Skip to content

Commit fe1a54f

Browse files
miyazakhmiyazakh
committed
Add crypto timeout to RNG and AES
1 parent bbb9297 commit fe1a54f

10 files changed

Lines changed: 480 additions & 23 deletions

File tree

src/wh_client_crypto.c

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,10 +221,25 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size)
221221

222222
/* Send request and get response */
223223
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
224+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
225+
if (ret == WH_ERROR_OK) {
226+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
227+
}
228+
#endif
224229
if (ret == 0) {
225230
do {
226231
ret = wh_Client_RecvResponse(ctx, &group, &action, &res_len,
227232
dataPtr);
233+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
234+
if (ret == WH_ERROR_NOTREADY) {
235+
/* Check for crypto timeout */
236+
if (wh_CommClient_CheckTimeout(ctx->comm)
237+
== WH_ERROR_CRYPTIMEOUT) {
238+
ret = WH_ERROR_CRYPTIMEOUT;
239+
break;
240+
}
241+
}
242+
#endif
228243
} while (ret == WH_ERROR_NOTREADY);
229244
}
230245
if (ret == WH_ERROR_OK) {
@@ -339,14 +354,30 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
339354
wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
340355
#endif
341356
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
357+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
358+
if (ret == WH_ERROR_OK) {
359+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
360+
}
361+
#endif
342362
/* read response */
343363
if (ret == WH_ERROR_OK) {
344364
/* Response packet */
345365
uint16_t res_len = 0;
346366
do {
347367
ret =
348368
wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
369+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
370+
if (ret == WH_ERROR_NOTREADY) {
371+
/* Check for crypto timeout */
372+
if (wh_CommClient_CheckTimeout(ctx->comm)
373+
== WH_ERROR_CRYPTIMEOUT) {
374+
ret = WH_ERROR_CRYPTIMEOUT;
375+
break;
376+
}
377+
}
378+
#endif
349379
} while (ret == WH_ERROR_NOTREADY);
380+
350381
if (ret == WH_ERROR_OK) {
351382
ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
352383
if (ret == WH_ERROR_OK) {
@@ -460,14 +491,30 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
460491
wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
461492
#endif
462493
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
494+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
495+
if (ret == WH_ERROR_OK) {
496+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
497+
}
498+
#endif
463499
/* read response */
464500
if (ret == WH_ERROR_OK) {
465501
/* Response packet */
466502
uint16_t res_len = 0;
467503
do {
468504
ret =
469505
wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
506+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
507+
if (ret == WH_ERROR_NOTREADY) {
508+
/* Check for crypto timeout */
509+
if (wh_CommClient_CheckTimeout(ctx->comm)
510+
== WH_ERROR_CRYPTIMEOUT) {
511+
ret = WH_ERROR_CRYPTIMEOUT;
512+
break;
513+
}
514+
}
515+
#endif
470516
} while (ret == WH_ERROR_NOTREADY);
517+
471518
if (ret == WH_ERROR_OK) {
472519
ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
473520
if (ret == WH_ERROR_OK) {
@@ -576,14 +623,30 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
576623
wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len);
577624
#endif
578625
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
626+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
627+
if (ret == WH_ERROR_OK) {
628+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
629+
}
630+
#endif
579631
/* read response */
580632
if (ret == WH_ERROR_OK) {
581633
/* Response packet */
582634
uint16_t res_len = 0;
583635
do {
584636
ret =
585637
wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
638+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
639+
if (ret == WH_ERROR_NOTREADY) {
640+
/* Check for crypto timeout */
641+
if (wh_CommClient_CheckTimeout(ctx->comm)
642+
== WH_ERROR_CRYPTIMEOUT) {
643+
ret = WH_ERROR_CRYPTIMEOUT;
644+
break;
645+
}
646+
}
647+
#endif
586648
} while (ret == WH_ERROR_NOTREADY);
649+
587650
if (ret == WH_ERROR_OK) {
588651
ret = _getCryptoResponse(dataPtr, type, (uint8_t**)&res);
589652
if (ret == WH_ERROR_OK) {
@@ -708,11 +771,26 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in,
708771

709772
/* Send request and receive response */
710773
ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr);
774+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
775+
if (ret == WH_ERROR_OK) {
776+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
777+
}
778+
#endif
711779
if (ret == 0) {
712780
uint16_t res_len = 0;
713781
do {
714782
ret =
715783
wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr);
784+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
785+
if (ret == WH_ERROR_NOTREADY) {
786+
/* Check for crypto timeout */
787+
if (wh_CommClient_CheckTimeout(ctx->comm)
788+
== WH_ERROR_CRYPTIMEOUT) {
789+
ret = WH_ERROR_CRYPTIMEOUT;
790+
break;
791+
}
792+
}
793+
#endif
716794
} while (ret == WH_ERROR_NOTREADY);
717795

718796
if (ret == WH_ERROR_OK) {
@@ -902,11 +980,26 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc,
902980
wh_Utils_Hexdump("[client] AESGCM DMA req packet: \n", dataPtr, reqLen);
903981
#endif
904982
ret = wh_Client_SendRequest(ctx, group, action, reqLen, dataPtr);
983+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
984+
if (ret == WH_ERROR_OK) {
985+
ret = wh_CommClient_InitCryptTimeout(ctx->comm);
986+
}
987+
#endif
905988
if (ret == 0) {
906989
uint16_t resLen = 0;
907990
do {
908991
ret =
909992
wh_Client_RecvResponse(ctx, &group, &action, &resLen, dataPtr);
993+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
994+
if (ret == WH_ERROR_NOTREADY) {
995+
/* Check for crypto timeout */
996+
if (wh_CommClient_CheckTimeout(ctx->comm)
997+
== WH_ERROR_CRYPTIMEOUT) {
998+
ret = WH_ERROR_CRYPTIMEOUT;
999+
break;
1000+
}
1001+
}
1002+
#endif
9101003
} while (ret == WH_ERROR_NOTREADY);
9111004

9121005
if (ret == WH_ERROR_OK) {

src/wh_comm.c

Lines changed: 53 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,11 @@ int wh_CommClient_Init(whCommClient* context, const whCommClientConfig* config)
7474
context->transport_context = config->transport_context;
7575
context->client_id = config->client_id;
7676
context->connect_cb = config->connect_cb;
77-
77+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
78+
context->crypt_timeout_cb = config->crypt_timeout_cb;
79+
context->cryptimeout_enabled = config->cryptimeout_enabled;
80+
context->crypt_timeout = config->crypt_timeout;
81+
#endif
7882
if (context->transport_cb->Init != NULL) {
7983
rc = context->transport_cb->Init(context->transport_context,
8084
config->transport_config, NULL, NULL);
@@ -211,6 +215,54 @@ int wh_CommClient_Cleanup(whCommClient* context)
211215
return rc;
212216
}
213217

218+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT)
219+
/* Set Crypto Time Out if needed */
220+
int wh_CommClient_InitCryptTimeout(whCommClient* context)
221+
{
222+
if (context == NULL || context->crypt_timeout_cb == NULL ||
223+
context->crypt_timeout_cb->GetCurrentTime == NULL) {
224+
return WH_ERROR_BADARGS;
225+
}
226+
227+
if (context->cryptimeout_enabled == 1) {
228+
context->crypt_timeout_cb->start_time =
229+
context->crypt_timeout_cb->GetCurrentTime(1);
230+
}
231+
232+
return WH_ERROR_OK;
233+
}
234+
235+
/* Check Crypto Timeout */
236+
int wh_CommClient_CheckTimeout(whCommClient* context)
237+
{
238+
uint32_t current_ms = 0;
239+
uint32_t elapsed_ms = 0;
240+
uint32_t timeout_ms = 0;
241+
242+
if (context == NULL || context->crypt_timeout_cb == NULL) {
243+
return WH_ERROR_BADARGS;
244+
}
245+
timeout_ms = (uint32_t)(context->crypt_timeout.tv_sec * 1000 +
246+
context->crypt_timeout.tv_usec / 1000);
247+
248+
if (context->cryptimeout_enabled == 1 && timeout_ms > 0) {
249+
/* check timeout by user cb if defined */
250+
if (context->crypt_timeout_cb->CheckTimeout != NULL) {
251+
return context->crypt_timeout_cb->CheckTimeout(
252+
&context->crypt_timeout_cb->start_time, timeout_ms);
253+
}
254+
else {
255+
/* expect to return time in milliseconds */
256+
current_ms = context->crypt_timeout_cb->GetCurrentTime(0);
257+
elapsed_ms = current_ms - context->crypt_timeout_cb->start_time;
258+
if (elapsed_ms > timeout_ms) {
259+
return WH_ERROR_CRYPTIMEOUT;
260+
}
261+
}
262+
}
263+
return WH_ERROR_OK;
264+
}
265+
#endif /* WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT */
214266
#endif /* WOLFHSM_CFG_ENABLE_CLIENT */
215267

216268
/** Server Functions */

test/Makefile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,9 @@ else
129129
DEF += -DWOLFHSM_CFG_IS_TEST_SERVER
130130
endif
131131

132+
ifeq ($(CRYPTIMEOUT),1)
133+
DEF += -DWOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT
134+
endif
132135

133136
## Source files
134137
# Assembly source files

test/config/wolfhsm_cfg.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,4 +58,11 @@
5858

5959
#define WOLFHSM_CFG_SERVER_NVM_FLASH_LOG
6060

61+
/* Enable client crypto timeout feature for testing */
62+
#if defined(WOLFHSM_CFG_ENABLE_CLIENT_CRYPTIMEOUT) && \
63+
defined(WOLFHSM_CFG_TEST_POSIX)
64+
#define WOLFHSM_CFG_CLIENT_CRYPTIMEOUT_SEC (2)
65+
#define WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT
66+
#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */
67+
6168
#endif /* WOLFHSM_CFG_H_ */

test/wh_test_common.c

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,9 @@
2626
#include <wolfhsm/wh_error.h>
2727

2828
#include "wh_test_common.h"
29-
29+
#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT)
30+
#include <sys/time.h> /* For gettimeofday */
31+
#endif
3032

3133
/**
3234
* Helper function to configure and select an NVM backend for testing.
@@ -90,3 +92,34 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type,
9092

9193
return 0;
9294
}
95+
96+
#if defined(WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT)
97+
uint32_t whTest_GetCurrentTime(int reset)
98+
{
99+
struct timeval tv;
100+
(void)reset;
101+
if (gettimeofday(&tv, 0) < 0)
102+
return 0;
103+
/* Convert to milliseconds number. */
104+
return (uint32_t)(tv.tv_sec * 1000 + tv.tv_usec / 1000);
105+
}
106+
/* start_time stores the time (in milliseconds) returned by the GetCurrentTime()
107+
* callback when the operation started.
108+
* The actual unit depends on the GetCurrentTime() implementation.
109+
* timeout_ms represents the timeout in milliseconds, which is derived from
110+
* the crypt_timeout value in whCommClientConfig.
111+
*/
112+
int whTest_CheckCryptoTimeout(uint32_t* start_time, uint32_t timeout_ms)
113+
{
114+
uint32_t current_time = whTest_GetCurrentTime(0);
115+
uint32_t elapsed_time = current_time - *start_time;
116+
117+
if (timeout_ms == 0) {
118+
return WH_ERROR_OK;
119+
}
120+
if (elapsed_time > timeout_ms) {
121+
return WH_ERROR_CRYPTIMEOUT;
122+
}
123+
return WH_ERROR_OK;
124+
}
125+
#endif /* WOLFHSM_CFG_TEST_CLIENT_CRYPTIMEOUT */

test/wh_test_common.h

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,4 +138,14 @@ int whTest_NvmCfgBackend(whTestNvmBackendType type,
138138
whTestNvmBackendUnion* nvmSetup, whNvmConfig* nvmCfg,
139139
whFlashRamsimCfg* fCfg, whFlashRamsimCtx* fCtx,
140140
const whFlashCb* fCb);
141+
uint32_t whTest_GetCurrentTime(int reset);
142+
int whTest_CheckCryptoTimeout(uint32_t* start_time, uint32_t timeout_ms);
143+
144+
#define WH_CLIENT_CRYPTO_TIMEOUT_CB \
145+
{ \
146+
.GetCurrentTime = whTest_GetCurrentTime, \
147+
.CheckTimeout = whTest_CheckCryptoTimeout, \
148+
.start_time = 0, \
149+
}
150+
141151
#endif /* WH_TEST_COMMON_H_ */

0 commit comments

Comments
 (0)