feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix for valgrind ecc verify issue

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-02-10 16:45:00 +07:00
parent 3757e83c64
commit 99f19b19d4
6 changed files with 205 additions and 772 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
IDE/QNX/example-cmac/cmac-test.c
View File

@@ -23,6 +23,11 @@
#include <wolfssl/wolfcrypt/cmac.h> #include <wolfssl/wolfcrypt/cmac.h>
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h> #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#include <sys/mman.h>
#include <hw/inout.h>
#include <sys/iofunc.h>
#include <sys/neutrino.h>
const byte k256[] = const byte k256[] =
{ {
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,

1
wolfcrypt/src/include.am
View File

@@ -66,6 +66,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/caam/caam_driver.c \ wolfcrypt/src/port/caam/caam_driver.c \
wolfcrypt/src/port/caam/caam_error.c \ wolfcrypt/src/port/caam/caam_error.c \
wolfcrypt/src/port/caam/caam_qnx.c \ wolfcrypt/src/port/caam/caam_qnx.c \
wolfcrypt/src/port/caam/caam_integrity.c \
wolfcrypt/src/port/caam/caam_sha.c \ wolfcrypt/src/port/caam/caam_sha.c \
wolfcrypt/src/port/caam/caam_doc.pdf \ wolfcrypt/src/port/caam/caam_doc.pdf \
wolfcrypt/src/port/caam/wolfcaam_init.c \ wolfcrypt/src/port/caam/wolfcaam_init.c \

630
wolfcrypt/src/port/caam/caam_driver.c
View File

@@ -23,15 +23,6 @@
#if (defined(__INTEGRITY) || defined(INTEGRITY)) || \ #if (defined(__INTEGRITY) || defined(INTEGRITY)) || \
(defined(__QNX__) || defined(__QNXNTO__)) (defined(__QNX__) || defined(__QNXNTO__))
#if defined(__INTEGRITY) || defined(INTEGRITY)
/* build into Integrity kernel */
#include <bsp.h>
#define CAAM_READ(reg) *(volatile unsigned int*)(CAAM_BASE | (reg))
#define CAAM_WRITE(reg, in) *(volatile unsigned int*)(CAAM_BASE | (reg)) = (in);
typedef UINT4 unsigned int
#define WOLFSSL_MSG db_printf
#endif
#if defined(__QNX__) || defined(__QNXNTO__) #if defined(__QNX__) || defined(__QNXNTO__)
#include <sys/mman.h> #include <sys/mman.h>
#include <hw/inout.h> #include <hw/inout.h>
@@ -788,7 +779,6 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4])
/* add protinfo to operation command */ /* add protinfo to operation command */
desc->desc[desc->idx++] = CAAM_OP | CAAM_CLASS1 | desc->type | desc->state; desc->desc[desc->idx++] = CAAM_OP | CAAM_CLASS1 | desc->type | desc->state;
/* add in all input buffers */ /* add in all input buffers */
for (i = 2; i < sz; i++) { for (i = 2; i < sz; i++) {
desc->desc[desc->idx] = (CAAM_FIFO_L | CAAM_CLASS1 | FIFOL_TYPE_MSG) desc->desc[desc->idx] = (CAAM_FIFO_L | CAAM_CLASS1 | FIFOL_TYPE_MSG)
@@ -814,7 +804,6 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4])
#endif #endif
vidx++; vidx++;
} }
/* if there is no input buffers than add in a single FIFO LOAD to kick off /* if there is no input buffers than add in a single FIFO LOAD to kick off
@@ -853,607 +842,6 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4])
} }
#if defined(__INTEGRITY) || defined(INTEGRITY)
/* returns amount written on success and negative value in error case.
* Is different from caamAddIO in that it only adds a single input buffer
* rather than multiple ones.
*/
static int caamAesInput(struct DescStruct* desc, unsigned int* idx, int align,
unsigned int totalSz)
{
int sz;
unsigned int i = *idx;
/* handle alignment constraints on input */
if (desc->alignIdx > 0) {
sz = desc->alignIdx;
/* if there is more input buffers then add part of it */
if (i < desc->outputIdx && i < desc->DescriptorCount) {
sz = align - desc->alignIdx;
sz = (sz <= desc->buf[i].dataSz) ? sz : desc->buf[i].dataSz;
memcpy((unsigned char*)(desc->alignBuf) + desc->alignIdx,
(unsigned char*)(desc->buf[i].data), sz);
desc->buf[i].dataSz -= sz;
desc->buf[i].data += sz;
sz += desc->alignIdx;
}
if (desc->idx + 2 > MAX_DESC_SZ) {
return -1;
}
ASP_FlushCaches((CAAM_ADDRESS)desc->alignBuf, sz);
desc->desc[desc->idx++] = (CAAM_FIFO_L | FIFOL_TYPE_LC1 |
CAAM_CLASS1 | FIFOL_TYPE_MSG) + sz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->alignBuf);
desc->alignIdx = 0;
}
else {
sz = desc->buf[i].dataSz;
if ((totalSz + sz) == desc->inputSz) { /* not an issue on final */
align = 1;
}
desc->alignIdx = sz % align;
if (desc->alignIdx != 0) {
sz -= desc->alignIdx;
memcpy((unsigned char*)desc->alignBuf,
(unsigned char*)(desc->buf[i].data) + sz,
desc->alignIdx);
}
if (desc->idx + 2 > MAX_DESC_SZ) {
return -1;
}
desc->desc[desc->idx++] = (CAAM_FIFO_L | FIFOL_TYPE_LC1 |
CAAM_CLASS1 | FIFOL_TYPE_MSG) + sz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->buf[i].data);
i++;
}
*idx = i;
return sz;
}
/* returns enum Success on success, all other return values should be
* considered an error.
*
* ofst is the amount of leftover buffer from previous calls
* inputSz is the amount of input in bytes that is being matched to output
*/
static Error caamAesOutput(struct DescStruct* desc, int* ofst, unsigned int inputSz)
{
int offset = *ofst;
if (desc->output != 0 && offset > 0 && inputSz > 0) {
unsigned int addSz;
/* handle potential leftovers */
addSz = (inputSz >= offset) ? offset : inputSz;
inputSz -= addSz;
desc->desc[desc->idx++] = CAAM_FIFO_S | FIFOS_TYPE_MSG + addSz;
if (inputSz > 0) { /* check if expecting more output */
desc->desc[desc->idx - 1] |= CAAM_FIFOS_CONT;
}
desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->output);
if (addSz == offset) {
/* reset */
desc->output = 0;
offset = 0;
}
else {
offset -= addSz;
desc->output += addSz;
if (offset < 0) {
return TransferFailed;
}
}
}
for (; desc->lastIdx < desc->DescriptorCount; desc->lastIdx++) {
struct buffer* buf = &desc->buf[desc->lastIdx];
if (inputSz > 0) {
int tmp;
if (buf->dataSz <= inputSz) {
tmp = buf->dataSz;
}
else {
offset = buf->dataSz - inputSz;
tmp = inputSz;
desc->output = buf->data + tmp;
}
inputSz -= tmp;
if (desc->idx + 2 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->desc[desc->idx++] = CAAM_FIFO_S | FIFOS_TYPE_MSG + tmp;
if (inputSz > 0) { /* check if expecting more output */
desc->desc[desc->idx - 1] |= CAAM_FIFOS_CONT;
}
desc->desc[desc->idx++] = BSP_VirtualToPhysical(buf->data);
}
else {
break;
}
}
*ofst = offset;
return Success;
}
/* check size of output and get starting buffer for it */
static Error caamAesOutSz(struct DescStruct* desc, unsigned int i)
{
int sz = 0;
for (desc->outputIdx = i; desc->outputIdx < desc->DescriptorCount &&
sz < desc->inputSz; desc->outputIdx++) {
sz += desc->buf[desc->outputIdx].dataSz;
}
desc->lastIdx = desc->outputIdx;
/* make certain that output size is same as input */
sz = 0;
for (; desc->lastIdx < desc->DescriptorCount; desc->lastIdx++) {
sz += desc->buf[desc->lastIdx].dataSz;
}
if (sz != desc->inputSz) {
return SizeIsTooLarge;
}
desc->lastIdx = desc->outputIdx;
return Success;
}
/* AES operations follow the buffer sequence of KEY -> (IV) -> Input -> Output
*/
static Error caamAes(struct DescStruct* desc)
{
struct buffer* ctx[3];
struct buffer* iv[3];
Value ofst = 0;
Error err;
unsigned int i, totalSz = 0;
int ctxIdx = 0;
int ivIdx = 0;
int offset = 0;
int align = 1;
int sz = 0;
int ctxSz = desc->ctxSz;
if (desc->state != CAAM_ENC && desc->state != CAAM_DEC) {
return IllegalStatusNumber;
}
if (ctxSz != 16 && ctxSz != 24 && ctxSz != 32) {
return ArgumentError;
}
/* get key */
for (i = 0; i < desc->DescriptorCount; i++) {
struct buffer* buf = &desc->buf[i];
unsigned char* local = (unsigned char*)desc->ctxBuf;
if (sz < ctxSz && sz < (MAX_CTX * sizeof(unsigned int))) {
ctx[ctxIdx] = buf;
sz += buf->dataSz;
memcpy((unsigned char*)&local[offset],
(unsigned char*)ctx[ctxIdx]->data, ctx[ctxIdx]->dataSz);
offset += ctx[ctxIdx]->dataSz;
ctxIdx++;
}
else {
break;
}
}
/* sanity checks on size of key */
if (sz > ctxSz) {
return SizeIsTooLarge;
}
if (ctxSz > (MAX_CTX * sizeof(unsigned int)) - 16) {
return ArgumentError;
}
/* Flush cache of ctx buffer then :
Add KEY Load command 0x0220000X
Add address to read key from 0xXXXXXXXX */
ASP_FlushCaches((CAAM_ADDRESS)desc->ctxBuf, ctxSz);
if (desc->idx + 2 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->desc[desc->idx++] = (CAAM_KEY | CAAM_CLASS1 | CAAM_NWB) + ctxSz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->ctxBuf);
/* get IV if needed by algorithm */
switch (desc->type) {
case CAAM_AESECB:
break;
case CAAM_AESCTR:
ofst = 0x00001000;
/* fall through because states are the same only the offset changes */
case CAAM_AESCBC:
{
int maxSz = 16; /* default to CBC/CTR max size */
sz = 0;
offset = 0;
for (; i < desc->DescriptorCount; i++) {
struct buffer* buf = &desc->buf[i];
unsigned char* local = (unsigned char*)desc->iv;
if (sz < maxSz) {
iv[ivIdx] = buf;
if (buf->dataSz + sz > maxSz) {
return SizeIsTooLarge;
}
sz += buf->dataSz;
memcpy((unsigned char*)&local[offset],
(unsigned char*)iv[ivIdx]->data, iv[ivIdx]->dataSz);
offset += iv[ivIdx]->dataSz;
ivIdx++;
}
else {
break;
}
}
if (sz != maxSz) {
/* invalid IV size */
return SizeIsTooLarge;
}
ASP_FlushCaches((CAAM_ADDRESS)desc->iv, maxSz);
if (desc->idx + 2 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->desc[desc->idx++] = (CAAM_LOAD_CTX | CAAM_CLASS1 | ofst) + maxSz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->iv);
}
break;
default:
return OperationNotImplemented;
}
/* write operation */
if (desc->idx + 1 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->desc[desc->idx++] = CAAM_OP | CAAM_CLASS1 | desc->type |
CAAM_ALG_UPDATE | desc->state;
/* find output buffers */
if (caamAesOutSz(desc, i) != Success) {
return SizeIsTooLarge;
}
/* set alignment constraints */
if (desc->type == CAAM_AESCBC || desc->type == CAAM_AESECB) {
align = 16;
}
/* indefinite loop for input/output buffers */
desc->headIdx = desc->idx;
desc->output = 0;
offset = 0; /* store left over amount for output buffer */
do {
desc->idx = desc->headIdx; /* reset for each loop */
/* add a single input buffer (multiple ones was giving deco watch dog
* time out errors on the FIFO load of 1c.
* @TODO this could be a place for optimization if more data could be
* loaded in at one time */
if ((sz = caamAesInput(desc, &i, align, totalSz)) < 0) {
return TransferFailed;
}
totalSz += sz;
if (caamAesOutput(desc, &offset, sz) != Success) {
return TransferFailed;
}
/* store updated IV */
if (ivIdx > 0) {
if (desc->idx + 2 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->desc[desc->idx++] = CAAM_STORE_CTX | CAAM_CLASS1 | ofst | 16;
desc->desc[desc->idx++] = BSP_VirtualToPhysical((CAAM_ADDRESS)desc->iv);
}
if ((err = caamDoJob(desc)) != Success) {
return err;
}
ASP_FlushCaches((CAAM_ADDRESS)desc->iv, 16);
} while (desc->lastIdx < desc->DescriptorCount || offset > 0);
/* flush output buffers */
for (i = desc->outputIdx; i < desc->lastIdx; i++) {
ASP_FlushCaches(desc->buf[i].data, desc->buf[i].dataSz);
}
/* handle case with IV */
if (ivIdx > 0) {
unsigned char* pt = (unsigned char*)desc->iv;
ASP_FlushCaches((CAAM_ADDRESS)pt, 16);
for (i = 0; i < ivIdx; i++) {
memcpy((unsigned char*)iv[i]->data, pt, iv[i]->dataSz);
pt += iv[i]->dataSz;
ASP_FlushCaches(iv[i]->data, iv[i]->dataSz);
}
}
return Success;
}
#endif
/******************************************************************************
CAAM AEAD Operations
****************************************************************************/
#if defined(__INTEGRITY) || defined(INTEGRITY)
/* AEAD operations follow the buffer sequence of KEY -> (IV or B0 | CTR0) -> (AD)
* -> Input -> Output
*
*/
static Error caamAead(struct DescStruct* desc)
{
struct buffer* ctx[3];
struct buffer* iv[3];
Value ofst = 0;
unsigned int state = CAAM_ALG_INIT;
unsigned int totalSz = 0;
Error err;
unsigned int i;
int ctxIdx = 0;
int ivIdx = 0;
int offset = 0;
int sz = 0;
int ivSz = 32; /* size of B0 | CTR0 for CCM mode */
int ctxSz = desc->ctxSz;
int align = 16; /* input should be multiples of 16 bytes unless is final */
int opIdx;
if (desc->state != CAAM_ENC && desc->state != CAAM_DEC) {
return IllegalStatusNumber;
}
/* sanity check is valid AES key size */
if (ctxSz != 16 && ctxSz != 24 && ctxSz != 32) {
return ArgumentError;
}
/* get key */
for (i = 0; i < desc->DescriptorCount; i++) {
struct buffer* buf = &desc->buf[i];
unsigned char* local = (unsigned char*)desc->ctxBuf;
if (sz < ctxSz && sz < (MAX_CTX * sizeof(unsigned int))) {
ctx[ctxIdx] = buf;
sz += buf->dataSz;
memcpy((unsigned char*)&local[offset],
(unsigned char*)ctx[ctxIdx]->data, ctx[ctxIdx]->dataSz);
offset += ctx[ctxIdx]->dataSz;
ctxIdx++;
}
else {
break;
}
}
/* sanity checks on size of key */
if (sz > ctxSz) {
return SizeIsTooLarge;
}
/* Flush cache of ctx buffer then :
Add KEY Load command 0x0220000X
Add address to read key from 0xXXXXXXXX */
ASP_FlushCaches((CAAM_ADDRESS)desc->ctxBuf, ctxSz);
if (desc->idx + 2 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->desc[desc->idx++] = (CAAM_KEY | CAAM_CLASS1 | CAAM_NWB) + ctxSz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->ctxBuf);
desc->headIdx = desc->idx;
desc->output = 0;
offset = 0; /* store left over amount for output buffer */
do {
desc->idx = desc->headIdx; /* reset for each loop */
/* write operation */
if (desc->idx + 1 > MAX_DESC_SZ) {
return TransferFailed;
}
opIdx = desc->idx;
desc->desc[desc->idx++] = CAAM_OP | CAAM_CLASS1 | state | desc->type |
desc->state;
/* get IV if needed by algorithm */
switch (desc->type) {
case CAAM_AESCCM:
if ((state & CAAM_ALG_INIT) == CAAM_ALG_INIT) {
sz = 0;
offset = 0;
for (; i < desc->DescriptorCount; i++) {
struct buffer* buf = &desc->buf[i];
unsigned char* local = (unsigned char*)desc->iv;
if (sz < ivSz) {
iv[ivIdx] = buf;
if (buf->dataSz + sz > ivSz) {
return SizeIsTooLarge;
}
sz += buf->dataSz;
memcpy((unsigned char*)&local[offset],
(unsigned char*)iv[ivIdx]->data, iv[ivIdx]->dataSz);
offset += iv[ivIdx]->dataSz;
ivIdx++;
}
else {
break;
}
}
if (sz != ivSz) {
/* invalid IV size */
return SizeIsTooLarge;
}
offset = 0;
}
ASP_FlushCaches((CAAM_ADDRESS)desc->iv, ivSz);
if (desc->idx + 2 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->desc[desc->idx++] = (CAAM_LOAD_CTX | CAAM_CLASS1 | ofst)
+ ivSz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->iv);
break;
default:
return OperationNotImplemented;
}
/********* handle AAD -- is only done with Init **********************/
if ((state & CAAM_ALG_INIT) == CAAM_ALG_INIT) {
if ((desc->type == CAAM_AESCCM) && (desc->aadSz > 0)) {
/* set formatted AAD buffer size for CCM */
ASP_FlushCaches((CAAM_ADDRESS)desc->aadSzBuf, sizeof(desc->aadSzBuf));
desc->desc[desc->idx++] = CAAM_FIFO_L | CAAM_CLASS1 |
FIFOL_TYPE_AAD + desc->aadSz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical(desc->aadSzBuf);
/* now set aadSz to unformatted version for getting buffers */
if (desc->aadSz == 2) {
unsigned char* pt = (unsigned char*)desc->aadSzBuf;
desc->aadSz = (((unsigned int)pt[0] & 0xFF) << 8) |
((unsigned int)pt[1] & 0xFF);
}
else {
unsigned char* pt = (unsigned char*)desc->aadSzBuf;
desc->aadSz = (((unsigned int)pt[2] & 0xFF) << 24) |
(((unsigned int)pt[3] & 0xFF) << 16) |
(((unsigned int)pt[4] & 0xFF) << 8) |
((unsigned int)pt[5] & 0xFF);
}
}
/* get additional data buffers */
if (desc->aadSz > 0) {
sz = 0;
for (; i < desc->DescriptorCount; i++) {
struct buffer* buf = &desc->buf[i];
if (sz < desc->aadSz) {
if (desc->idx + 2 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->lastFifo = desc->idx;
desc->desc[desc->idx++] = CAAM_FIFO_L | CAAM_CLASS1 |
FIFOL_TYPE_AAD + buf->dataSz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical(buf->data);
sz += buf->dataSz;
}
else {
break;
}
}
/* flush AAD from FIFO and pad it to 16 byte block */
desc->desc[desc->lastFifo] |= FIFOL_TYPE_FC1;
}
/* find output buffers */
if (caamAesOutSz(desc, i) != Success) {
return SizeIsTooLarge;
}
}
/* handle alignment constraints on input */
if ((sz = caamAesInput(desc, &i, align, totalSz)) < 0) {
return TransferFailed;
}
totalSz += sz;
/* handle output buffers */
if (caamAesOutput(desc, &offset, sz) != Success) {
return TransferFailed;
}
/* store updated IV, if is last then set offset and final for MAC */
if ((desc->lastIdx == desc->DescriptorCount) && (offset == 0)) {
ivSz = 16;
if (desc->state == CAAM_ENC) {
ofst = 32 << 8; /* offset is in 15-8 bits */
}
else {
ofst = 0;
}
desc->desc[opIdx] |= CAAM_ALG_FINAL;
}
else {
/* if not final then store and use ctr and encrypted ctr from
context dword 2,3 and 4,5. Also store MAC and AAD info from
context dword 6. */
ivSz = 56;
ofst = 0;
}
if (desc->idx + 2 > MAX_DESC_SZ) {
return TransferFailed;
}
desc->desc[desc->idx++] = CAAM_STORE_CTX | CAAM_CLASS1 | ofst | ivSz;
desc->desc[desc->idx++] = BSP_VirtualToPhysical((CAAM_ADDRESS)desc->iv);
if ((err = caamDoJob(desc)) != Success) {
return err;
}
state = CAAM_ALG_UPDATE;
} while (desc->lastIdx < desc->DescriptorCount || offset > 0);
/* flush output buffers */
for (i = desc->outputIdx; i < desc->lastIdx; i++) {
ASP_FlushCaches(desc->buf[i].data, desc->buf[i].dataSz);
}
/* handle case with IV (This is also the output of MAC with AES-CCM) */
if (ivIdx > 0) {
unsigned char* pt = (unsigned char*)desc->iv;
ASP_FlushCaches((CAAM_ADDRESS)pt, ivSz);
for (i = 0; i < ivIdx; i++) {
memcpy((unsigned char*)iv[i]->data, pt, iv[i]->dataSz);
pt += iv[i]->dataSz;
ASP_FlushCaches(iv[i]->data, iv[i]->dataSz);
}
}
return Success;
}
#endif
/* ECDSA generate black key /* ECDSA generate black key
* *
* return Success on success. All other return values are considered a fail * return Success on success. All other return values are considered a fail
@@ -1605,10 +993,7 @@ int caamECDSAVerify(DESCSTRUCT* desc, CAAM_BUFFER* buf, int sz,
/* tmp buffer */ /* tmp buffer */
vaddr[vidx] = CAAM_ADR_MAP(0, 2*L, 0); vaddr[vidx] = CAAM_ADR_MAP(0, 2*L, 0);
desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL(vaddr[vidx], desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL(vaddr[vidx], 2*L);
desc->buf[i].dataSz);
vidx++; i++;
if (msgSz > 0) { if (msgSz > 0) {
desc->desc[desc->idx++] = msgSz; desc->desc[desc->idx++] = msgSz;
} }
@@ -1637,7 +1022,7 @@ int caamECDSAVerify(DESCSTRUCT* desc, CAAM_BUFFER* buf, int sz,
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++; CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++;
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++; CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++;
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++; CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++;
CAAM_ADR_UNMAP(vaddr[vidx++], desc->buf[i].data, desc->buf[i].dataSz, 0); i++; CAAM_ADR_UNMAP(vaddr[vidx++], 0, 2*L, 0);
return err; return err;
} }
@@ -1679,9 +1064,9 @@ int caamECDSASign(DESCSTRUCT* desc, int sz, unsigned int args[4])
desc->buf[i].dataSz); desc->buf[i].dataSz);
#if 0 #if 0
{ {
unsigned int z; byte* pt; unsigned int z; unsigned char* pt;
printf("private :"); printf("private :");
pt = (byte*)desc->buf[i].data; pt = (unsigned char*)desc->buf[i].data;
for (z = 0; z < desc->buf[i].dataSz; z++) for (z = 0; z < desc->buf[i].dataSz; z++)
printf("%02X", pt[z]); printf("%02X", pt[z]);
printf("\n"); printf("\n");
@@ -1700,7 +1085,8 @@ int caamECDSASign(DESCSTRUCT* desc, int sz, unsigned int args[4])
#if 0 #if 0
{ {
unsigned int z; unsigned int z;
byte *pt = (byte*)vaddr[vidx]; unsigned char *pt = (unsigned char*)vaddr[vidx];
printf("input index %d/%d\n", i, sz);
for (z = 0; z < desc->buf[i].dataSz; z++) for (z = 0; z < desc->buf[i].dataSz; z++)
printf("%02X", pt[z]); printf("%02X", pt[z]);
printf("\n"); printf("\n");
@@ -2106,8 +1492,4 @@ int caamJobRingFree()
caamFreeAllPart(); caamFreeAllPart();
return 0; return 0;
} }
#if defined(__INTEGRITY) || defined(INTEGRITY)
void (*__ghsentry_bspuserinit_InitCAAM)(void) = &InitCAAM;
#endif /* INTEGRITY */
#endif #endif

336
wolfcrypt/src/port/caam/caam_qnx.c
View File

@@ -122,7 +122,8 @@ unsigned int CAAM_ADR_TO_PHYSICAL(void* in, int inSz)
CAAM_ADDRESS CAAM_ADR_TO_VIRTUAL(CAAM_ADDRESS in, int len) CAAM_ADDRESS CAAM_ADR_TO_VIRTUAL(CAAM_ADDRESS in, int len)
{ {
void* ret; void* ret;
ret = mmap_device_memory(NULL, len, PROT_READ|PROT_WRITE, 0, in); ret = mmap_device_memory(NULL, len, PROT_READ | PROT_WRITE | PROT_NOCACHE,
0, in);
return (CAAM_ADDRESS)ret; return (CAAM_ADDRESS)ret;
} }
@@ -140,7 +141,7 @@ void* CAAM_ADR_MAP(unsigned int in, int inSz, unsigned char copy)
sz = 1; sz = 1;
} }
vaddr = mmap(NULL, sz, PROT_READ | PROT_WRITE, vaddr = mmap(NULL, sz, PROT_READ | PROT_WRITE | PROT_NOCACHE,
MAP_PHYS | MAP_SHARED | MAP_ANON, NOFD, 0); MAP_PHYS | MAP_SHARED | MAP_ANON, NOFD, 0);
if (vaddr == MAP_FAILED) { if (vaddr == MAP_FAILED) {
WOLFSSL_MSG("Failed to map memory"); WOLFSSL_MSG("Failed to map memory");
@@ -179,7 +180,7 @@ void CAAM_ADR_UNMAP(void* vaddr, unsigned int out, int outSz,
unmap it */ unmap it */
} }
if (copy && outSz > 0) { if (copy && out != 0 && outSz > 0) {
memcpy((unsigned char*)out, (unsigned char*)vaddr, outSz); memcpy((unsigned char*)out, (unsigned char*)vaddr, outSz);
} }
munmap(vaddr, sz); munmap(vaddr, sz);
@@ -285,14 +286,13 @@ static int doCMAC(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
SETIOV(&in_iovs[0], keybuf, keySz); SETIOV(&in_iovs[0], keybuf, keySz);
SETIOV(&in_iovs[1], ctx, sizeof(ctx)); SETIOV(&in_iovs[1], ctx, sizeof(ctx));
msgSz = args[3]; msgSz = args[3];
if (msgSz < 0) {
/* sanity check that enough data was sent */ WOLFSSL_MSG("CMAC msg size was a negative value");
if ((msgSz + keySz + sizeof(ctx)) > (ctp->size - idx)) { return EBADMSG;
return EOVERFLOW;
} }
if (msgSz > 0) { if (msgSz > 0) {
buf = (unsigned char*)malloc(msgSz); buf = (unsigned char*)CAAM_ADR_MAP(0, msgSz, 0);
if (buf == NULL) { if (buf == NULL) {
return ECANCELED; return ECANCELED;
} }
@@ -301,6 +301,13 @@ static int doCMAC(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
} }
ret = resmgr_msgreadv(ctp, in_iovs, numBuf, idx); ret = resmgr_msgreadv(ctp, in_iovs, numBuf, idx);
if (ret < (msgSz + keySz + sizeof(ctx))) {
/* sanity check that enough data was sent */
if (buf != NULL)
CAAM_ADR_UNMAP(buf, 0, msgSz, 0);
return EOVERFLOW;
}
tmp[0].TheAddress = (CAAM_ADDRESS)keybuf; tmp[0].TheAddress = (CAAM_ADDRESS)keybuf;
tmp[0].Length = args[1]; tmp[0].Length = args[1];
@@ -315,20 +322,22 @@ static int doCMAC(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
ret = caamAesCmac(&desc, numBuf, args); ret = caamAesCmac(&desc, numBuf, args);
if (msgSz > 0) { if (msgSz > 0) {
if (buf != NULL) if (buf != NULL)
free(buf); CAAM_ADR_UNMAP(buf, 0, msgSz, 0);
} }
if (ret != Success) { if (ret != Success) {
return EBADMSG; return EBADMSG;
} }
SETIOV(&out_iov, ctx, sizeof(ctx)); SETIOV(&out_iov, ctx, sizeof(ctx));
/* extra sanity check that out buffer is large enough */ /* extra sanity check that out buffer is large enough */
if (sizeof(ctx) > msg->o.nbytes) { if (sizeof(ctx) > msg->o.nbytes) {
return EOVERFLOW; return EOVERFLOW;
} }
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); ret = resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
if (ret < 0) {
return ECANCELED;
}
return EOK; return EOK;
} }
@@ -353,7 +362,7 @@ static int doTRNG(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
} }
if (length > 0) { if (length > 0) {
buf = (unsigned char*)malloc(length); buf = (unsigned char*)CAAM_ADR_MAP(0, length, 0);
if (buf == NULL) { if (buf == NULL) {
return ECANCELED; return ECANCELED;
} }
@@ -361,13 +370,16 @@ static int doTRNG(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
ret = caamTRNG(buf, length); ret = caamTRNG(buf, length);
if (ret == CAAM_WAITING) { if (ret == CAAM_WAITING) {
/* waiting for more entropy */ /* waiting for more entropy */
free(buf); CAAM_ADR_UNMAP(buf, 0, length, 0);
return EAGAIN; return EAGAIN;
} }
SETIOV(&out_iov, buf, length); SETIOV(&out_iov, buf, length);
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); ret = resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
free(buf); CAAM_ADR_UNMAP(buf, 0, length, 0);
if (ret < 0) {
return ECANCELED;
}
} }
return EOK; return EOK;
} }
@@ -395,7 +407,12 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
else { else {
dir = CAAM_BLOB_DECAP; dir = CAAM_BLOB_DECAP;
} }
inSz = args[2]; inSz = args[2];
if (inSz < 0) {
return EBADMSG;
}
if (args[0] == 1 && dir == CAAM_BLOB_ENCAP) { if (args[0] == 1 && dir == CAAM_BLOB_ENCAP) {
/* black blob, add 16 for MAC */ /* black blob, add 16 for MAC */
inSz = inSz + 16; inSz = inSz + 16;
@@ -406,12 +423,15 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
return EOVERFLOW; return EOVERFLOW;
} }
inBuf = (unsigned char*)malloc(inSz); inBuf = (unsigned char*)CAAM_ADR_MAP(0, inSz, 0);
if (inBuf == NULL) { if (inBuf == NULL) {
return ECANCELED; return ECANCELED;
} }
SETIOV(&in_iovs[1], inBuf, inSz); SETIOV(&in_iovs[1], inBuf, inSz);
ret = resmgr_msgreadv(ctp, in_iovs, 2, idx); ret = resmgr_msgreadv(ctp, in_iovs, 2, idx);
if (ret < inSz + args[3]) {
return EBADMSG;
}
/* key mod */ /* key mod */
tmp[0].TheAddress = (CAAM_ADDRESS)keymod; tmp[0].TheAddress = (CAAM_ADDRESS)keymod;
@@ -429,10 +449,19 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
else { else {
outSz = outSz - WC_CAAM_BLOB_SZ; outSz = outSz - WC_CAAM_BLOB_SZ;
} }
if (outSz < 0) {
return EBADMSG;
}
outBuf = (unsigned char*)malloc(outSz); if (args[0] == 1 && dir == CAAM_BLOB_DECAP) {
/* 16 for MAC tag */
outBuf = (unsigned char*)CAAM_ADR_MAP(0, outSz + 16, 0);
}
else {
outBuf = (unsigned char*)CAAM_ADR_MAP(0, outSz, 0);
}
if (outBuf == NULL) { if (outBuf == NULL) {
free(inBuf); CAAM_ADR_UNMAP(inBuf, 0, inSz, 0);
return ECANCELED; return ECANCELED;
} }
tmp[2].TheAddress = (CAAM_ADDRESS)outBuf; tmp[2].TheAddress = (CAAM_ADDRESS)outBuf;
@@ -440,19 +469,29 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
caamDescInit(&desc, dir, args, tmp, 3); caamDescInit(&desc, dir, args, tmp, 3);
ret = caamBlob(&desc); ret = caamBlob(&desc);
free(inBuf); CAAM_ADR_UNMAP(inBuf, 0, inSz, 0);
/* adjust outSz for MAC tag at the end of black key */
if (args[0] == 1 && dir == CAAM_BLOB_DECAP) {
outSz = outSz + 16;
}
if (ret != Success) { if (ret != Success) {
free(outBuf); CAAM_ADR_UNMAP(outBuf, 0, outSz, 0);
return ECANCELED; return ECANCELED;
} }
CAAM_ADR_SYNC(outBuf, outSz);
SETIOV(&out_iov, outBuf, outSz); SETIOV(&out_iov, outBuf, outSz);
if (outSz > msg->o.nbytes) { if (outSz > msg->o.nbytes) {
free(outBuf); CAAM_ADR_UNMAP(outBuf, 0, outSz, 0);
return EOVERFLOW; return EOVERFLOW;
} }
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); ret = resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
free(outBuf); CAAM_ADR_UNMAP(outBuf, 0, outSz, 0);
if (ret < 0) {
return ECANCELED;
}
return EOK; return EOK;
} }
@@ -468,11 +507,6 @@ static int doECDSA_KEYPAIR(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int
CAAM_BUFFER tmp[2]; CAAM_BUFFER tmp[2];
iov_t in_iovs[2], out_iovs[3]; iov_t in_iovs[2], out_iovs[3];
if (((2 * sizeof(CAAM_BUFFER)) > (ctp->size - idx)) ||
(((sizeof(int) * 4) + (2 * sizeof(CAAM_BUFFER)))) > msg->o.nbytes) {
return EOVERFLOW;
}
SETIOV(&in_iovs[0], &tmp[0], sizeof(CAAM_BUFFER)); SETIOV(&in_iovs[0], &tmp[0], sizeof(CAAM_BUFFER));
SETIOV(&in_iovs[1], &tmp[1], sizeof(CAAM_BUFFER)); SETIOV(&in_iovs[1], &tmp[1], sizeof(CAAM_BUFFER));
ret = resmgr_msgreadv(ctp, in_iovs, 2, idx); ret = resmgr_msgreadv(ctp, in_iovs, 2, idx);
@@ -486,8 +520,12 @@ static int doECDSA_KEYPAIR(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int
SETIOV(&out_iovs[0], &tmp[0], sizeof(CAAM_BUFFER)); SETIOV(&out_iovs[0], &tmp[0], sizeof(CAAM_BUFFER));
SETIOV(&out_iovs[1], &tmp[1], sizeof(CAAM_BUFFER)); SETIOV(&out_iovs[1], &tmp[1], sizeof(CAAM_BUFFER));
SETIOV(&out_iovs[2], args, sizeof(int) * 4); SETIOV(&out_iovs[2], args, sizeof(int) * 4);
resmgr_msgwritev(ctp, &out_iovs[0], 3, sizeof(msg->o)); ret = resmgr_msgwritev(ctp, &out_iovs[0], 3, sizeof(msg->o));
if (ret < 0) {
return ECANCELED;
}
/* claim ownership of a secure memory location */
pthread_mutex_lock(&sm_mutex); pthread_mutex_lock(&sm_mutex);
sm_ownerId[args[2]] = ctp->rcvid; sm_ownerId[args[2]] = ctp->rcvid;
pthread_mutex_unlock(&sm_mutex); pthread_mutex_unlock(&sm_mutex);
@@ -499,8 +537,8 @@ static int doECDSA_KEYPAIR(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int
/* helper function to setup and do ECC verify /* helper function to setup and do ECC verify
* returns EOK on success * returns EOK on success
*/ */
static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg,
unsigned int idx) unsigned int args[4], unsigned int idx)
{ {
DESCSTRUCT desc; DESCSTRUCT desc;
CAAM_BUFFER tmp[5]; CAAM_BUFFER tmp[5];
@@ -517,7 +555,7 @@ static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int
} }
else { else {
pubSz = args[3]*2; pubSz = args[3]*2;
pubkey = (unsigned char*)malloc(pubSz); pubkey = (unsigned char*)CAAM_ADR_MAP(0, pubSz, 0);
if (pubkey == NULL) { if (pubkey == NULL) {
return ECANCELED; return ECANCELED;
} }
@@ -525,39 +563,42 @@ static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int
SETIOV(&in_iovs[0], pubkey, args[3]*2); SETIOV(&in_iovs[0], pubkey, args[3]*2);
} }
if (((args[3] * 2) + args[2] + pubSz) > (ctp->size - idx)) { hash = (unsigned char*)CAAM_ADR_MAP(0, args[2], 0);
if (pubkey != NULL)
free(pubkey);
return EOVERFLOW;
}
hash = (unsigned char*)malloc(args[2]);
if (hash == NULL) { if (hash == NULL) {
if (pubkey != NULL) if (pubkey != NULL)
free(pubkey); CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0);
return ECANCELED; return ECANCELED;
} }
SETIOV(&in_iovs[1], hash, args[2]); SETIOV(&in_iovs[1], hash, args[2]);
r = (unsigned char*)malloc(args[3]); r = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0);
if (r == NULL) { if (r == NULL) {
if (pubkey != NULL) if (pubkey != NULL)
free(pubkey); CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0);
free(hash); CAAM_ADR_UNMAP(hash, 0, args[2], 0);
return ECANCELED; return ECANCELED;
} }
SETIOV(&in_iovs[2], r, args[3]); SETIOV(&in_iovs[2], r, args[3]);
s = (unsigned char*)malloc(args[3]); s = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0);
if (s == NULL) { if (s == NULL) {
if (pubkey != NULL) if (pubkey != NULL)
free(pubkey); CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0);
free(hash); CAAM_ADR_UNMAP(hash, 0, args[2], 0);
free(r); CAAM_ADR_UNMAP(r, 0, args[3], 0);
return ECANCELED; return ECANCELED;
} }
SETIOV(&in_iovs[3], s, args[3]); SETIOV(&in_iovs[3], s, args[3]);
ret = resmgr_msgreadv(ctp, in_iovs, 4, idx); ret = resmgr_msgreadv(ctp, in_iovs, 4, idx);
if (((args[3] * 2) + args[2] + pubSz) > ret) {
if (pubkey != NULL)
CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0);
CAAM_ADR_UNMAP(hash, 0, args[2], 0);
CAAM_ADR_UNMAP(r, 0, args[3], 0);
CAAM_ADR_UNMAP(s, 0, args[3], 0);
return EOVERFLOW;
}
/* setup CAAM buffers to pass to driver */ /* setup CAAM buffers to pass to driver */
if (args[0] == 1) { if (args[0] == 1) {
@@ -577,15 +618,20 @@ static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int
tmp[3].TheAddress = (CAAM_ADDRESS)s; tmp[3].TheAddress = (CAAM_ADDRESS)s;
tmp[3].Length = args[3]; tmp[3].Length = args[3];
if (pubkey != NULL)
CAAM_ADR_SYNC(pubkey, pubSz);
CAAM_ADR_SYNC(hash, args[2]);
CAAM_ADR_SYNC(r, args[3]);
CAAM_ADR_SYNC(s, args[3]);
caamDescInit(&desc, CAAM_ECDSA_VERIFY, args, tmp, 4); caamDescInit(&desc, CAAM_ECDSA_VERIFY, args, tmp, 4);
ret = caamECDSAVerify(&desc, tmp, 4, args); ret = caamECDSAVerify(&desc, tmp, 4, args);
/* free all buffers before inspecting the return value */ /* free all buffers before inspecting the return value */
free(hash); CAAM_ADR_UNMAP(hash, 0, args[2], 0);
free(r); CAAM_ADR_UNMAP(r, 0, args[3], 0);
free(s); CAAM_ADR_UNMAP(s, 0, args[3], 0);
if (pubkey != NULL) if (pubkey != NULL)
free(pubkey); CAAM_ADR_UNMAP(pubkey, 0, pubSz, 0);
if (ret != Success) { if (ret != Success) {
return EBADMSG; return EBADMSG;
@@ -597,8 +643,8 @@ static int doECDSA_VERIFY(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int
/* helper function to setup and do ECC sign /* helper function to setup and do ECC sign
* returns EOK on success * returns EOK on success
*/ */
static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg,
unsigned int idx) unsigned int args[4], unsigned int idx)
{ {
int ret, keySz; int ret, keySz;
DESCSTRUCT desc; DESCSTRUCT desc;
@@ -615,27 +661,28 @@ static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
} }
else { else {
keySz = args[3]; keySz = args[3];
key = (unsigned char*)malloc(keySz); key = (unsigned char*)CAAM_ADR_MAP(0, keySz, 0);
if (key == NULL) { if (key == NULL) {
return ECANCELED; return ECANCELED;
} }
SETIOV(&in_iovs[0], key, keySz); SETIOV(&in_iovs[0], key, keySz);
} }
if ((keySz + args[2]) > (ctp->size - idx)) { hash = (unsigned char*)CAAM_ADR_MAP(0, args[2], 0);
if (key != NULL)
free(key);
return EOVERFLOW;
}
hash = (unsigned char*)malloc(args[2]);
if (hash == NULL) { if (hash == NULL) {
if (key != NULL) if (key != NULL)
free(key); CAAM_ADR_UNMAP(key, 0, keySz, 0);
return ECANCELED; return ECANCELED;
} }
SETIOV(&in_iovs[1], hash, args[2]); SETIOV(&in_iovs[1], hash, args[2]);
ret = resmgr_msgreadv(ctp, in_iovs, 2, idx); ret = resmgr_msgreadv(ctp, in_iovs, 2, idx);
if ((keySz + args[2]) > ret) {
CAAM_ADR_UNMAP(hash, 0, args[2], 0);
if (key != NULL)
CAAM_ADR_UNMAP(key, 0, keySz, 0);
return EOVERFLOW;
}
/* setup CAAM buffers to pass to driver */ /* setup CAAM buffers to pass to driver */
if (args[0] == 1) { if (args[0] == 1) {
@@ -649,22 +696,22 @@ static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
tmp[1].TheAddress = (CAAM_ADDRESS)hash; tmp[1].TheAddress = (CAAM_ADDRESS)hash;
tmp[1].Length = args[2]; tmp[1].Length = args[2];
r = (unsigned char*)malloc(args[3]); r = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0);
if (r == NULL) { if (r == NULL) {
free(hash); CAAM_ADR_UNMAP(hash, 0, args[2], 0);
if (key != NULL) if (key != NULL)
free(key); CAAM_ADR_UNMAP(key, 0, keySz, 0);
return ECANCELED; return ECANCELED;
} }
tmp[2].TheAddress = (CAAM_ADDRESS)r; tmp[2].TheAddress = (CAAM_ADDRESS)r;
tmp[2].Length = args[3]; tmp[2].Length = args[3];
s = (unsigned char*)malloc(args[3]); s = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0);
if (s == NULL) { if (s == NULL) {
free(r); CAAM_ADR_UNMAP(r, 0, args[3], 0);
free(hash); CAAM_ADR_UNMAP(hash, 0, args[2], 0);
if (key != NULL) if (key != NULL)
free(key); CAAM_ADR_UNMAP(key, 0, keySz, 0);
return ECANCELED; return ECANCELED;
} }
tmp[3].TheAddress = (CAAM_ADDRESS)s; tmp[3].TheAddress = (CAAM_ADDRESS)s;
@@ -672,29 +719,32 @@ static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
caamDescInit(&desc, CAAM_ECDSA_SIGN, args, tmp, 4); caamDescInit(&desc, CAAM_ECDSA_SIGN, args, tmp, 4);
ret = caamECDSASign(&desc, 4, args); ret = caamECDSASign(&desc, 4, args);
CAAM_ADR_UNMAP(hash, 0, args[2], 0);
free(hash);
if (key != NULL) if (key != NULL)
free(key); CAAM_ADR_UNMAP(key, 0, keySz, 0);
if (ret != Success) { if (ret != Success) {
free(s); CAAM_ADR_UNMAP(s, 0, args[3], 0);
free(r); CAAM_ADR_UNMAP(r, 0, args[3], 0);
return EBADMSG; return EBADMSG;
} }
if ((args[3] * 2) > msg->o.nbytes) { if ((args[3] * 2) > msg->o.nbytes) {
free(s); CAAM_ADR_UNMAP(s, 0, args[3], 0);
free(r); CAAM_ADR_UNMAP(r, 0, args[3], 0);
return EOVERFLOW; return EOVERFLOW;
} }
CAAM_ADR_SYNC(r, args[3]);
CAAM_ADR_SYNC(s, args[3]);
SETIOV(&out_iovs[0], r, args[3]); SETIOV(&out_iovs[0], r, args[3]);
SETIOV(&out_iovs[1], s, args[3]); SETIOV(&out_iovs[1], s, args[3]);
resmgr_msgwritev(ctp, &out_iovs[0], 2, sizeof(msg->o));
free(s); ret = resmgr_msgwritev(ctp, &out_iovs[0], 2, sizeof(msg->o));
free(r); CAAM_ADR_UNMAP(s, 0, args[3], 0);
CAAM_ADR_UNMAP(r, 0, args[3], 0);
if (ret < 0) {
return ECANCELED;
}
return EOK; return EOK;
} }
@@ -702,8 +752,8 @@ static int doECDSA_SIGN(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
/* helper function to setup and get an ECC shared secret /* helper function to setup and get an ECC shared secret
* returns EOK on success * returns EOK on success
*/ */
static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg,
unsigned int idx) unsigned int args[4], unsigned int idx)
{ {
int ret; int ret;
DESCSTRUCT desc; DESCSTRUCT desc;
@@ -720,7 +770,7 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
expectedSz += sizeof(CAAM_ADDRESS); expectedSz += sizeof(CAAM_ADDRESS);
} }
else { else {
pubkey = (unsigned char*)malloc(args[3]*2); pubkey = (unsigned char*)CAAM_ADR_MAP(0, args[3]*2, 0);
if (pubkey == NULL) { if (pubkey == NULL) {
return ECANCELED; return ECANCELED;
} }
@@ -734,10 +784,10 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
expectedSz += sizeof(CAAM_ADDRESS); expectedSz += sizeof(CAAM_ADDRESS);
} }
else { else {
key = (unsigned char*)malloc(args[3]); key = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0);
if (key == NULL) { if (key == NULL) {
if (pubkey != NULL) if (pubkey != NULL)
free(pubkey); CAAM_ADR_UNMAP(pubkey, 0, args[3]*2, 0);
return ECANCELED; return ECANCELED;
} }
@@ -745,14 +795,14 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
expectedSz += args[3]; expectedSz += args[3];
} }
if (idx + expectedSz > ctp->size) {
if (pubkey != NULL)
free(pubkey);
if (key != NULL)
free(key);
return EOVERFLOW;
}
ret = resmgr_msgreadv(ctp, in_iovs, 2, idx); ret = resmgr_msgreadv(ctp, in_iovs, 2, idx);
if (expectedSz > ret) {
if (pubkey != NULL)
CAAM_ADR_UNMAP(pubkey, 0, args[3]*2, 0);
if (key != NULL)
CAAM_ADR_UNMAP(key, 0, args[3], 0);
return ECANCELED;
}
/* setup CAAM buffers to pass to driver */ /* setup CAAM buffers to pass to driver */
if (args[1] == 1) { if (args[1] == 1) {
@@ -771,12 +821,12 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
} }
tmp[1].Length = args[3]; tmp[1].Length = args[3];
shared = (unsigned char*)malloc(args[3]); shared = (unsigned char*)CAAM_ADR_MAP(0, args[3], 0);
if (shared == NULL) { if (shared == NULL) {
if (pubkey != NULL) if (pubkey != NULL)
free(pubkey); CAAM_ADR_UNMAP(pubkey, 0, args[3]*2, 0);
if (key != NULL) if (key != NULL)
free(key); CAAM_ADR_UNMAP(key, 0, args[3], 0);
return ECANCELED; return ECANCELED;
} }
@@ -785,22 +835,23 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
caamDescInit(&desc, CAAM_ECDSA_ECDH, args, tmp, 3); caamDescInit(&desc, CAAM_ECDSA_ECDH, args, tmp, 3);
ret = caamECDSA_ECDH(&desc, 3, args); ret = caamECDSA_ECDH(&desc, 3, args);
if (pubkey != NULL) if (pubkey != NULL)
free(pubkey); CAAM_ADR_UNMAP(pubkey, 0, args[3]*2, 0);
if (key != NULL) if (key != NULL)
free(key); CAAM_ADR_UNMAP(key, 0, args[3], 0);
if (ret != Success) { if (ret != Success) {
free(shared); CAAM_ADR_UNMAP(shared, 0, args[3], 0);
return EBADMSG; return EBADMSG;
} }
if (args[3] > msg->o.nbytes) { if (args[3] > msg->o.nbytes) {
free(shared); CAAM_ADR_UNMAP(shared, 0, args[3], 0);
return EOVERFLOW; return EOVERFLOW;
} }
CAAM_ADR_SYNC(shared, args[3]);
SETIOV(&out_iov, shared, args[3]); SETIOV(&out_iov, shared, args[3]);
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
free(shared); CAAM_ADR_UNMAP(shared, 0, args[3], 0);
return EOK; return EOK;
} }
@@ -808,8 +859,8 @@ static int doECDSA_ECDH(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
/* helper function to setup and cover data /* helper function to setup and cover data
* returns EOK on success * returns EOK on success
*/ */
static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg,
unsigned int idx) unsigned int args[4], unsigned int idx)
{ {
int ret; int ret;
DESCSTRUCT desc; DESCSTRUCT desc;
@@ -817,22 +868,21 @@ static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4
iov_t in_iov, out_iov; iov_t in_iov, out_iov;
unsigned char *inBuf, *outBuf; unsigned char *inBuf, *outBuf;
if (args[1] > (ctp->size - idx)) { inBuf = (unsigned char*)CAAM_ADR_MAP(0, args[1], 0);
WOLFSSL_MSG("would cause input read overflow");
return EOVERFLOW;
}
inBuf = (unsigned char*)malloc(args[1]);
if (inBuf == NULL) { if (inBuf == NULL) {
return ECANCELED; return ECANCELED;
} }
SETIOV(&in_iov, inBuf, args[1]); SETIOV(&in_iov, inBuf, args[1]);
ret = resmgr_msgreadv(ctp, &in_iov, 1, idx); ret = resmgr_msgreadv(ctp, &in_iov, 1, idx);
if (ret < args[1]) {
return EBADMSG;
}
outBuf = (unsigned char*)malloc(args[1] + 16); /* plus 16 for MAC */ /* plus 16 for MAC */
outBuf = (unsigned char*)CAAM_ADR_MAP(0, args[1] + 16, 0);
if (outBuf == NULL) { if (outBuf == NULL) {
free(inBuf); CAAM_ADR_UNMAP(inBuf, 0, args[1], 0);
return ECANCELED; return ECANCELED;
} }
@@ -844,22 +894,21 @@ static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4
caamDescInit(&desc, CAAM_FIFO_S, args, tmp, 2); caamDescInit(&desc, CAAM_FIFO_S, args, tmp, 2);
ret = caamKeyCover(&desc, 2, args); ret = caamKeyCover(&desc, 2, args);
free(inBuf); CAAM_ADR_UNMAP(inBuf, 0, args[1], 0);
if (ret != Success) { if (ret != Success) {
free(outBuf); CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0);
return EBADMSG; return EBADMSG;
} }
if (args[1] + 16 > msg->o.nbytes) { if (args[1] + 16 > msg->o.nbytes) {
free(outBuf); CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0);
WOLFSSL_MSG("would cause output buffer overflow"); WOLFSSL_MSG("would cause output buffer overflow");
return EOVERFLOW; return EOVERFLOW;
} }
SETIOV(&out_iov, outBuf, args[1] + 16); SETIOV(&out_iov, outBuf, args[1] + 16);
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
free(outBuf); CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0);
return EOK; return EOK;
} }
@@ -867,8 +916,8 @@ static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4
/* helper function to get partition /* helper function to get partition
* returns EOK on success * returns EOK on success
*/ */
static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg,
unsigned int idx) unsigned int args[4], unsigned int idx)
{ {
int partNumber; int partNumber;
int partSz; int partSz;
@@ -892,41 +941,37 @@ static int doGET_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args
/* helper function to write to a partition /* helper function to write to a partition
* returns EOK on success * returns EOK on success
*/ */
static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg,
unsigned int idx) unsigned int args[4], unsigned int idx)
{ {
int partSz, ret; int partSz, ret;
CAAM_ADDRESS partAddr; CAAM_ADDRESS partAddr;
unsigned char *buf; unsigned char *buf;
iov_t in_iov; iov_t in_iov;
if (args[1] > (ctp->size - idx)) {
return EOVERFLOW;
}
buf = (unsigned char*)malloc(args[1]);
if (buf == NULL) {
return ECANCELED;
}
SETIOV(&in_iov, buf, args[1]);
ret = resmgr_msgreadv(ctp, &in_iov, 1, idx);
if (ret != args[1]) {
free(buf);
return EBADMSG;
}
/* get arguments */ /* get arguments */
partAddr = args[0]; partAddr = args[0];
partSz = args[1]; partSz = args[1];
/* sanity check on address and length */ buf = (unsigned char*)CAAM_ADR_MAP(0, partSz, 0);
if (sanityCheckPartitionAddress(partAddr, partSz) != 0) { if (buf == NULL) {
free(buf); return ECANCELED;
}
SETIOV(&in_iov, buf, partSz);
ret = resmgr_msgreadv(ctp, &in_iov, 1, idx);
if (ret != partSz) {
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
return EBADMSG; return EBADMSG;
} }
memcpy((unsigned int*)partAddr, buf, partSz); /* sanity check on address and length */
if (sanityCheckPartitionAddress(partAddr, partSz) != 0) {
CAAM_ADR_UNMAP(buf, 0, partSz, 0);
return EBADMSG;
}
CAAM_ADR_UNMAP(buf, partAddr, partSz, 1);
return EOK; return EOK;
} }
@@ -934,8 +979,8 @@ static int doWRITE_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int ar
/* helper function to read a partition /* helper function to read a partition
* returns EOK on success * returns EOK on success
*/ */
static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4], static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg,
unsigned int idx) unsigned int args[4], unsigned int idx)
{ {
int partSz; int partSz;
CAAM_ADDRESS partAddr; CAAM_ADDRESS partAddr;
@@ -956,20 +1001,19 @@ static int doREAD_PART(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int arg
return EBADMSG; return EBADMSG;
} }
buf = (unsigned char*)malloc(partSz); buf = (unsigned char*)CAAM_ADR_MAP(0, partSz, 0);
if (buf == NULL) { if (buf == NULL) {
return ECANCELED; return ECANCELED;
} }
memcpy(buf, (unsigned int*)partAddr, partSz); memcpy(buf, (unsigned int*)partAddr, partSz);
SETIOV(&out_iov, buf, partSz); SETIOV(&out_iov, buf, partSz);
resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o)); resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
free(buf); CAAM_ADR_UNMAP(buf, 0, partSz, 0);
return EOK; return EOK;
} }
int io_devctl (resmgr_context_t *ctp, io_devctl_t *msg, int io_devctl (resmgr_context_t *ctp, io_devctl_t *msg, iofunc_ocb_t *ocb)
iofunc_ocb_t *ocb)
{ {
int ret = EBADMSG; int ret = EBADMSG;
unsigned int idx = sizeof(msg->i); unsigned int idx = sizeof(msg->i);
@@ -1144,7 +1188,7 @@ int io_read (resmgr_context_t *ctp, io_read_t *msg, RESMGR_OCB_T *ocb)
return (ENOSYS); return (ENOSYS);
} }
if (ocb->offset == 0) { /* not doing anything fancy here, just fill up what can */ if (ocb->offset == 0) { /* just fill up what can */
int sz = min(msg->i.nbytes, sizeof(cannedResponse)); int sz = min(msg->i.nbytes, sizeof(cannedResponse));
MsgReply(ctp->rcvid, sz, cannedResponse, sz); MsgReply(ctp->rcvid, sz, cannedResponse, sz);
ocb->offset += sz; ocb->offset += sz;

3
wolfcrypt/src/port/caam/wolfcaam_init.c
View File

@@ -132,7 +132,8 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
case WC_ALGO_TYPE_SEED: case WC_ALGO_TYPE_SEED:
case WC_ALGO_TYPE_HMAC: case WC_ALGO_TYPE_HMAC:
default: default:
WOLFSSL_MSG("Not implemented yet with CAAM"); /* Not implemented yet with CAAM */
ret = CRYPTOCB_UNAVAILABLE;
} }
return ret; return ret;

2
wolfcrypt/src/port/caam/wolfcaam_qnx.c
View File

@@ -1,4 +1,4 @@
/* wolfcaam_qnx.h /* wolfcaam_qnx.c
* *
* Copyright (C) 2006-2020 wolfSSL Inc. * Copyright (C) 2006-2020 wolfSSL Inc.
* *