|
| 1 | +/* |
| 2 | + * port/armv8m-tz/wh_transport_nsc.c |
| 3 | + * |
| 4 | + * Copyright (C) 2026 wolfSSL Inc. |
| 5 | + * |
| 6 | + * This file is part of wolfHSM. |
| 7 | + * |
| 8 | + * wolfHSM is free software; you can redistribute it and/or modify |
| 9 | + * it under the terms of the GNU General Public License as published by |
| 10 | + * the Free Software Foundation; either version 3 of the License, or |
| 11 | + * (at your option) any later version. |
| 12 | + * |
| 13 | + * wolfHSM is distributed in the hope that it will be useful, |
| 14 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | + * GNU General Public License for more details. |
| 17 | + * |
| 18 | + * You should have received a copy of the GNU General Public License |
| 19 | + * along with wolfHSM. If not, see <http://www.gnu.org/licenses/>. |
| 20 | + */ |
| 21 | + |
| 22 | +#include "wolfhsm/wh_settings.h" |
| 23 | + |
| 24 | +#ifdef WOLFHSM_CFG_PORT_ARMV8M_TZ_NSC |
| 25 | + |
| 26 | +#include <stdint.h> |
| 27 | +#include <string.h> |
| 28 | + |
| 29 | +#include "wolfhsm/wh_comm.h" |
| 30 | +#include "wolfhsm/wh_error.h" |
| 31 | +#include "wh_transport_nsc.h" |
| 32 | + |
| 33 | +/* |
| 34 | + * Resolved on the non-secure side via the wolfBoot --cmse-implib import |
| 35 | + * library; on the secure side the same symbol is provided by the host's |
| 36 | + * NSC veneer (wolfBoot's src/wolfhsm_callable.c). The server callbacks |
| 37 | + * below never call this; --gc-sections strips client-side code from the |
| 38 | + * secure image. |
| 39 | + */ |
| 40 | +extern int wcs_wolfhsm_transmit(const uint8_t* cmd, uint32_t cmdSz, |
| 41 | + uint8_t* rsp, uint32_t* rspSz); |
| 42 | + |
| 43 | + |
| 44 | +/* ============================================================ |
| 45 | + * Non-secure (client) callbacks |
| 46 | + * ============================================================ */ |
| 47 | + |
| 48 | +static int _NscClientInit(void* context, const void* config, |
| 49 | + whCommSetConnectedCb connectcb, void* connectcb_arg) |
| 50 | +{ |
| 51 | + whTransportNscClientContext* ctx = (whTransportNscClientContext*)context; |
| 52 | + |
| 53 | + (void)config; |
| 54 | + |
| 55 | + if (ctx == NULL) { |
| 56 | + return WH_ERROR_BADARGS; |
| 57 | + } |
| 58 | + |
| 59 | + memset(ctx, 0, sizeof(*ctx)); |
| 60 | + ctx->initialized = 1; |
| 61 | + |
| 62 | + /* Synchronous bridge: the secure side is always reachable once linked. */ |
| 63 | + if (connectcb != NULL) { |
| 64 | + connectcb(connectcb_arg, WH_COMM_CONNECTED); |
| 65 | + } |
| 66 | + return WH_ERROR_OK; |
| 67 | +} |
| 68 | + |
| 69 | +static int _NscClientSend(void* context, uint16_t size, const void* data) |
| 70 | +{ |
| 71 | + whTransportNscClientContext* ctx = (whTransportNscClientContext*)context; |
| 72 | + uint32_t rspSz; |
| 73 | + int rc; |
| 74 | + |
| 75 | + if (ctx == NULL || data == NULL || ctx->initialized == 0U) { |
| 76 | + return WH_ERROR_BADARGS; |
| 77 | + } |
| 78 | + if (size == 0U || size > WH_TRANSPORT_NSC_BUFFER_SIZE) { |
| 79 | + return WH_ERROR_BADARGS; |
| 80 | + } |
| 81 | + /* prior response must be consumed before next Send */ |
| 82 | + if (ctx->last_rsp_size != 0U) { |
| 83 | + return WH_ERROR_NOTREADY; |
| 84 | + } |
| 85 | + |
| 86 | + rspSz = (uint32_t)WH_TRANSPORT_NSC_BUFFER_SIZE; |
| 87 | + rc = wcs_wolfhsm_transmit((const uint8_t*)data, (uint32_t)size, |
| 88 | + ctx->rsp_buf, &rspSz); |
| 89 | + if (rc != 0) { |
| 90 | + ctx->last_rsp_size = 0; |
| 91 | + /* propagate known wolfHSM error codes, collapse unknowns */ |
| 92 | + if (rc == WH_ERROR_BADARGS || rc == WH_ERROR_NOTREADY || |
| 93 | + rc == WH_ERROR_ABORTED) { |
| 94 | + return rc; |
| 95 | + } |
| 96 | + return WH_ERROR_ABORTED; |
| 97 | + } |
| 98 | + if (rspSz == 0U || rspSz > (uint32_t)WH_TRANSPORT_NSC_BUFFER_SIZE) { |
| 99 | + ctx->last_rsp_size = 0; |
| 100 | + return WH_ERROR_ABORTED; |
| 101 | + } |
| 102 | + |
| 103 | + ctx->last_rsp_size = (uint16_t)rspSz; |
| 104 | + return WH_ERROR_OK; |
| 105 | +} |
| 106 | + |
| 107 | +static int _NscClientRecv(void* context, uint16_t* out_size, void* data) |
| 108 | +{ |
| 109 | + whTransportNscClientContext* ctx = (whTransportNscClientContext*)context; |
| 110 | + |
| 111 | + if (ctx == NULL || out_size == NULL || data == NULL || |
| 112 | + ctx->initialized == 0U) { |
| 113 | + return WH_ERROR_BADARGS; |
| 114 | + } |
| 115 | + if (ctx->last_rsp_size == 0U) { |
| 116 | + return WH_ERROR_NOTREADY; |
| 117 | + } |
| 118 | + /* out_size is in/out capacity; reject truncation, keep cached response */ |
| 119 | + if (*out_size < ctx->last_rsp_size) { |
| 120 | + return WH_ERROR_BADARGS; |
| 121 | + } |
| 122 | + |
| 123 | + memcpy(data, ctx->rsp_buf, ctx->last_rsp_size); |
| 124 | + *out_size = ctx->last_rsp_size; |
| 125 | + ctx->last_rsp_size = 0; |
| 126 | + return WH_ERROR_OK; |
| 127 | +} |
| 128 | + |
| 129 | +static int _NscClientCleanup(void* context) |
| 130 | +{ |
| 131 | + whTransportNscClientContext* ctx = (whTransportNscClientContext*)context; |
| 132 | + if (ctx == NULL) { |
| 133 | + return WH_ERROR_BADARGS; |
| 134 | + } |
| 135 | + ctx->initialized = 0; |
| 136 | + return WH_ERROR_OK; |
| 137 | +} |
| 138 | + |
| 139 | +const whTransportClientCb whTransportNscClient_Cb = { |
| 140 | + .Init = _NscClientInit, |
| 141 | + .Send = _NscClientSend, |
| 142 | + .Recv = _NscClientRecv, |
| 143 | + .Cleanup = _NscClientCleanup, |
| 144 | +}; |
| 145 | + |
| 146 | + |
| 147 | +/* ============================================================ |
| 148 | + * Secure-side (server) callbacks |
| 149 | + * |
| 150 | + * The host's NSC veneer populates req_buf/req_size/rsp_buf/rsp_capacity |
| 151 | + * and sets request_pending = 1 before calling wh_Server_HandleRequestMessage. |
| 152 | + * Recv hands the request to the dispatcher; Send writes the response back |
| 153 | + * into rsp_buf and stores its size for the veneer to read. |
| 154 | + * ============================================================ */ |
| 155 | + |
| 156 | +static int _NscServerInit(void* context, const void* config, |
| 157 | + whCommSetConnectedCb connectcb, void* connectcb_arg) |
| 158 | +{ |
| 159 | + whTransportNscServerContext* ctx = (whTransportNscServerContext*)context; |
| 160 | + |
| 161 | + (void)config; |
| 162 | + |
| 163 | + if (ctx == NULL) { |
| 164 | + return WH_ERROR_BADARGS; |
| 165 | + } |
| 166 | + |
| 167 | + memset(ctx, 0, sizeof(*ctx)); |
| 168 | + |
| 169 | + if (connectcb != NULL) { |
| 170 | + connectcb(connectcb_arg, WH_COMM_CONNECTED); |
| 171 | + } |
| 172 | + return WH_ERROR_OK; |
| 173 | +} |
| 174 | + |
| 175 | +static int _NscServerRecv(void* context, uint16_t* inout_size, void* data) |
| 176 | +{ |
| 177 | + whTransportNscServerContext* ctx = (whTransportNscServerContext*)context; |
| 178 | + |
| 179 | + if (ctx == NULL || inout_size == NULL || data == NULL) { |
| 180 | + return WH_ERROR_BADARGS; |
| 181 | + } |
| 182 | + if (!ctx->request_pending || ctx->req_buf == NULL || ctx->req_size == 0U) { |
| 183 | + return WH_ERROR_NOTREADY; |
| 184 | + } |
| 185 | + /* clear stale rsp_size up-front so every exit path leaves a clean state */ |
| 186 | + ctx->rsp_size = 0; |
| 187 | + |
| 188 | + if (ctx->req_size > *inout_size) { |
| 189 | + ctx->request_pending = 0; |
| 190 | + return WH_ERROR_ABORTED; |
| 191 | + } |
| 192 | + |
| 193 | + memcpy(data, ctx->req_buf, ctx->req_size); |
| 194 | + *inout_size = ctx->req_size; |
| 195 | + ctx->request_pending = 0; |
| 196 | + return WH_ERROR_OK; |
| 197 | +} |
| 198 | + |
| 199 | +static int _NscServerSend(void* context, uint16_t size, const void* data) |
| 200 | +{ |
| 201 | + /* veneer is responsible for Recv/Send pairing; Send does not enforce it */ |
| 202 | + whTransportNscServerContext* ctx = (whTransportNscServerContext*)context; |
| 203 | + |
| 204 | + if (ctx == NULL || data == NULL) { |
| 205 | + return WH_ERROR_BADARGS; |
| 206 | + } |
| 207 | + if (size == 0U || size > ctx->rsp_capacity) { |
| 208 | + return WH_ERROR_BADARGS; |
| 209 | + } |
| 210 | + if (ctx->rsp_buf == NULL) { |
| 211 | + return WH_ERROR_ABORTED; |
| 212 | + } |
| 213 | + |
| 214 | + memcpy(ctx->rsp_buf, data, size); |
| 215 | + ctx->rsp_size = size; |
| 216 | + return WH_ERROR_OK; |
| 217 | +} |
| 218 | + |
| 219 | +static int _NscServerCleanup(void* context) |
| 220 | +{ |
| 221 | + whTransportNscServerContext* ctx = (whTransportNscServerContext*)context; |
| 222 | + if (ctx == NULL) { |
| 223 | + return WH_ERROR_BADARGS; |
| 224 | + } |
| 225 | + /* clear stale NS pointers so they cannot survive reinit */ |
| 226 | + memset(ctx, 0, sizeof(*ctx)); |
| 227 | + return WH_ERROR_OK; |
| 228 | +} |
| 229 | + |
| 230 | +const whTransportServerCb whTransportNscServer_Cb = { |
| 231 | + .Init = _NscServerInit, |
| 232 | + .Recv = _NscServerRecv, |
| 233 | + .Send = _NscServerSend, |
| 234 | + .Cleanup = _NscServerCleanup, |
| 235 | +}; |
| 236 | + |
| 237 | +#endif /* WOLFHSM_CFG_PORT_ARMV8M_TZ_NSC */ |
0 commit comments