diff --git a/IDE/QNX/example-cmac/cmac-test.c b/IDE/QNX/example-cmac/cmac-test.c index c15bb82ef..23cf8428e 100644 --- a/IDE/QNX/example-cmac/cmac-test.c +++ b/IDE/QNX/example-cmac/cmac-test.c @@ -23,6 +23,11 @@ #include #include +#include +#include +#include +#include + const byte k256[] = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index a36af5adb..bf58078ac 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -66,6 +66,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/caam/caam_driver.c \ wolfcrypt/src/port/caam/caam_error.c \ wolfcrypt/src/port/caam/caam_qnx.c \ + wolfcrypt/src/port/caam/caam_integrity.c \ wolfcrypt/src/port/caam/caam_sha.c \ wolfcrypt/src/port/caam/caam_doc.pdf \ wolfcrypt/src/port/caam/wolfcaam_init.c \ diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c index ef738b289..b173d7956 100644 --- a/wolfcrypt/src/port/caam/caam_driver.c +++ b/wolfcrypt/src/port/caam/caam_driver.c @@ -23,15 +23,6 @@ #if (defined(__INTEGRITY) || defined(INTEGRITY)) || \ (defined(__QNX__) || defined(__QNXNTO__)) -#if defined(__INTEGRITY) || defined(INTEGRITY) - /* build into Integrity kernel */ - #include - #define CAAM_READ(reg) *(volatile unsigned int*)(CAAM_BASE | (reg)) - #define CAAM_WRITE(reg, in) *(volatile unsigned int*)(CAAM_BASE | (reg)) = (in); - typedef UINT4 unsigned int - #define WOLFSSL_MSG db_printf -#endif - #if defined(__QNX__) || defined(__QNXNTO__) #include #include @@ -788,7 +779,6 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4]) /* add protinfo to operation command */ desc->desc[desc->idx++] = CAAM_OP | CAAM_CLASS1 | desc->type | desc->state; - /* add in all input buffers */ for (i = 2; i < sz; i++) { desc->desc[desc->idx] = (CAAM_FIFO_L | CAAM_CLASS1 | FIFOL_TYPE_MSG) @@ -814,7 +804,6 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4]) #endif vidx++; - } /* if there is no input buffers than add in a single FIFO LOAD to kick off @@ -853,607 +842,6 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4]) } -#if defined(__INTEGRITY) || defined(INTEGRITY) -/* returns amount written on success and negative value in error case. - * Is different from caamAddIO in that it only adds a single input buffer - * rather than multiple ones. - */ -static int caamAesInput(struct DescStruct* desc, unsigned int* idx, int align, - unsigned int totalSz) -{ - int sz; - unsigned int i = *idx; - - /* handle alignment constraints on input */ - if (desc->alignIdx > 0) { - sz = desc->alignIdx; - - /* if there is more input buffers then add part of it */ - if (i < desc->outputIdx && i < desc->DescriptorCount) { - sz = align - desc->alignIdx; - sz = (sz <= desc->buf[i].dataSz) ? sz : desc->buf[i].dataSz; - memcpy((unsigned char*)(desc->alignBuf) + desc->alignIdx, - (unsigned char*)(desc->buf[i].data), sz); - - desc->buf[i].dataSz -= sz; - desc->buf[i].data += sz; - sz += desc->alignIdx; - } - - if (desc->idx + 2 > MAX_DESC_SZ) { - return -1; - } - ASP_FlushCaches((CAAM_ADDRESS)desc->alignBuf, sz); - desc->desc[desc->idx++] = (CAAM_FIFO_L | FIFOL_TYPE_LC1 | - CAAM_CLASS1 | FIFOL_TYPE_MSG) + sz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->alignBuf); - desc->alignIdx = 0; - } - else { - sz = desc->buf[i].dataSz; - if ((totalSz + sz) == desc->inputSz) { /* not an issue on final */ - align = 1; - } - - desc->alignIdx = sz % align; - if (desc->alignIdx != 0) { - sz -= desc->alignIdx; - memcpy((unsigned char*)desc->alignBuf, - (unsigned char*)(desc->buf[i].data) + sz, - desc->alignIdx); - } - - if (desc->idx + 2 > MAX_DESC_SZ) { - return -1; - } - desc->desc[desc->idx++] = (CAAM_FIFO_L | FIFOL_TYPE_LC1 | - CAAM_CLASS1 | FIFOL_TYPE_MSG) + sz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->buf[i].data); - i++; - } - - *idx = i; - return sz; -} - - -/* returns enum Success on success, all other return values should be - * considered an error. - * - * ofst is the amount of leftover buffer from previous calls - * inputSz is the amount of input in bytes that is being matched to output - */ -static Error caamAesOutput(struct DescStruct* desc, int* ofst, unsigned int inputSz) -{ - int offset = *ofst; - - if (desc->output != 0 && offset > 0 && inputSz > 0) { - unsigned int addSz; - - /* handle potential leftovers */ - addSz = (inputSz >= offset) ? offset : inputSz; - - inputSz -= addSz; - desc->desc[desc->idx++] = CAAM_FIFO_S | FIFOS_TYPE_MSG + addSz; - if (inputSz > 0) { /* check if expecting more output */ - desc->desc[desc->idx - 1] |= CAAM_FIFOS_CONT; - } - desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->output); - - if (addSz == offset) { - /* reset */ - desc->output = 0; - offset = 0; - } - else { - offset -= addSz; - desc->output += addSz; - - if (offset < 0) { - return TransferFailed; - } - } - } - - for (; desc->lastIdx < desc->DescriptorCount; desc->lastIdx++) { - struct buffer* buf = &desc->buf[desc->lastIdx]; - - if (inputSz > 0) { - int tmp; - - if (buf->dataSz <= inputSz) { - tmp = buf->dataSz; - } - else { - offset = buf->dataSz - inputSz; - tmp = inputSz; - desc->output = buf->data + tmp; - } - inputSz -= tmp; - if (desc->idx + 2 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->desc[desc->idx++] = CAAM_FIFO_S | FIFOS_TYPE_MSG + tmp; - if (inputSz > 0) { /* check if expecting more output */ - desc->desc[desc->idx - 1] |= CAAM_FIFOS_CONT; - } - desc->desc[desc->idx++] = BSP_VirtualToPhysical(buf->data); - } - else { - break; - } - } - - *ofst = offset; - return Success; -} - - -/* check size of output and get starting buffer for it */ -static Error caamAesOutSz(struct DescStruct* desc, unsigned int i) -{ - int sz = 0; - - for (desc->outputIdx = i; desc->outputIdx < desc->DescriptorCount && - sz < desc->inputSz; desc->outputIdx++) { - sz += desc->buf[desc->outputIdx].dataSz; - } - desc->lastIdx = desc->outputIdx; - - /* make certain that output size is same as input */ - sz = 0; - for (; desc->lastIdx < desc->DescriptorCount; desc->lastIdx++) { - sz += desc->buf[desc->lastIdx].dataSz; - } - if (sz != desc->inputSz) { - return SizeIsTooLarge; - } - desc->lastIdx = desc->outputIdx; - - return Success; -} - - -/* AES operations follow the buffer sequence of KEY -> (IV) -> Input -> Output - */ -static Error caamAes(struct DescStruct* desc) -{ - struct buffer* ctx[3]; - struct buffer* iv[3]; - Value ofst = 0; - Error err; - unsigned int i, totalSz = 0; - int ctxIdx = 0; - int ivIdx = 0; - int offset = 0; - int align = 1; - int sz = 0; - - int ctxSz = desc->ctxSz; - - if (desc->state != CAAM_ENC && desc->state != CAAM_DEC) { - return IllegalStatusNumber; - } - - if (ctxSz != 16 && ctxSz != 24 && ctxSz != 32) { - return ArgumentError; - } - - /* get key */ - for (i = 0; i < desc->DescriptorCount; i++) { - struct buffer* buf = &desc->buf[i]; - unsigned char* local = (unsigned char*)desc->ctxBuf; - - if (sz < ctxSz && sz < (MAX_CTX * sizeof(unsigned int))) { - ctx[ctxIdx] = buf; - sz += buf->dataSz; - - memcpy((unsigned char*)&local[offset], - (unsigned char*)ctx[ctxIdx]->data, ctx[ctxIdx]->dataSz); - offset += ctx[ctxIdx]->dataSz; - ctxIdx++; - } - else { - break; - } - } - - /* sanity checks on size of key */ - if (sz > ctxSz) { - return SizeIsTooLarge; - } - if (ctxSz > (MAX_CTX * sizeof(unsigned int)) - 16) { - return ArgumentError; - } - - /* Flush cache of ctx buffer then : - Add KEY Load command 0x0220000X - Add address to read key from 0xXXXXXXXX */ - ASP_FlushCaches((CAAM_ADDRESS)desc->ctxBuf, ctxSz); - if (desc->idx + 2 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->desc[desc->idx++] = (CAAM_KEY | CAAM_CLASS1 | CAAM_NWB) + ctxSz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->ctxBuf); - - /* get IV if needed by algorithm */ - switch (desc->type) { - case CAAM_AESECB: - break; - - case CAAM_AESCTR: - ofst = 0x00001000; - /* fall through because states are the same only the offset changes */ - - case CAAM_AESCBC: - { - int maxSz = 16; /* default to CBC/CTR max size */ - - sz = 0; - offset = 0; - for (; i < desc->DescriptorCount; i++) { - struct buffer* buf = &desc->buf[i]; - unsigned char* local = (unsigned char*)desc->iv; - - if (sz < maxSz) { - iv[ivIdx] = buf; - - if (buf->dataSz + sz > maxSz) { - return SizeIsTooLarge; - } - - sz += buf->dataSz; - memcpy((unsigned char*)&local[offset], - (unsigned char*)iv[ivIdx]->data, iv[ivIdx]->dataSz); - offset += iv[ivIdx]->dataSz; - ivIdx++; - } - else { - break; - } - } - - if (sz != maxSz) { - /* invalid IV size */ - return SizeIsTooLarge; - } - - ASP_FlushCaches((CAAM_ADDRESS)desc->iv, maxSz); - if (desc->idx + 2 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->desc[desc->idx++] = (CAAM_LOAD_CTX | CAAM_CLASS1 | ofst) + maxSz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->iv); - } - break; - - default: - return OperationNotImplemented; - } - - /* write operation */ - if (desc->idx + 1 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->desc[desc->idx++] = CAAM_OP | CAAM_CLASS1 | desc->type | - CAAM_ALG_UPDATE | desc->state; - - /* find output buffers */ - if (caamAesOutSz(desc, i) != Success) { - return SizeIsTooLarge; - } - - /* set alignment constraints */ - if (desc->type == CAAM_AESCBC || desc->type == CAAM_AESECB) { - align = 16; - } - - /* indefinite loop for input/output buffers */ - desc->headIdx = desc->idx; - desc->output = 0; - offset = 0; /* store left over amount for output buffer */ - do { - desc->idx = desc->headIdx; /* reset for each loop */ - - /* add a single input buffer (multiple ones was giving deco watch dog - * time out errors on the FIFO load of 1c. - * @TODO this could be a place for optimization if more data could be - * loaded in at one time */ - if ((sz = caamAesInput(desc, &i, align, totalSz)) < 0) { - return TransferFailed; - } - totalSz += sz; - - if (caamAesOutput(desc, &offset, sz) != Success) { - return TransferFailed; - } - - /* store updated IV */ - if (ivIdx > 0) { - if (desc->idx + 2 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->desc[desc->idx++] = CAAM_STORE_CTX | CAAM_CLASS1 | ofst | 16; - desc->desc[desc->idx++] = BSP_VirtualToPhysical((CAAM_ADDRESS)desc->iv); - } - - if ((err = caamDoJob(desc)) != Success) { - return err; - } - ASP_FlushCaches((CAAM_ADDRESS)desc->iv, 16); - } while (desc->lastIdx < desc->DescriptorCount || offset > 0); - - /* flush output buffers */ - for (i = desc->outputIdx; i < desc->lastIdx; i++) { - ASP_FlushCaches(desc->buf[i].data, desc->buf[i].dataSz); - } - - /* handle case with IV */ - if (ivIdx > 0) { - unsigned char* pt = (unsigned char*)desc->iv; - ASP_FlushCaches((CAAM_ADDRESS)pt, 16); - for (i = 0; i < ivIdx; i++) { - memcpy((unsigned char*)iv[i]->data, pt, iv[i]->dataSz); - pt += iv[i]->dataSz; - ASP_FlushCaches(iv[i]->data, iv[i]->dataSz); - } - } - - return Success; -} -#endif - - -/****************************************************************************** - CAAM AEAD Operations - ****************************************************************************/ - -#if defined(__INTEGRITY) || defined(INTEGRITY) -/* AEAD operations follow the buffer sequence of KEY -> (IV or B0 | CTR0) -> (AD) - * -> Input -> Output - * - */ -static Error caamAead(struct DescStruct* desc) -{ - struct buffer* ctx[3]; - struct buffer* iv[3]; - Value ofst = 0; - unsigned int state = CAAM_ALG_INIT; - unsigned int totalSz = 0; - Error err; - unsigned int i; - int ctxIdx = 0; - int ivIdx = 0; - int offset = 0; - int sz = 0; - int ivSz = 32; /* size of B0 | CTR0 for CCM mode */ - int ctxSz = desc->ctxSz; - int align = 16; /* input should be multiples of 16 bytes unless is final */ - int opIdx; - - if (desc->state != CAAM_ENC && desc->state != CAAM_DEC) { - return IllegalStatusNumber; - } - - /* sanity check is valid AES key size */ - if (ctxSz != 16 && ctxSz != 24 && ctxSz != 32) { - return ArgumentError; - } - - /* get key */ - for (i = 0; i < desc->DescriptorCount; i++) { - struct buffer* buf = &desc->buf[i]; - unsigned char* local = (unsigned char*)desc->ctxBuf; - - if (sz < ctxSz && sz < (MAX_CTX * sizeof(unsigned int))) { - ctx[ctxIdx] = buf; - sz += buf->dataSz; - - memcpy((unsigned char*)&local[offset], - (unsigned char*)ctx[ctxIdx]->data, ctx[ctxIdx]->dataSz); - offset += ctx[ctxIdx]->dataSz; - ctxIdx++; - } - else { - break; - } - } - - /* sanity checks on size of key */ - if (sz > ctxSz) { - return SizeIsTooLarge; - } - - /* Flush cache of ctx buffer then : - Add KEY Load command 0x0220000X - Add address to read key from 0xXXXXXXXX */ - ASP_FlushCaches((CAAM_ADDRESS)desc->ctxBuf, ctxSz); - if (desc->idx + 2 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->desc[desc->idx++] = (CAAM_KEY | CAAM_CLASS1 | CAAM_NWB) + ctxSz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->ctxBuf); - - desc->headIdx = desc->idx; - desc->output = 0; - offset = 0; /* store left over amount for output buffer */ - do { - desc->idx = desc->headIdx; /* reset for each loop */ - - /* write operation */ - if (desc->idx + 1 > MAX_DESC_SZ) { - return TransferFailed; - } - opIdx = desc->idx; - desc->desc[desc->idx++] = CAAM_OP | CAAM_CLASS1 | state | desc->type | - desc->state; - - /* get IV if needed by algorithm */ - switch (desc->type) { - case CAAM_AESCCM: - if ((state & CAAM_ALG_INIT) == CAAM_ALG_INIT) { - sz = 0; - offset = 0; - for (; i < desc->DescriptorCount; i++) { - struct buffer* buf = &desc->buf[i]; - unsigned char* local = (unsigned char*)desc->iv; - - if (sz < ivSz) { - iv[ivIdx] = buf; - - if (buf->dataSz + sz > ivSz) { - return SizeIsTooLarge; - } - - sz += buf->dataSz; - memcpy((unsigned char*)&local[offset], - (unsigned char*)iv[ivIdx]->data, iv[ivIdx]->dataSz); - offset += iv[ivIdx]->dataSz; - ivIdx++; - } - else { - break; - } - } - - if (sz != ivSz) { - /* invalid IV size */ - return SizeIsTooLarge; - } - offset = 0; - } - - ASP_FlushCaches((CAAM_ADDRESS)desc->iv, ivSz); - if (desc->idx + 2 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->desc[desc->idx++] = (CAAM_LOAD_CTX | CAAM_CLASS1 | ofst) - + ivSz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->iv); - break; - - default: - return OperationNotImplemented; - } - - - /********* handle AAD -- is only done with Init **********************/ - if ((state & CAAM_ALG_INIT) == CAAM_ALG_INIT) { - if ((desc->type == CAAM_AESCCM) && (desc->aadSz > 0)) { - /* set formatted AAD buffer size for CCM */ - ASP_FlushCaches((CAAM_ADDRESS)desc->aadSzBuf, sizeof(desc->aadSzBuf)); - desc->desc[desc->idx++] = CAAM_FIFO_L | CAAM_CLASS1 | - FIFOL_TYPE_AAD + desc->aadSz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->aadSzBuf); - - /* now set aadSz to unformatted version for getting buffers */ - if (desc->aadSz == 2) { - unsigned char* pt = (unsigned char*)desc->aadSzBuf; - desc->aadSz = (((unsigned int)pt[0] & 0xFF) << 8) | - ((unsigned int)pt[1] & 0xFF); - } - else { - unsigned char* pt = (unsigned char*)desc->aadSzBuf; - desc->aadSz = (((unsigned int)pt[2] & 0xFF) << 24) | - (((unsigned int)pt[3] & 0xFF) << 16) | - (((unsigned int)pt[4] & 0xFF) << 8) | - ((unsigned int)pt[5] & 0xFF); - } - } - - /* get additional data buffers */ - if (desc->aadSz > 0) { - sz = 0; - for (; i < desc->DescriptorCount; i++) { - struct buffer* buf = &desc->buf[i]; - if (sz < desc->aadSz) { - if (desc->idx + 2 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->lastFifo = desc->idx; - desc->desc[desc->idx++] = CAAM_FIFO_L | CAAM_CLASS1 | - FIFOL_TYPE_AAD + buf->dataSz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical(buf->data); - sz += buf->dataSz; - } - else { - break; - } - } - - /* flush AAD from FIFO and pad it to 16 byte block */ - desc->desc[desc->lastFifo] |= FIFOL_TYPE_FC1; - } - - /* find output buffers */ - if (caamAesOutSz(desc, i) != Success) { - return SizeIsTooLarge; - } - } - - /* handle alignment constraints on input */ - if ((sz = caamAesInput(desc, &i, align, totalSz)) < 0) { - return TransferFailed; - } - totalSz += sz; - - /* handle output buffers */ - if (caamAesOutput(desc, &offset, sz) != Success) { - return TransferFailed; - } - - /* store updated IV, if is last then set offset and final for MAC */ - if ((desc->lastIdx == desc->DescriptorCount) && (offset == 0)) { - ivSz = 16; - if (desc->state == CAAM_ENC) { - ofst = 32 << 8; /* offset is in 15-8 bits */ - } - else { - ofst = 0; - } - desc->desc[opIdx] |= CAAM_ALG_FINAL; - } - else { - /* if not final then store and use ctr and encrypted ctr from - context dword 2,3 and 4,5. Also store MAC and AAD info from - context dword 6. */ - ivSz = 56; - ofst = 0; - } - - if (desc->idx + 2 > MAX_DESC_SZ) { - return TransferFailed; - } - desc->desc[desc->idx++] = CAAM_STORE_CTX | CAAM_CLASS1 | ofst | ivSz; - desc->desc[desc->idx++] = BSP_VirtualToPhysical((CAAM_ADDRESS)desc->iv); - - if ((err = caamDoJob(desc)) != Success) { - return err; - } - state = CAAM_ALG_UPDATE; - } while (desc->lastIdx < desc->DescriptorCount || offset > 0); - - /* flush output buffers */ - for (i = desc->outputIdx; i < desc->lastIdx; i++) { - ASP_FlushCaches(desc->buf[i].data, desc->buf[i].dataSz); - } - - /* handle case with IV (This is also the output of MAC with AES-CCM) */ - if (ivIdx > 0) { - unsigned char* pt = (unsigned char*)desc->iv; - ASP_FlushCaches((CAAM_ADDRESS)pt, ivSz); - for (i = 0; i < ivIdx; i++) { - memcpy((unsigned char*)iv[i]->data, pt, iv[i]->dataSz); - pt += iv[i]->dataSz; - ASP_FlushCaches(iv[i]->data, iv[i]->dataSz); - } - } - - return Success; -} -#endif - - /* ECDSA generate black key * * return Success on success. All other return values are considered a fail @@ -1605,10 +993,7 @@ int caamECDSAVerify(DESCSTRUCT* desc, CAAM_BUFFER* buf, int sz, /* tmp buffer */ vaddr[vidx] = CAAM_ADR_MAP(0, 2*L, 0); - desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL(vaddr[vidx], - desc->buf[i].dataSz); - vidx++; i++; - + desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL(vaddr[vidx], 2*L); if (msgSz > 0) { desc->desc[desc->idx++] = msgSz; } @@ -1637,7 +1022,7 @@ int caamECDSAVerify(DESCSTRUCT* desc, CAAM_BUFFER* buf, int sz, CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++; CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++; CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++; - CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++; + CAAM_ADR_UNMAP(vaddr[vidx++], 0, 2*L, 0); return err; } @@ -1679,9 +1064,9 @@ int caamECDSASign(DESCSTRUCT* desc, int sz, unsigned int args[4]) desc->buf[i].dataSz); #if 0 { - unsigned int z; byte* pt; + unsigned int z; unsigned char* pt; printf("private :"); - pt = (byte*)desc->buf[i].data; + pt = (unsigned char*)desc->buf[i].data; for (z = 0; z < desc->buf[i].dataSz; z++) printf("%02X", pt[z]); printf("\n"); @@ -1700,7 +1085,8 @@ int caamECDSASign(DESCSTRUCT* desc, int sz, unsigned int args[4]) #if 0 { unsigned int z; - byte *pt = (byte*)vaddr[vidx]; + unsigned char *pt = (unsigned char*)vaddr[vidx]; + printf("input index %d/%d\n", i, sz); for (z = 0; z < desc->buf[i].dataSz; z++) printf("%02X", pt[z]); printf("\n"); @@ -2106,8 +1492,4 @@ int caamJobRingFree() caamFreeAllPart(); return 0; } -#if defined(__INTEGRITY) || defined(INTEGRITY) -void (*__ghsentry_bspuserinit_InitCAAM)(void) = &InitCAAM; - -#endif /* INTEGRITY */ #endif diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c index fa353ed0c..364e15ddb 100644 --- a/wolfcrypt/src/port/caam/caam_qnx.c +++ b/wolfcrypt/src/port/caam/caam_qnx.c @@ -122,7 +122,8 @@ unsigned int CAAM_ADR_TO_PHYSICAL(void* in, int inSz) CAAM_ADDRESS CAAM_ADR_TO_VIRTUAL(CAAM_ADDRESS in, int len) { void* ret; - ret = mmap_device_memory(NULL, len, PROT_READ|PROT_WRITE, 0, in); + ret = mmap_device_memory(NULL, len, PROT_READ | PROT_WRITE | PROT_NOCACHE, + 0, in); return (CAAM_ADDRESS)ret; } @@ -140,7 +141,7 @@ void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy) sz = 1; } - vaddr = mmap(NULL, sz, PROT_READ | PROT_WRITE, + vaddr = mmap(NULL, sz, PROT_READ | PROT_WRITE | PROT_NOCACHE, MAP_PHYS | MAP_SHARED | MAP_ANON, NOFD, 0); if (vaddr == MAP_FAILED) { WOLFSSL_MSG("Failed to map memory"); @@ -179,7 +180,7 @@ void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz, unmap it */ } - if (copy && outSz > 0) { + if (copy && out != 0 && outSz > 0) { memcpy((unsigned char*)out, (unsigned char*)vaddr, outSz); } munmap(vaddr, sz); @@ -285,14 +286,13 @@ static int doCMAC(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], SETIOV(&in_iovs[0], keybuf, keySz); SETIOV(&in_iovs[1], ctx, sizeof(ctx)); msgSz = args[3]; - - /* sanity check that enough data was sent */ - if ((msgSz + keySz + sizeof(ctx)) > (ctp->size - idx)) { - return EOVERFLOW; + if (msgSz < 0) { + WOLFSSL_MSG("CMAC msg size was a negative value"); + return EBADMSG; } if (msgSz > 0) { - buf = (unsigned char*)malloc(msgSz); + buf = (unsigned char*)CAAM_ADR_MAP(0, msgSz, 0); if (buf == NULL) { return ECANCELED; } @@ -301,6 +301,13 @@ static int doCMAC(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], } ret = resmgr_msgreadv(ctp, in_iovs, numBuf, idx); + if (ret < (msgSz + keySz + sizeof(ctx))) { + /* sanity check that enough data was sent */ + if (buf != NULL) + CAAM_ADR_UNMAP(buf, 0, msgSz, 0); + return EOVERFLOW; + } + tmp[0].TheAddress = (CAAM_ADDRESS)keybuf; tmp[0].Length = args[1]; @@ -315,20 +322,22 @@ static int doCMAC(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], ret = caamAesCmac(&desc, numBuf, args); if (msgSz > 0) { if (buf != NULL) - free(buf); + CAAM_ADR_UNMAP(buf, 0, msgSz, 0); } if (ret != Success) { return EBADMSG; } - SETIOV(&out_iov, ctx, sizeof(ctx)); /* extra sanity check that out buffer is large enough */ if (sizeof(ctx) > msg->o.nbytes) { return EOVERFLOW; } - resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); + ret = resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); + if (ret < 0) { + return ECANCELED; + } return EOK; } @@ -353,7 +362,7 @@ static int doTRNG(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], } if (length > 0) { - buf = (unsigned char*)malloc(length); + buf = (unsigned char*)CAAM_ADR_MAP(0, length, 0); if (buf == NULL) { return ECANCELED; } @@ -361,13 +370,16 @@ static int doTRNG(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], ret = caamTRNG(buf, length); if (ret == CAAM_WAITING) { /* waiting for more entropy */ - free(buf); + CAAM_ADR_UNMAP(buf, 0, length, 0); return EAGAIN; } SETIOV(&out_iov, buf, length); - resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); - free(buf); + ret = resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); + CAAM_ADR_UNMAP(buf, 0, length, 0); + if (ret < 0) { + return ECANCELED; + } } return EOK; } @@ -395,7 +407,12 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], else { dir = CAAM_BLOB_DECAP; } + inSz = args[2]; + if (inSz < 0) { + return EBADMSG; + } + if (args[0] == 1 && dir == CAAM_BLOB_ENCAP) { /* black blob, add 16 for MAC */ inSz = inSz + 16; @@ -406,12 +423,15 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], return EOVERFLOW; } - inBuf = (unsigned char*)malloc(inSz); + inBuf = (unsigned char*)CAAM_ADR_MAP(0, inSz, 0); if (inBuf == NULL) { return ECANCELED; } SETIOV(&in_iovs[1], inBuf, inSz); ret = resmgr_msgreadv(ctp, in_iovs, 2, idx); + if (ret < inSz + args[3]) { + return EBADMSG; + } /* key mod */ tmp[0].TheAddress = (CAAM_ADDRESS)keymod; @@ -429,10 +449,19 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], else { outSz = outSz - WC_CAAM_BLOB_SZ; } + if (outSz < 0) { + return EBADMSG; + } - outBuf = (unsigned char*)malloc(outSz); + if (args[0] == 1 && dir == CAAM_BLOB_DECAP) { + /* 16 for MAC tag */ + outBuf = (unsigned char*)CAAM_ADR_MAP(0, outSz + 16, 0); + } + else { + outBuf = (unsigned char*)CAAM_ADR_MAP(0, outSz, 0); + } if (outBuf == NULL) { - free(inBuf); + CAAM_ADR_UNMAP(inBuf, 0, inSz, 0); return ECANCELED; } tmp[2].TheAddress = (CAAM_ADDRESS)outBuf; @@ -440,19 +469,29 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], caamDescInit(&desc, dir, args, tmp, 3); ret = caamBlob(&desc); - free(inBuf); + CAAM_ADR_UNMAP(inBuf, 0, inSz, 0); + + /* adjust outSz for MAC tag at the end of black key */ + if (args[0] == 1 && dir == CAAM_BLOB_DECAP) { + outSz = outSz + 16; + } + if (ret != Success) { - free(outBuf); + CAAM_ADR_UNMAP(outBuf, 0, outSz, 0); return ECANCELED; } + CAAM_ADR_SYNC(outBuf, outSz); SETIOV(&out_iov, outBuf, outSz); if (outSz > msg->o.nbytes) { - free(outBuf); + CAAM_ADR_UNMAP(outBuf, 0, outSz, 0); return EOVERFLOW; } - resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); - free(outBuf); + ret = resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); + CAAM_ADR_UNMAP(outBuf, 0, outSz, 0); + if (ret < 0) { + return ECANCELED; + } return EOK; } @@ -468,11 +507,6 @@ static int doECDSA_KEYPAIR(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int CAAM_BUFFER tmp[2]; iov_t in_iovs[2], out_iovs[3]; - if (((2 * sizeof(CAAM_BUFFER)) > (ctp->size - idx)) || - (((sizeof(int) * 4) + (2 * sizeof(CAAM_BUFFER)))) > msg->o.nbytes) { - return EOVERFLOW; - } - SETIOV(&in_iovs[0], &tmp[0], sizeof(CAAM_BUFFER)); SETIOV(&in_iovs[1], &tmp[1], sizeof(CAAM_BUFFER)); ret = resmgr_msgreadv(ctp, in_iovs, 2, idx); @@ -486,8 +520,12 @@ static int doECDSA_KEYPAIR(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int SETIOV(&out_iovs[0], &tmp[0], sizeof(CAAM_BUFFER)); SETIOV(&out_iovs[1], &tmp[1], sizeof(CAAM_BUFFER)); SETIOV(&out_iovs[2], args, sizeof(int) * 4); - resmgr_msgwritev(ctp, &out_iovs[0], 3, sizeof(msg->o)); + ret = resmgr_msgwritev(ctp, &out_iovs[0], 3, sizeof(msg->o)); + if (ret < 0) { + return ECANCELED; + } + /* claim ownership of a secure memory location */ pthread_mutex_lock(&sm_mutex); sm_ownerId[args[2]] = ctp->rcvid; pthread_mutex_unlock(&sm_mutex); @@ -499,8 +537,8 @@ static int doECDSA_KEYPAIR(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int /* helper function to setup and do ECC verify * returns EOK on success */ -static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], - unsigned int idx) +static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, + unsigned int args[4], unsigned int idx) { DESCSTRUCT desc; CAAM_BUFFER tmp[5]; @@ -517,7 +555,7 @@ static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int } else { pubSz = args[3]*2; - pubkey = (unsigned char*)malloc(pubSz); + pubkey = (unsigned char*)CAAM_ADR_MAP(0, pubSz, 0); if (pubkey == NULL) { return ECANCELED; } @@ -525,39 +563,42 @@ static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int SETIOV(&in_iovs[0], pubkey, args[3]*2); } - if (((args[3] * 2) + args[2] + pubSz) > (ctp->size - idx)) { - if (pubkey != NULL) - free(pubkey); - return EOVERFLOW; - } - - hash = (unsigned char*)malloc(args[2]); + hash = (unsigned char*)CAAM_ADR_MAP(0, args[2], 0); if (hash == NULL) { if (pubkey != NULL) - free(pubkey); + CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0); return ECANCELED; } SETIOV(&in_iovs[1], hash, args[2]); - r = (unsigned char*)malloc(args[3]); + r = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0); if (r == NULL) { if (pubkey != NULL) - free(pubkey); - free(hash); + CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0); + CAAM_ADR_UNMAP(hash, 0, args[2], 0); return ECANCELED; } SETIOV(&in_iovs[2], r, args[3]); - s = (unsigned char*)malloc(args[3]); + s = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0); if (s == NULL) { if (pubkey != NULL) - free(pubkey); - free(hash); - free(r); + CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0); + CAAM_ADR_UNMAP(hash, 0, args[2], 0); + CAAM_ADR_UNMAP(r, 0, args[3], 0); return ECANCELED; } SETIOV(&in_iovs[3], s, args[3]); + ret = resmgr_msgreadv(ctp, in_iovs, 4, idx); + if (((args[3] * 2) + args[2] + pubSz) > ret) { + if (pubkey != NULL) + CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0); + CAAM_ADR_UNMAP(hash, 0, args[2], 0); + CAAM_ADR_UNMAP(r, 0, args[3], 0); + CAAM_ADR_UNMAP(s, 0, args[3], 0); + return EOVERFLOW; + } /* setup CAAM buffers to pass to driver */ if (args[0] == 1) { @@ -577,15 +618,20 @@ static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int tmp[3].TheAddress = (CAAM_ADDRESS)s; tmp[3].Length = args[3]; + if (pubkey != NULL) + CAAM_ADR_SYNC(pubkey, pubSz); + CAAM_ADR_SYNC(hash, args[2]); + CAAM_ADR_SYNC(r, args[3]); + CAAM_ADR_SYNC(s, args[3]); caamDescInit(&desc, CAAM_ECDSA_VERIFY, args, tmp, 4); ret = caamECDSAVerify(&desc, tmp, 4, args); /* free all buffers before inspecting the return value */ - free(hash); - free(r); - free(s); + CAAM_ADR_UNMAP(hash, 0, args[2], 0); + CAAM_ADR_UNMAP(r, 0, args[3], 0); + CAAM_ADR_UNMAP(s, 0, args[3], 0); if (pubkey != NULL) - free(pubkey); + CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0); if (ret != Success) { return EBADMSG; @@ -597,8 +643,8 @@ static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int /* helper function to setup and do ECC sign * returns EOK on success */ -static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], - unsigned int idx) +static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, + unsigned int args[4], unsigned int idx) { int ret, keySz; DESCSTRUCT desc; @@ -615,27 +661,28 @@ static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar } else { keySz = args[3]; - key = (unsigned char*)malloc(keySz); + key = (unsigned char*)CAAM_ADR_MAP(0, keySz, 0); if (key == NULL) { return ECANCELED; } SETIOV(&in_iovs[0], key, keySz); } - if ((keySz + args[2]) > (ctp->size - idx)) { - if (key != NULL) - free(key); - return EOVERFLOW; - } - - hash = (unsigned char*)malloc(args[2]); + hash = (unsigned char*)CAAM_ADR_MAP(0, args[2], 0); if (hash == NULL) { if (key != NULL) - free(key); + CAAM_ADR_UNMAP(key, 0, keySz, 0); return ECANCELED; } SETIOV(&in_iovs[1], hash, args[2]); ret = resmgr_msgreadv(ctp, in_iovs, 2, idx); + if ((keySz + args[2]) > ret) { + CAAM_ADR_UNMAP(hash, 0, args[2], 0); + if (key != NULL) + CAAM_ADR_UNMAP(key, 0, keySz, 0); + return EOVERFLOW; + } + /* setup CAAM buffers to pass to driver */ if (args[0] == 1) { @@ -649,22 +696,22 @@ static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar tmp[1].TheAddress = (CAAM_ADDRESS)hash; tmp[1].Length = args[2]; - r = (unsigned char*)malloc(args[3]); + r = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0); if (r == NULL) { - free(hash); + CAAM_ADR_UNMAP(hash, 0, args[2], 0); if (key != NULL) - free(key); + CAAM_ADR_UNMAP(key, 0, keySz, 0); return ECANCELED; } tmp[2].TheAddress = (CAAM_ADDRESS)r; tmp[2].Length = args[3]; - s = (unsigned char*)malloc(args[3]); + s = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0); if (s == NULL) { - free(r); - free(hash); + CAAM_ADR_UNMAP(r, 0, args[3], 0); + CAAM_ADR_UNMAP(hash, 0, args[2], 0); if (key != NULL) - free(key); + CAAM_ADR_UNMAP(key, 0, keySz, 0); return ECANCELED; } tmp[3].TheAddress = (CAAM_ADDRESS)s; @@ -672,29 +719,32 @@ static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar caamDescInit(&desc, CAAM_ECDSA_SIGN, args, tmp, 4); ret = caamECDSASign(&desc, 4, args); - - free(hash); + CAAM_ADR_UNMAP(hash, 0, args[2], 0); if (key != NULL) - free(key); - + CAAM_ADR_UNMAP(key, 0, keySz, 0); if (ret != Success) { - free(s); - free(r); + CAAM_ADR_UNMAP(s, 0, args[3], 0); + CAAM_ADR_UNMAP(r, 0, args[3], 0); return EBADMSG; } if ((args[3] * 2) > msg->o.nbytes) { - free(s); - free(r); + CAAM_ADR_UNMAP(s, 0, args[3], 0); + CAAM_ADR_UNMAP(r, 0, args[3], 0); return EOVERFLOW; } + CAAM_ADR_SYNC(r, args[3]); + CAAM_ADR_SYNC(s, args[3]); SETIOV(&out_iovs[0], r, args[3]); SETIOV(&out_iovs[1], s, args[3]); - resmgr_msgwritev(ctp, &out_iovs[0], 2, sizeof(msg->o)); - free(s); - free(r); + ret = resmgr_msgwritev(ctp, &out_iovs[0], 2, sizeof(msg->o)); + CAAM_ADR_UNMAP(s, 0, args[3], 0); + CAAM_ADR_UNMAP(r, 0, args[3], 0); + if (ret < 0) { + return ECANCELED; + } return EOK; } @@ -702,8 +752,8 @@ static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar /* helper function to setup and get an ECC shared secret * returns EOK on success */ -static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], - unsigned int idx) +static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, + unsigned int args[4], unsigned int idx) { int ret; DESCSTRUCT desc; @@ -720,7 +770,7 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar expectedSz += sizeof(CAAM_ADDRESS); } else { - pubkey = (unsigned char*)malloc(args[3]*2); + pubkey = (unsigned char*)CAAM_ADR_MAP(0, args[3]*2, 0); if (pubkey == NULL) { return ECANCELED; } @@ -734,10 +784,10 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar expectedSz += sizeof(CAAM_ADDRESS); } else { - key = (unsigned char*)malloc(args[3]); + key = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0); if (key == NULL) { if (pubkey != NULL) - free(pubkey); + CAAM_ADR_UNMAP(pubkey, 0, args[3]*2, 0); return ECANCELED; } @@ -745,14 +795,14 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar expectedSz += args[3]; } - if (idx + expectedSz > ctp->size) { - if (pubkey != NULL) - free(pubkey); - if (key != NULL) - free(key); - return EOVERFLOW; - } ret = resmgr_msgreadv(ctp, in_iovs, 2, idx); + if (expectedSz > ret) { + if (pubkey != NULL) + CAAM_ADR_UNMAP(pubkey, 0, args[3]*2, 0); + if (key != NULL) + CAAM_ADR_UNMAP(key, 0, args[3], 0); + return ECANCELED; + } /* setup CAAM buffers to pass to driver */ if (args[1] == 1) { @@ -771,12 +821,12 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar } tmp[1].Length = args[3]; - shared = (unsigned char*)malloc(args[3]); + shared = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0); if (shared == NULL) { if (pubkey != NULL) - free(pubkey); + CAAM_ADR_UNMAP(pubkey, 0, args[3]*2, 0); if (key != NULL) - free(key); + CAAM_ADR_UNMAP(key, 0, args[3], 0); return ECANCELED; } @@ -785,22 +835,23 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar caamDescInit(&desc, CAAM_ECDSA_ECDH, args, tmp, 3); ret = caamECDSA_ECDH(&desc, 3, args); if (pubkey != NULL) - free(pubkey); + CAAM_ADR_UNMAP(pubkey, 0, args[3]*2, 0); if (key != NULL) - free(key); + CAAM_ADR_UNMAP(key, 0, args[3], 0); if (ret != Success) { - free(shared); + CAAM_ADR_UNMAP(shared, 0, args[3], 0); return EBADMSG; } if (args[3] > msg->o.nbytes) { - free(shared); + CAAM_ADR_UNMAP(shared, 0, args[3], 0); return EOVERFLOW; } + CAAM_ADR_SYNC(shared, args[3]); SETIOV(&out_iov, shared, args[3]); resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); - free(shared); + CAAM_ADR_UNMAP(shared, 0, args[3], 0); return EOK; } @@ -808,8 +859,8 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar /* helper function to setup and cover data * returns EOK on success */ -static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], - unsigned int idx) +static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, + unsigned int args[4], unsigned int idx) { int ret; DESCSTRUCT desc; @@ -817,22 +868,21 @@ static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4 iov_t in_iov, out_iov; unsigned char *inBuf, *outBuf; - if (args[1] > (ctp->size - idx)) { - WOLFSSL_MSG("would cause input read overflow"); - return EOVERFLOW; - } - - inBuf = (unsigned char*)malloc(args[1]); + inBuf = (unsigned char*)CAAM_ADR_MAP(0, args[1], 0); if (inBuf == NULL) { return ECANCELED; } SETIOV(&in_iov, inBuf, args[1]); ret = resmgr_msgreadv(ctp, &in_iov, 1, idx); + if (ret < args[1]) { + return EBADMSG; + } - outBuf = (unsigned char*)malloc(args[1] + 16); /* plus 16 for MAC */ + /* plus 16 for MAC */ + outBuf = (unsigned char*)CAAM_ADR_MAP(0, args[1] + 16, 0); if (outBuf == NULL) { - free(inBuf); + CAAM_ADR_UNMAP(inBuf, 0, args[1], 0); return ECANCELED; } @@ -844,22 +894,21 @@ static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4 caamDescInit(&desc, CAAM_FIFO_S, args, tmp, 2); ret = caamKeyCover(&desc, 2, args); - free(inBuf); - + CAAM_ADR_UNMAP(inBuf, 0, args[1], 0); if (ret != Success) { - free(outBuf); + CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0); return EBADMSG; } if (args[1] + 16 > msg->o.nbytes) { - free(outBuf); + CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0); WOLFSSL_MSG("would cause output buffer overflow"); return EOVERFLOW; } SETIOV(&out_iov, outBuf, args[1] + 16); resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); - free(outBuf); + CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0); return EOK; } @@ -867,8 +916,8 @@ static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4 /* helper function to get partition * returns EOK on success */ -static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], - unsigned int idx) +static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg, + unsigned int args[4], unsigned int idx) { int partNumber; int partSz; @@ -892,41 +941,37 @@ static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args /* helper function to write to a partition * returns EOK on success */ -static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], - unsigned int idx) +static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg, + unsigned int args[4], unsigned int idx) { int partSz, ret; CAAM_ADDRESS partAddr; unsigned char *buf; iov_t in_iov; - if (args[1] > (ctp->size - idx)) { - return EOVERFLOW; - } - - buf = (unsigned char*)malloc(args[1]); - if (buf == NULL) { - return ECANCELED; - } - - SETIOV(&in_iov, buf, args[1]); - ret = resmgr_msgreadv(ctp, &in_iov, 1, idx); - if (ret != args[1]) { - free(buf); - return EBADMSG; - } - /* get arguments */ partAddr = args[0]; partSz = args[1]; - /* sanity check on address and length */ - if (sanityCheckPartitionAddress(partAddr, partSz) != 0) { - free(buf); + buf = (unsigned char*)CAAM_ADR_MAP(0, partSz, 0); + if (buf == NULL) { + return ECANCELED; + } + + SETIOV(&in_iov, buf, partSz); + ret = resmgr_msgreadv(ctp, &in_iov, 1, idx); + if (ret != partSz) { + CAAM_ADR_UNMAP(buf, 0, partSz, 0); return EBADMSG; } - memcpy((unsigned int*)partAddr, buf, partSz); + /* sanity check on address and length */ + if (sanityCheckPartitionAddress(partAddr, partSz) != 0) { + CAAM_ADR_UNMAP(buf, 0, partSz, 0); + return EBADMSG; + } + + CAAM_ADR_UNMAP(buf, partAddr, partSz, 1); return EOK; } @@ -934,8 +979,8 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar /* helper function to read a partition * returns EOK on success */ -static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], - unsigned int idx) +static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg, + unsigned int args[4], unsigned int idx) { int partSz; CAAM_ADDRESS partAddr; @@ -956,20 +1001,19 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int arg return EBADMSG; } - buf = (unsigned char*)malloc(partSz); + buf = (unsigned char*)CAAM_ADR_MAP(0, partSz, 0); if (buf == NULL) { return ECANCELED; } memcpy(buf, (unsigned int*)partAddr, partSz); SETIOV(&out_iov, buf, partSz); resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); - free(buf); + CAAM_ADR_UNMAP(buf, 0, partSz, 0); return EOK; } -int io_devctl (resmgr_context_t *ctp, io_devctl_t *msg, - iofunc_ocb_t *ocb) +int io_devctl (resmgr_context_t *ctp, io_devctl_t *msg, iofunc_ocb_t *ocb) { int ret = EBADMSG; unsigned int idx = sizeof(msg->i); @@ -1144,7 +1188,7 @@ int io_read (resmgr_context_t *ctp, io_read_t *msg, RESMGR_OCB_T *ocb) return (ENOSYS); } - if (ocb->offset == 0) { /* not doing anything fancy here, just fill up what can */ + if (ocb->offset == 0) { /* just fill up what can */ int sz = min(msg->i.nbytes, sizeof(cannedResponse)); MsgReply(ctp->rcvid, sz, cannedResponse, sz); ocb->offset += sz; diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c index 4aacf0bef..43801ede9 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_init.c +++ b/wolfcrypt/src/port/caam/wolfcaam_init.c @@ -132,7 +132,8 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx) case WC_ALGO_TYPE_SEED: case WC_ALGO_TYPE_HMAC: default: - WOLFSSL_MSG("Not implemented yet with CAAM"); + /* Not implemented yet with CAAM */ + ret = CRYPTOCB_UNAVAILABLE; } return ret; diff --git a/wolfcrypt/src/port/caam/wolfcaam_qnx.c b/wolfcrypt/src/port/caam/wolfcaam_qnx.c index 1540ae96d..f71514b0a 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_qnx.c +++ b/wolfcrypt/src/port/caam/wolfcaam_qnx.c @@ -1,4 +1,4 @@ -/* wolfcaam_qnx.h +/* wolfcaam_qnx.c * * Copyright (C) 2006-2020 wolfSSL Inc. *