int _HandleAesEcbDma(whServerContext* ctx, uint16_t magic, uint16_t seq,
     }
 
     if (ret == WH_ERROR_OK) {
-        ret = wc_AesInit(aes, NULL, ctx->crypto->devId);
+        ret = wc_AesInit(aes, NULL, devId);
     }
 
     if (ret == WH_ERROR_OK) {
@@ -2971,9 +2973,10 @@ static int _HandleAesCbc(whServerContext* ctx, uint16_t magic, int devId,
 }
 
 #ifdef WOLFHSM_CFG_DMA
-static int _HandleAesCbcDma(whServerContext* ctx, uint16_t magic, uint16_t seq,
-                            const void* cryptoDataIn, uint16_t inSize,
-                            void* cryptoDataOut, uint16_t* outSize)
+static int _HandleAesCbcDma(whServerContext* ctx, uint16_t magic, int devId,
+                            uint16_t seq, const void* cryptoDataIn,
+                            uint16_t inSize, void* cryptoDataOut,
+                            uint16_t* outSize)
 {
     int                               ret = WH_ERROR_OK;
     whMessageCrypto_AesCbcDmaRequest  req;
@@ -3077,7 +3080,7 @@ static int _HandleAesCbcDma(whServerContext* ctx, uint16_t magic, uint16_t seq,
     }
 
     if (ret == WH_ERROR_OK) {
-        ret = wc_AesInit(aes, NULL, ctx->crypto->devId);
+        ret = wc_AesInit(aes, NULL, devId);
     }
 
     if (ret == WH_ERROR_OK) {
@@ -5961,23 +5964,23 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic,
 #endif /* HAVE_AESGCM */
 #ifdef WOLFSSL_AES_COUNTER
                 case WC_CIPHER_AES_CTR:
-                    ret = _HandleAesCtrDma(ctx, magic, seq, cryptoDataIn,
-                                           cryptoInSize, cryptoDataOut,
-                                           &cryptoOutSize);
+                    ret = _HandleAesCtrDma(ctx, magic, devId, seq,
+                                           cryptoDataIn, cryptoInSize,
+                                           cryptoDataOut, &cryptoOutSize);
                     break;
 #endif /* WOLFSSL_AES_COUNTER */
 #ifdef HAVE_AES_CBC
                 case WC_CIPHER_AES_CBC:
-                    ret = _HandleAesCbcDma(ctx, magic, seq, cryptoDataIn,
-                                           cryptoInSize, cryptoDataOut,
-                                           &cryptoOutSize);
+                    ret = _HandleAesCbcDma(ctx, magic, devId, seq,
+                                           cryptoDataIn, cryptoInSize,
+                                           cryptoDataOut, &cryptoOutSize);
                     break;
 #endif /* HAVE_AES_CBC */
 #ifdef HAVE_AES_ECB
                 case WC_CIPHER_AES_ECB:
-                    ret = _HandleAesEcbDma(ctx, magic, seq, cryptoDataIn,
-                                           cryptoInSize, cryptoDataOut,
-                                           &cryptoOutSize);
+                    ret = _HandleAesEcbDma(ctx, magic, devId, seq,
+                                           cryptoDataIn, cryptoInSize,
+                                           cryptoDataOut, &cryptoOutSize);
                     break;
 #endif /* HAVE_AES_ECB */
                 default:

test/wh_test_clientserver.c

@@ -42,6 +42,9 @@
 
 #ifdef WOLFHSM_CFG_ENABLE_CLIENT
 #include "wolfhsm/wh_client.h"
+#if !defined(WOLFHSM_CFG_NO_CRYPTO)
+#include "wolfhsm/wh_client_crypto.h"
+#endif
 #include "wh_test_nvmflags.h"
 #endif
 
@@ -504,6 +507,69 @@ static int _clientServerSequentialTestConnectCb(void*           context,
                                   connected);
 }
 
+#if !defined(WOLFHSM_CFG_NO_CRYPTO)
+#ifdef HAVE_AES_CBC
+static int _testAesCbcRequestResponse(whClientContext* client,
+                                      whServerContext* server)
+{
+    Aes      aes[1];
+    uint8_t  key[AES_BLOCK_SIZE]       = {0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                                          0x11, 0x22, 0x33, 0x44, 0x55, 0x66,
+                                          0x77, 0x88, 0x99, 0x00};
+    uint8_t  iv[AES_BLOCK_SIZE]        = {0};
+    uint8_t  plainIn[AES_BLOCK_SIZE]   = {0x77, 0x6F, 0x6C, 0x66, 0x48, 0x53,
+                                          0x4D, 0x20, 0x41, 0x45, 0x53, 0x20,
+                                          0x74, 0x65, 0x73, 0x74};
+    uint8_t  cipherOut[AES_BLOCK_SIZE] = {0};
+    uint8_t  plainOut[AES_BLOCK_SIZE]  = {0};
+    uint32_t outSize                   = 0;
+    int      rc;
+
+    WH_TEST_PRINT("  Testing AES CBC request/response...\n");
+
+    /* Encrypt */
+    WH_TEST_RETURN_ON_FAIL(wc_AesInit(aes, NULL, INVALID_DEVID));
+    WH_TEST_RETURN_ON_FAIL(
+        wc_AesSetKey(aes, key, sizeof(key), iv, AES_ENCRYPTION));
+
+    WH_TEST_RETURN_ON_FAIL(
+        wh_Client_AesCbcRequest(client, aes, 1, plainIn, sizeof(plainIn)));
+
+    /* Response should not be ready before server processes */
+    rc = wh_Client_AesCbcResponse(client, aes, cipherOut, &outSize);
+    WH_TEST_ASSERT_RETURN(rc == WH_ERROR_NOTREADY);
+
+    /* Server processes the request */
+    WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server));
+
+    /* Now response should be available */
+    WH_TEST_RETURN_ON_FAIL(
+        wh_Client_AesCbcResponse(client, aes, cipherOut, &outSize));
+    WH_TEST_ASSERT_RETURN(outSize == sizeof(plainIn));
+    /* Ciphertext should differ from plaintext */
+    WH_TEST_ASSERT_RETURN(memcmp(cipherOut, plainIn, sizeof(plainIn)) != 0);
+    wc_AesFree(aes);
+
+    /* Decrypt */
+    WH_TEST_RETURN_ON_FAIL(wc_AesInit(aes, NULL, INVALID_DEVID));
+    WH_TEST_RETURN_ON_FAIL(
+        wc_AesSetKey(aes, key, sizeof(key), iv, AES_DECRYPTION));
+
+    WH_TEST_RETURN_ON_FAIL(
+        wh_Client_AesCbcRequest(client, aes, 0, cipherOut, sizeof(cipherOut)));
+    WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server));
+    WH_TEST_RETURN_ON_FAIL(
+        wh_Client_AesCbcResponse(client, aes, plainOut, &outSize));
+    WH_TEST_ASSERT_RETURN(outSize == sizeof(cipherOut));
+    /* Decrypted output should match original plaintext */
+    WH_TEST_ASSERT_RETURN(memcmp(plainOut, plainIn, sizeof(plainIn)) == 0);
+    wc_AesFree(aes);
+
+    return WH_ERROR_OK;
+}
+#endif /* HAVE_AES_CBC */
+#endif /* !WOLFHSM_CFG_NO_CRYPTO */
+
 static int _testOutOfBoundsNvmReads(whClientContext* client,
                                     whServerContext* server, whNvmId id)
 {
@@ -1105,6 +1171,12 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType)
     WH_TEST_RETURN_ON_FAIL(_testDma(server, client));
 #endif /* WOLFHSM_CFG_DMA */
 
+#if !defined(WOLFHSM_CFG_NO_CRYPTO) && defined(HAVE_AES_CBC)
+    /* Test split AES CBC request/response */
+    WH_TEST_RETURN_ON_FAIL(
+        _testAesCbcRequestResponse(client, server));
+#endif /* !WOLFHSM_CFG_NO_CRYPTO && HAVE_AES_CBC */
+
     /* Check that we are still connected */
     WH_TEST_RETURN_ON_FAIL(wh_Server_GetConnected(server, &server_connected));
     WH_TEST_ASSERT_RETURN(server_connected == WH_COMM_CONNECTED);