From f9e5e4d08a624568c81c8bb2d1133af8ec05e8ac Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Fri, 8 Sep 2023 15:05:22 -0400 Subject: [PATCH 01/10] Clean up the 'async-check.sh' script Far too many times I got burned by passing the wrong argument and things getting set up wrong. --- .gitignore | 2 +- async-check.sh | 117 +++++++++++++++++++++++++------------------------ 2 files changed, 60 insertions(+), 59 deletions(-) diff --git a/.gitignore b/.gitignore index cb6d67e4b..83bc4ebd5 100644 --- a/.gitignore +++ b/.gitignore @@ -407,7 +407,7 @@ libFuzzer XXX-fips-test # ASYNC -async +/wolfAsyncCrypt # Generated user_settings_asm.h. user_settings_asm.h diff --git a/async-check.sh b/async-check.sh index 5a0246940..d3fbee83c 100755 --- a/async-check.sh +++ b/async-check.sh @@ -13,22 +13,21 @@ # or make # +# Fail on any error in script +set -e + ASYNC_REPO=https://github.com/wolfSSL/wolfAsyncCrypt.git +ASYNC_DIR=${ASYNC_DIR:-wolfAsyncCrypt} function Usage() { - printf '\n%s\n\n' "Usage: $0 [keep|clean|setup]" - printf '%s\n' "Where \"keep\" means keep (default off) async files around for inspection" - printf '%s\n' "Where \"clean\" means only clean (default off) the async files" - printf '%s\n\n' "Where \"setup\" means only setup (default off) the async files" - printf '%s\n' "EXAMPLE:" - printf '%s\n' "---------------------------------" - printf '%s\n' "./async-check.sh keep" - printf '%s\n' "./async-check.sh clean" - printf '%s\n' "./async-check.sh setup" - printf '%s\n\n' "---------------------------------" + printf "Usage: $0 [install|uninstall|test|remove]\n" + printf "\tinstall - get and set up links to wolfAsyncCrypt files\n" + printf "\tuninstall - remove the links to wolfAsyncCrypt\n" + printf "\ttest - install and run 'make check'\n" + printf "\tremove - uninstall and remove wolfAsyncCrypt\n" } -function CleanUp() { +function UnlinkFiles() { unlink ./wolfcrypt/src/async.c unlink ./wolfssl/wolfcrypt/async.h unlink ./wolfcrypt/src/port/intel/quickassist.c @@ -40,8 +39,6 @@ function CleanUp() { unlink ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h unlink ./wolfcrypt/src/port/cavium/README.md - rm -rf ./async - # restore original README.md files git checkout -- wolfcrypt/src/port/cavium/README.md git checkout -- wolfcrypt/src/port/intel/README.md @@ -49,16 +46,46 @@ function CleanUp() { function LinkFiles() { # link files - ln -s -f ../../async/wolfcrypt/src/async.c ./wolfcrypt/src/async.c - ln -s -f ../../async/wolfssl/wolfcrypt/async.h ./wolfssl/wolfcrypt/async.h - ln -s -f ../../../../async/wolfcrypt/src/port/intel/quickassist.c ./wolfcrypt/src/port/intel/quickassist.c - ln -s -f ../../../../async/wolfcrypt/src/port/intel/quickassist_mem.c ./wolfcrypt/src/port/intel/quickassist_mem.c - ln -s -f ../../../../async/wolfcrypt/src/port/intel/README.md ./wolfcrypt/src/port/intel/README.md - ln -s -f ../../../../async/wolfssl/wolfcrypt/port/intel/quickassist.h ./wolfssl/wolfcrypt/port/intel/quickassist.h - ln -s -f ../../../../async/wolfssl/wolfcrypt/port/intel/quickassist_mem.h ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h - ln -s -f ../../../../async/wolfcrypt/src/port/cavium/cavium_nitrox.c ./wolfcrypt/src/port/cavium/cavium_nitrox.c - ln -s -f ../../../../async/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h - ln -s -f ../../../../async/wolfcrypt/src/port/cavium/README.md ./wolfcrypt/src/port/cavium/README.md + ln -s -f ../../${ASYNC_DIR}/wolfcrypt/src/async.c ./wolfcrypt/src/async.c + ln -s -f ../../${ASYNC_DIR}/wolfssl/wolfcrypt/async.h ./wolfssl/wolfcrypt/async.h + ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/intel/quickassist.c ./wolfcrypt/src/port/intel/quickassist.c + ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/intel/quickassist_mem.c ./wolfcrypt/src/port/intel/quickassist_mem.c + ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/intel/README.md ./wolfcrypt/src/port/intel/README.md + ln -s -f ../../../../${ASYNC_DIR}/wolfssl/wolfcrypt/port/intel/quickassist.h ./wolfssl/wolfcrypt/port/intel/quickassist.h + ln -s -f ../../../../${ASYNC_DIR}/wolfssl/wolfcrypt/port/intel/quickassist_mem.h ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h + ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/cavium/cavium_nitrox.c ./wolfcrypt/src/port/cavium/cavium_nitrox.c + ln -s -f ../../../../${ASYNC_DIR}/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h + ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/cavium/README.md ./wolfcrypt/src/port/cavium/README.md +} + +function Install() { + if [ -d $ASYNC_DIR ]; + then + echo "Using existing async repo" + else + # make a clone of the wolfAsyncCrypt repository + git clone --depth 1 $ASYNC_REPO $ASYNC_DIR + fi + +# setup auto-conf + ./autogen.sh + LinkFiles +} + +function Uninstall() { + UnlinkFiles +} + +function Test() { + Install + ./configure --enable-asynccrypt --enable-all + make check +} + +function Remove() { + UnlinkFiles + + rm -rf ./async } if [ "$#" -gt 1 ]; then @@ -66,19 +93,18 @@ if [ "$#" -gt 1 ]; then exit 1 fi -KEEP=no -ONLY_SETUP=no - case "x$1" in - "xkeep") - KEEP=yes + "xinstall") + Install ;; - "xclean") - CleanUp - exit 0 + "xuninstall") + Uninstall ;; - "xsetup") - ONLY_SETUP=yes + "xremove") + Remove + ;; + "xtest") + Test ;; *) Usage @@ -86,28 +112,3 @@ case "x$1" in ;; esac -# Fail on any error in script from now on -set -e - -if [ -d ./async ]; -then - echo "Using existing async repo" -else - # make a clone of the wolfAsyncCrypt repository - git clone --depth 1 $ASYNC_REPO async -fi - -# setup auto-conf -./autogen.sh -LinkFiles -if [ "x$ONLY_SETUP" == "xno" ]; -then - ./configure --enable-asynccrypt --enable-all - make check - # Clean up - if [ "x$KEEP" == "xno" ]; - then - CleanUp - fi -fi - From 23ebace6b172f58ecc1afece8e7bce1f0761af55 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Fri, 8 Sep 2023 16:34:04 -0400 Subject: [PATCH 02/10] Fix event handling --- wolfcrypt/src/wolfevent.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/wolfevent.c b/wolfcrypt/src/wolfevent.c index bcf1d9dcf..01ddd1131 100644 --- a/wolfcrypt/src/wolfevent.c +++ b/wolfcrypt/src/wolfevent.c @@ -180,8 +180,12 @@ int wolfEventQueue_Remove(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event) else { WOLF_EVENT* next = event->next; WOLF_EVENT* prev = event->prev; - next->prev = prev; - prev->next = next; + if ((next == NULL) || (prev == NULL)) { + ret = BAD_STATE_E; + } else { + next->prev = prev; + prev->next = next; + } } queue->count--; From 57e870e0d4a55f4800f1076e972e63d517e72940 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 11 Sep 2023 12:05:11 -0400 Subject: [PATCH 03/10] Add Async examples --- .gitignore | 4 +- examples/async/README.md | 34 ++++ examples/async/async_client.c | 277 +++++++++++++++++++++++++++ examples/async/async_server.c | 350 ++++++++++++++++++++++++++++++++++ examples/async/async_tls.c | 158 +++++++++++++++ examples/async/async_tls.h | 42 ++++ examples/async/include.am | 24 +++ examples/include.am | 1 + 8 files changed, 889 insertions(+), 1 deletion(-) create mode 100644 examples/async/README.md create mode 100644 examples/async/async_client.c create mode 100644 examples/async/async_server.c create mode 100644 examples/async/async_tls.c create mode 100644 examples/async/async_tls.h create mode 100644 examples/async/include.am diff --git a/.gitignore b/.gitignore index 83bc4ebd5..3c526f6eb 100644 --- a/.gitignore +++ b/.gitignore @@ -10,7 +10,7 @@ ctaocrypt/src/src/ *.cache .dirstamp *.user -configure +configure config.* !cmake/config.in *Debug/ @@ -64,6 +64,8 @@ ctaocrypt/benchmark/benchmark ctaocrypt/test/testctaocrypt wolfcrypt/benchmark/benchmark wolfcrypt/test/testwolfcrypt +examples/async/async_client +examples/async/async_server examples/benchmark/tls_bench examples/client/client examples/echoclient/echoclient diff --git a/examples/async/README.md b/examples/async/README.md new file mode 100644 index 000000000..2dbde6c40 --- /dev/null +++ b/examples/async/README.md @@ -0,0 +1,34 @@ +# wolfSSL Asynchronous Cryptography support + +Supported with: +* Intel QuickAssist +* Marvell (Cavium) Nitrox +* Crypto Callbacks (`--enable-cryptocb`) +* PK Callbacks (`--enable-pkcallbacks`) + +Requires files from https://github.com/wolfSSL/wolfAsyncCrypt +See `async-check.sh` for how to setup. + +Tested with: +* `./configure --enable-asynccrypt --enable-rsa --disable-ecc` +* `./configure --enable-asynccrypt --disable-rsa --enable-ecc` +* `./configure --enable-asynccrypt --enable-cryptocb --enable-rsa --disable-ecc` +* `./configure --enable-asynccrypt --enable-cryptocb --disable-rsa --enable-ecc` +* `./configure --enable-asynccrypt --enable-pkcallbacks --enable-rsa --disable-ecc` +* `./configure --enable-asynccrypt --enable-pkcallbacks --disable-rsa --enable-ecc` + +``` +make +./examples/async/async_server +./examples/async/async_client 127.0.0.1 +``` + +## Asynchronous Cryptography Design + +When a cryptogaphic call is handed off to harware it return `WC_PENDING_E` up to caller. Then it can keep calling until the operation completes. For some platforms it is required to call `wolfSSL_AsyncPoll`. At the TLS layer a "devId" (Device ID) must be set using `wolfSSL_CTX_SetDevId` to indicate desire to offload cryptography. + +For further design details please see: https://github.com/wolfSSL/wolfAsyncCrypt#design + +## Support + +For questions please email support@wolfssl.com diff --git a/examples/async/async_client.c b/examples/async/async_client.c new file mode 100644 index 000000000..a0df6a146 --- /dev/null +++ b/examples/async/async_client.c @@ -0,0 +1,277 @@ +/* async_client.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* TLS client demonstrating asynchronous cryptography features and optionally + * using the crypto or PK callbacks */ + +/* std */ +#include +#include +#include + +/* socket */ +#include +#include +#include +#include + +/* wolfSSL */ +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include +#include +#include +#include "examples/async/async_tls.h" + +/* Test certificates and keys for RSA and ECC */ +#ifndef NO_RSA + #define CERT_FILE "./certs/client-cert.pem" + #define KEY_FILE "./certs/client-key.pem" + #define CA_FILE "./certs/ca-cert.pem" +#elif defined(HAVE_ECC) + #define CERT_FILE "./certs/client-ecc-cert.pem" + #define KEY_FILE "./certs/ecc-client-key.pem" + #define CA_FILE "./certs/ca-ecc-cert.pem" +#else + #error No authentication algorithm (ECC/RSA) +#endif + +int client_async_test(int argc, char** argv) +{ + int ret = 0; + int sockfd = SOCKET_INVALID; + struct sockaddr_in servAddr; + char buff[TEST_BUF_SZ]; + size_t len; + int devId = 1; /* anything besides -2 (INVALID_DEVID) */ +#ifdef WOLF_CRYPTO_CB + AsyncTlsCryptoCbCtx myCtx; +#endif + int err; + char errBuff[WOLFSSL_MAX_ERROR_SZ]; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + /* Check for proper calling convention */ + if (argc != 2) { + printf("usage: %s \n", argv[0]); + return 0; + } + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + ret = -1; goto exit; + } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + + /* Get the server IPv4 address from the command line call */ + if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) { + fprintf(stderr, "ERROR: invalid address\n"); + ret = -1; goto exit; + } + + /* Connect to the server */ + if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr))) + == -1) { + fprintf(stderr, "ERROR: failed to connect\n"); + goto exit; + } + + /*---------------------------------*/ + /* Start of wolfSSL initialization and configuration */ + /*---------------------------------*/ +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); +#endif + + /* Initialize wolfSSL */ + if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: Failed to initialize the library\n"); + goto exit; + } + + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + ret = -1; goto exit; + } + +#ifdef WOLF_CRYPTO_CB + XMEMSET(&myCtx, 0, sizeof(myCtx)); + /* register a devID for crypto callbacks */ + ret = wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &myCtx); + if (ret != 0) { + fprintf(stderr, "wc_CryptoCb_RegisterDevice: error %d", ret); + goto exit; + } +#endif + /* register a devID for crypto callbacks */ + wolfSSL_CTX_SetDevId(ctx, devId); + + /* Load client certificate into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, WOLFSSL_FILETYPE_PEM)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); + goto exit; + } + + /* Load client key into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, WOLFSSL_FILETYPE_PEM)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + KEY_FILE); + goto exit; + } + + /* Load CA certificate into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CA_FILE); + goto exit; + } + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + ret = -1; goto exit; + } + + /* Attach wolfSSL to the socket */ + if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: Failed to set the file descriptor\n"); + goto exit; + } + + /* Connect to wolfSSL on the server side */ +#ifdef WOLFSSL_ASYNC_CRYPT + err = 0; /* Reset error */ +#endif + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) + break; + } + #endif + ret = wolfSSL_connect(ssl); + err = wolfSSL_get_error(ssl, 0); + } while (err == WC_PENDING_E); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_connect error %d: %s\n", + err, wolfSSL_ERR_error_string(err, errBuff)); + goto exit; + } + + /* Get a message for the server from stdin */ + printf("Message for server: "); + memset(buff, 0, sizeof(buff)); + if (fgets(buff, sizeof(buff), stdin) == NULL) { + fprintf(stderr, "ERROR: failed to get message for server\n"); + ret = -1; goto exit; + } + len = strnlen(buff, sizeof(buff)); + + /* Send the message to the server */ +#ifdef WOLFSSL_ASYNC_CRYPT + err = 0; /* Reset error */ +#endif + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) + break; + } + #endif + ret = wolfSSL_write(ssl, buff, (int)len); + err = wolfSSL_get_error(ssl, 0); + } while (err == WC_PENDING_E); + if (ret != (int)len) { + fprintf(stderr, "wolfSSL_write error %d: %s\n", + err, wolfSSL_ERR_error_string(err, errBuff)); + goto exit; + } + + /* Read the server data into our buff array */ + memset(buff, 0, sizeof(buff)); +#ifdef WOLFSSL_ASYNC_CRYPT + err = 0; /* Reset error */ +#endif + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) + break; + } + #endif + ret = wolfSSL_read(ssl, buff, sizeof(buff)-1); + err = wolfSSL_get_error(ssl, 0); + } while (err == WC_PENDING_E); + if (ret < 0) { + fprintf(stderr, "wolfSSL_read error %d: %s\n", + err, wolfSSL_ERR_error_string(err, errBuff)); + goto exit; + } + + /* Print to stdout any data the server sends */ + printf("Server: %s\n", buff); + + /* Return reporting a success */ + ret = 0; + +exit: + /* Cleanup and return */ + if (sockfd != SOCKET_INVALID) + close(sockfd); /* Close the connection to the server */ + if (ssl) + wolfSSL_free(ssl); /* Free the wolfSSL object */ + if (ctx) + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + + (void)argc; + (void)argv; + + return ret; +} + +#ifndef NO_MAIN_DRIVER +int main(int argc, char** argv) +{ + return client_async_test(argc, argv); +} +#endif /* !NO_MAIN_DRIVER */ diff --git a/examples/async/async_server.c b/examples/async/async_server.c new file mode 100644 index 000000000..6efc5f438 --- /dev/null +++ b/examples/async/async_server.c @@ -0,0 +1,350 @@ +/* async_server.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* TLS server demonstrating asynchronous cryptography features and optionally + * using the crypto or PK callbacks */ + +/* std */ +#include +#include +#include + +/* socket */ +#include +#include +#include +#include + +#define HAVE_SIGNAL +#ifdef HAVE_SIGNAL +#include /* for catching ctrl+c */ +#endif + +/* wolfSSL */ +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include +#include +#include +#include "examples/async/async_tls.h" + +/* Test certificates and keys for RSA and ECC */ +#ifndef NO_RSA + #define CERT_FILE "./certs/server-cert.pem" + #define KEY_FILE "./certs/server-key.pem" + #define CA_FILE "./certs/client-cert.pem" +#elif defined(HAVE_ECC) + #define CERT_FILE "./certs/server-ecc.pem" + #define KEY_FILE "./certs/ecc-key.pem" + #define CA_FILE "./certs/client-ecc-cert.pem" +#else + #error No authentication algorithm (ECC/RSA) +#endif + +static int mSockfd = SOCKET_INVALID; +static int mConnd = SOCKET_INVALID; +static int mShutdown = 0; + +#ifdef HAVE_SIGNAL +static void sig_handler(const int sig) +{ + fprintf(stderr, "SIGINT handled = %d.\n", sig); + + mShutdown = 1; + if (mConnd != SOCKET_INVALID) { + close(mConnd); /* Close the connection to the client */ + mConnd = SOCKET_INVALID; + } + if (mSockfd != SOCKET_INVALID) { + close(mSockfd); /* Close the socket listening for clients */ + mSockfd = SOCKET_INVALID; + } +} +#endif + +int server_async_test(int argc, char** argv) +{ + int ret = 0; + struct sockaddr_in servAddr; + struct sockaddr_in clientAddr; + socklen_t size = sizeof(clientAddr); + char buff[TEST_BUF_SZ]; + size_t len; + const char* reply = "I hear ya fa shizzle!\n"; + int on; + int devId = 1; /* anything besides -2 (INVALID_DEVID) */ +#ifdef WOLF_CRYPTO_CB + AsyncTlsCryptoCbCtx myCtx; +#endif + int err; + char errBuff[WOLFSSL_MAX_ERROR_SZ]; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + +#ifdef HAVE_SIGNAL + signal(SIGINT, sig_handler); +#endif + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ + + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((mSockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + goto exit; + } + + /* make sure server is setup for reuse addr/port */ + on = 1; + setsockopt(mSockfd, SOL_SOCKET, SO_REUSEADDR, + (char*)&on, (socklen_t)sizeof(on)); +#ifdef SO_REUSEPORT + setsockopt(mSockfd, SOL_SOCKET, SO_REUSEPORT, + (char*)&on, (socklen_t)sizeof(on)); +#endif + + /* Bind the server socket to our port */ + if (bind(mSockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) { + fprintf(stderr, "ERROR: failed to bind\n"); + goto exit; + } + + /* Listen for a new connection, allow 5 pending connections */ + if (listen(mSockfd, 5) == -1) { + fprintf(stderr, "ERROR: failed to listen\n"); + goto exit; + } + + /*---------------------------------*/ + /* Start of wolfSSL initialization and configuration */ + /*---------------------------------*/ +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); +#endif + + /* Initialize wolfSSL */ + if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: Failed to initialize the library\n"); + goto exit; + } + + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + ret = -1; + goto exit; + } + +#ifdef WOLF_CRYPTO_CB + XMEMSET(&myCtx, 0, sizeof(myCtx)); + /* register a devID for crypto callbacks */ + ret = wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &myCtx); + if (ret != 0) { + fprintf(stderr, "wc_CryptoCb_RegisterDevice: error %d", ret); + goto exit; + } +#endif + + /* register a devID for crypto callbacks */ + wolfSSL_CTX_SetDevId(ctx, devId); + + /* Require mutual authentication */ + wolfSSL_CTX_set_verify(ctx, + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + + /* Load server certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, + WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); + goto exit; + } + + /* Load server key into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, + WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + KEY_FILE); + goto exit; + } + + /* Load client certificate as "trusted" into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CA_FILE); + goto exit; + } + + /* Continue to accept clients until mShutdown is issued */ + while (!mShutdown) { + printf("Waiting for a connection...\n"); + + /* Accept client connections */ + if ((mConnd = accept(mSockfd, (struct sockaddr*)&clientAddr, &size)) + == -1) { + fprintf(stderr, "ERROR: failed to accept the connection\n\n"); + ret = -1; goto exit; + } + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + ret = -1; goto exit; + } + + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, mConnd); + + /* Establish TLS connection */ + #ifdef WOLFSSL_ASYNC_CRYPT + err = 0; /* Reset error */ + #endif + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) + break; + } + #endif + ret = wolfSSL_accept(ssl); + err = wolfSSL_get_error(ssl, 0); + } while (err == WC_PENDING_E); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_accept error %d: %s\n", + err, wolfSSL_ERR_error_string(err, errBuff)); + goto exit; + } + + + printf("Client connected successfully\n"); + + /* Read the client data into our buff array */ + memset(buff, 0, sizeof(buff)); + #ifdef WOLFSSL_ASYNC_CRYPT + err = 0; /* Reset error */ + #endif + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) + break; + } + #endif + ret = wolfSSL_read(ssl, buff, sizeof(buff)-1); + err = wolfSSL_get_error(ssl, 0); + } while (err == WC_PENDING_E); + if (ret < 0) { + fprintf(stderr, "wolfSSL_read error %d: %s\n", + err, wolfSSL_ERR_error_string(err, errBuff)); + goto exit; + } + + /* Print to stdout any data the client sends */ + printf("Client: %s\n", buff); + + /* Check for server shutdown command */ + if (strncmp(buff, "shutdown", 8) == 0) { + printf("Shutdown command issued!\n"); + mShutdown = 1; + } + + /* Write our reply into buff */ + memset(buff, 0, sizeof(buff)); + memcpy(buff, reply, strlen(reply)); + len = strnlen(buff, sizeof(buff)); + + /* Reply back to the client */ + #ifdef WOLFSSL_ASYNC_CRYPT + err = 0; /* Reset error */ + #endif + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_PENDING_E) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) + break; + } + #endif + ret = wolfSSL_write(ssl, buff, (int)len); + err = wolfSSL_get_error(ssl, 0); + } while (err == WC_PENDING_E); + if (ret != (int)len) { + fprintf(stderr, "wolfSSL_write error %d: %s\n", + err, wolfSSL_ERR_error_string(err, errBuff)); + goto exit; + } + + /* Cleanup after this connection */ + wolfSSL_shutdown(ssl); + if (ssl) { + wolfSSL_free(ssl); /* Free the wolfSSL object */ + ssl = NULL; + } + if (mConnd != SOCKET_INVALID) { + close(mConnd); /* Close the connection to the client */ + mConnd = SOCKET_INVALID; + } + } + + printf("Shutdown complete\n"); + +exit: + /* Cleanup and return */ + if (ssl) + wolfSSL_free(ssl); /* Free the wolfSSL object */ + if (mConnd != SOCKET_INVALID) { + close(mConnd); /* Close the connection to the client */ + mConnd = SOCKET_INVALID; + } + if (mSockfd != SOCKET_INVALID) { + close(mSockfd); /* Close the socket listening for clients */ + mSockfd = SOCKET_INVALID; + } + if (ctx) + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + + (void)argc; + (void)argv; + + return ret; +} + +#ifndef NO_MAIN_DRIVER +int main(int argc, char** argv) +{ + return server_async_test(argc, argv); +} +#endif /* !NO_MAIN_DRIVER */ diff --git a/examples/async/async_tls.c b/examples/async/async_tls.c new file mode 100644 index 000000000..1d4f68d53 --- /dev/null +++ b/examples/async/async_tls.c @@ -0,0 +1,158 @@ +/* async-tls.c + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef WOLFSSL_USER_SETTINGS +#include +#endif +#include +#include +#include +#include "examples/async/async_tls.h" + +/* ---------------------------------------------------------------------------*/ +/* --- Example Crypto Callback --- */ +/* ---------------------------------------------------------------------------*/ +#ifdef WOLF_CRYPTO_CB + +/* Example custom context for crypto callback */ +#ifndef TEST_PEND_COUNT +#define TEST_PEND_COUNT 2 +#endif + +/* Example crypto dev callback function that calls software version */ +/* This is where you would plug-in calls to your own hardware crypto */ +int AsyncTlsCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = CRYPTOCB_UNAVAILABLE; /* return this to bypass HW and use SW */ + AsyncTlsCryptoCbCtx* myCtx = (AsyncTlsCryptoCbCtx*)ctx; + + if (info == NULL) + return BAD_FUNC_ARG; + +#ifdef DEBUG_CRYPTOCB + wc_CryptoCb_InfoString(info); +#endif + + if (info->algo_type == WC_ALGO_TYPE_PK) { +#ifdef WOLFSSL_ASYNC_CRYPT + /* Test pending response */ + if (info->pk.type == WC_PK_TYPE_RSA || + info->pk.type == WC_PK_TYPE_EC_KEYGEN || + info->pk.type == WC_PK_TYPE_ECDSA_SIGN || + info->pk.type == WC_PK_TYPE_ECDSA_VERIFY || + info->pk.type == WC_PK_TYPE_ECDH) + { + if (myCtx->pendingCount++ < TEST_PEND_COUNT) return WC_PENDING_E; + myCtx->pendingCount = 0; + } +#endif + + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + /* set devId to invalid, so software is used */ + info->pk.rsa.key->devId = INVALID_DEVID; + + switch (info->pk.rsa.type) { + case RSA_PUBLIC_ENCRYPT: + case RSA_PUBLIC_DECRYPT: + /* perform software based RSA public op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + case RSA_PRIVATE_ENCRYPT: + case RSA_PRIVATE_DECRYPT: + /* perform software based RSA private op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + } + + /* reset devId */ + info->pk.rsa.key->devId = devIdArg; + } + #endif + #ifdef HAVE_ECC + if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { + /* set devId to invalid, so software is used */ + info->pk.eckg.key->devId = INVALID_DEVID; + + ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, + info->pk.eckg.key, info->pk.eckg.curveId); + + /* reset devId */ + info->pk.eckg.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.eccsign.key->devId = INVALID_DEVID; + + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); + + /* reset devId */ + info->pk.eccsign.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.eccverify.key->devId = INVALID_DEVID; + + ret = wc_ecc_verify_hash( + info->pk.eccverify.sig, info->pk.eccverify.siglen, + info->pk.eccverify.hash, info->pk.eccverify.hashlen, + info->pk.eccverify.res, info->pk.eccverify.key); + + /* reset devId */ + info->pk.eccverify.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDH) { + /* set devId to invalid, so software is used */ + info->pk.ecdh.private_key->devId = INVALID_DEVID; + + ret = wc_ecc_shared_secret( + info->pk.ecdh.private_key, info->pk.ecdh.public_key, + info->pk.ecdh.out, info->pk.ecdh.outlen); + + /* reset devId */ + info->pk.ecdh.private_key->devId = devIdArg; + } + #endif /* HAVE_ECC */ + } + + (void)devIdArg; + (void)myCtx; + + return ret; +} +#endif /* WOLF_CRYPTO_CB */ + +/* ---------------------------------------------------------------------------*/ +/* --- Example PK (Public Key) Callback --- */ +/* ---------------------------------------------------------------------------*/ +#ifdef HAVE_PK_CALLBACKS + +#endif + diff --git a/examples/async/async_tls.h b/examples/async/async_tls.h new file mode 100644 index 000000000..d5403e24f --- /dev/null +++ b/examples/async/async_tls.h @@ -0,0 +1,42 @@ +/* async-tls.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_ASYNC_TLS_EXAMPLES_H +#define WOLFSSL_ASYNC_TLS_EXAMPLES_H + +#define DEFAULT_PORT 11111 +#define TEST_BUF_SZ 256 + +#ifdef WOLF_CRYPTO_CB +/* Example custom context for crypto callback */ +typedef struct { + int pendingCount; /* track pending tries test count */ +} AsyncTlsCryptoCbCtx; +int AsyncTlsCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx); +#endif /* WOLF_CRYPTO_CB */ + + +int client_async_test(int argc, char** argv); +int server_async_test(int argc, char** argv); + + +#endif /* WOLFSSL_ASYNC_TLS_EXAMPLES_H */ diff --git a/examples/async/include.am b/examples/async/include.am new file mode 100644 index 000000000..b8a611750 --- /dev/null +++ b/examples/async/include.am @@ -0,0 +1,24 @@ +# vim:ft=automake +# All paths should be given relative to the root + +if BUILD_ASYNCCRYPT +noinst_HEADERS += examples/async/async_tls.h + +noinst_PROGRAMS += examples/async/async_client +examples_async_async_client_SOURCES = examples/async/async_client.c examples/async/async_tls.c +examples_async_async_client_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) +examples_async_async_client_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la +examples_async_async_client_CFLAGS = $(AM_CFLAGS) + +noinst_PROGRAMS += examples/async/async_server +examples_async_async_server_SOURCES = examples/async/async_server.c examples/async/async_tls.c +examples_async_async_server_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) +examples_async_async_server_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la +examples_async_async_server_CFLAGS = $(AM_CFLAGS) +endif + +dist_example_DATA+= examples/async/async_server.c +dist_example_DATA+= examples/async/async_client.c +DISTCLEANFILES+= examples/async/.libs/async_server +DISTCLEANFILES+= examples/async/.libs/async_client +EXTRA_DIST += examples/async/README.md diff --git a/examples/include.am b/examples/include.am index 1ff74a0a3..4b7ad2f87 100644 --- a/examples/include.am +++ b/examples/include.am @@ -1,6 +1,7 @@ # vim:ft=automake # All paths should be given relative to the root +include examples/async/include.am include examples/benchmark/include.am include examples/client/include.am include examples/echoclient/include.am From f5ef7b40dbb544ccbf5664991aeb11ce2f94d169 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 11 Sep 2023 12:11:36 -0400 Subject: [PATCH 04/10] Add in ASYNC_CRYPTO_SW checks --- configure.ac | 63 +++++++++++++++++++----------------- wolfcrypt/src/aes.c | 8 ++--- wolfcrypt/src/des3.c | 4 +-- wolfcrypt/src/dh.c | 4 +-- wolfcrypt/src/ecc.c | 2 +- wolfcrypt/src/rsa.c | 37 +++++++++++++++------ wolfssl/wolfcrypt/settings.h | 1 + 7 files changed, 70 insertions(+), 49 deletions(-) diff --git a/configure.ac b/configure.ac index a46ac7747..cb115484a 100644 --- a/configure.ac +++ b/configure.ac @@ -6988,7 +6988,7 @@ AC_ARG_WITH([cavium-v], ENABLED_CAVIUM_V=yes ], [ - ENABLED_CAVIUM_=no + ENABLED_CAVIUM=no ENABLED_CAVIUM_V=no ] ) @@ -7762,6 +7762,30 @@ then AC_MSG_ERROR([please use --with-libz if enabling mcapi.]) fi + +# cryptodev is old name, replaced with cryptocb +AC_ARG_ENABLE([cryptodev], + [AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])], + [ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ]) + +# Support for crypto callbacks +AC_ARG_ENABLE([cryptocb], + [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])], + [ ENABLED_CRYPTOCB=$enableval ], + [ ENABLED_CRYPTOCB=no ] + ) + +if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no" +then + ENABLED_CRYPTOCB=yes +fi +if test "$ENABLED_CRYPTOCB" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB" +fi + + + # Asynchronous Crypto AC_ARG_ENABLE([asynccrypt], [AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])], @@ -7784,6 +7808,7 @@ fi if test "$ENABLED_ASYNCCRYPT" = "yes" then + AC_MSG_NOTICE([Enabling asynchronous support]) if ! test -f ${srcdir}/wolfcrypt/src/async.c || ! test -f ${srcdir}/wolfssl/wolfcrypt/async.h then AC_MSG_ERROR([--enable-asynccrypt requested, but WOLFSSL_ASYNC_CRYPT source files are missing.]) @@ -7793,15 +7818,14 @@ then # If no async backend (hardware or software) has been explicitly enabled, # use the software backend for testing. - if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno" && - test "x$ENABLED_ASYNCCRYPT_SW" = "xno" + if test "x$ENABLED_CAVIUM" != "xyes" && test "x$ENABLED_INTEL_QA" != "xyes" && test "x$ENABLED_CRYPTOCB" != "xyes" && test "x$ENABLED_PKCALLBACKS" != "xyes" && test "x$ENABLED_ASYNCCRYPT_SW" != "xyes" then - # Async threading is Linux specific + AC_MSG_NOTICE([Enabling asynchronous software simulator]) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_SW" + ENABLED_ASYNCCRYPT_SW=yes fi fi - # check for async if using Intel QuckAssist or Cavium if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then @@ -7809,8 +7833,7 @@ if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then fi fi - -# Asynchronous threading +# Asynchronous threading (Linux specific) AC_ARG_ENABLE([asyncthreads], [AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])], [ ENABLED_ASYNCTHREADS=$enableval ], @@ -7833,28 +7856,6 @@ else fi -# cryptodev is old name, replaced with cryptocb -AC_ARG_ENABLE([cryptodev], - [AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])], - [ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ]) - -# Support for crypto callbacks -AC_ARG_ENABLE([cryptocb], - [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])], - [ ENABLED_CRYPTOCB=$enableval ], - [ ENABLED_CRYPTOCB=no ] - ) - -if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no" -then - ENABLED_CRYPTOCB=yes -fi -if test "$ENABLED_CRYPTOCB" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB" -fi - - # Session Export AC_ARG_ENABLE([sessionexport], [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])], @@ -9473,7 +9474,8 @@ echo " * Stack sizes in tests: $ENABLED_STACKSIZE" echo " * Heap stats in tests: $ENABLED_TRACKMEMORY" echo " * User Crypto: $ENABLED_USER_CRYPTO" echo " * Fast RSA: $ENABLED_FAST_RSA" -echo " * Async Crypto: $ENABLED_ASYNCCRYPT" +echo " * Asynchronous Crypto: $ENABLED_ASYNCCRYPT" +echo " * Asynchronous Crypto (sim): $ENABLED_ASYNCCRYPT_SW" echo " * PKCS#8: $ENABLED_PKCS8" echo " * PKCS#11: $ENABLED_PKCS11" echo " * PKCS#12: $ENABLED_PKCS12" @@ -9494,6 +9496,7 @@ echo " * Inline Code: $ENABLED_INLINE" echo " * Linux AF_ALG: $ENABLED_AFALG" echo " * Linux KCAPI: $ENABLED_KCAPI" echo " * Linux devcrypto: $ENABLED_DEVCRYPTO" +echo " * PK callbacks: $ENABLED_PKCALLBACKS" echo " * Crypto callbacks: $ENABLED_CRYPTOCB" echo " * i.MX CAAM: $ENABLED_CAAM" echo " * IoT-Safe: $ENABLED_IOTSAFE" diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 8a46dd1fc..afc6a4d4e 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4037,7 +4037,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return IntelQaSymAesCbcEncrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, (byte*)aes->reg, AES_BLOCK_SIZE); - #else /* WOLFSSL_ASYNC_CRYPT_SW */ + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_ENCRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; sw->aes.aes = aes; @@ -4173,7 +4173,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return IntelQaSymAesCbcDecrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, (byte*)aes->reg, AES_BLOCK_SIZE); - #else /* WOLFSSL_ASYNC_CRYPT_SW */ + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_DECRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; sw->aes.aes = aes; @@ -6715,7 +6715,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, return IntelQaSymAesGcmEncrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, iv, ivSz, authTag, authTagSz, authIn, authInSz); - #else /* WOLFSSL_ASYNC_CRYPT_SW */ + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_GCM_ENCRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; sw->aes.aes = aes; @@ -7275,7 +7275,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return IntelQaSymAesGcmDecrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, iv, ivSz, authTag, authTagSz, authIn, authInSz); - #else /* WOLFSSL_ASYNC_CRYPT_SW */ + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_GCM_DECRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; sw->aes.aes = aes; diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 741cfce65..650c33a36 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -1616,7 +1616,7 @@ #elif defined(HAVE_INTEL_QA) return IntelQaSymDes3CbcEncrypt(&des->asyncDev, out, in, sz, (const byte*)des->devKey, DES3_KEYLEN, (byte*)des->reg, DES3_IVLEN); - #else /* WOLFSSL_ASYNC_CRYPT_SW */ + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&des->asyncDev, ASYNC_SW_DES3_CBC_ENCRYPT)) { WC_ASYNC_SW* sw = &des->asyncDev.sw; sw->des.des = des; @@ -1667,7 +1667,7 @@ #elif defined(HAVE_INTEL_QA) return IntelQaSymDes3CbcDecrypt(&des->asyncDev, out, in, sz, (const byte*)des->devKey, DES3_KEYLEN, (byte*)des->reg, DES3_IVLEN); - #else /* WOLFSSL_ASYNC_CRYPT_SW */ + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&des->asyncDev, ASYNC_SW_DES3_CBC_DECRYPT)) { WC_ASYNC_SW* sw = &des->asyncDev.sw; sw->des.des = des; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 086fc048d..e638a51ce 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1433,7 +1433,7 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng, #elif defined(HAVE_CAVIUM) /* TODO: Not implemented - use software for now */ -#else /* WOLFSSL_ASYNC_CRYPT_SW */ +#elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_DH_GEN)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; sw->dhGen.key = key; @@ -2207,7 +2207,7 @@ static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz, #elif defined(HAVE_CAVIUM) /* TODO: Not implemented - use software for now */ -#else /* WOLFSSL_ASYNC_CRYPT_SW */ +#elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_DH_AGREE)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; sw->dhAgree.key = key; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index eaff8ae8c..59ff57aa6 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -5495,7 +5495,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, /* TODO: Not implemented */ #elif defined(HAVE_INTEL_QA) /* Implemented in ecc_make_pub_ex for the pub calc */ - #else + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_MAKE)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; sw->eccMake.rng = rng; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index e65228689..bc9fa7531 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2745,7 +2745,10 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, #endif /* WOLF_CRYPTO_CB_ONLY_RSA */ #endif -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ + (defined(HAVE_CAVIUM) || defined(HAVE_INTEL_QA) || \ + defined(WOLFSSL_ASYNC_CRYPT_SW)) +#define WC_ENABLE_ASYNC_RSA_INTERNAL /* internal marker */ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng) { @@ -2767,7 +2770,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, } #endif /* WOLFSSL_ASYNC_CRYPT_SW */ - switch(type) { + switch (type) { #ifndef WOLFSSL_RSA_PUBLIC_ONLY case RSA_PRIVATE_DECRYPT: case RSA_PRIVATE_ENCRYPT: @@ -2789,7 +2792,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, &key->u.raw, out, outLen); #endif - #else /* WOLFSSL_ASYNC_CRYPT_SW */ + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng); #endif break; @@ -2807,7 +2810,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, ret = IntelQaRsaPublic(&key->asyncDev, in, inLen, &key->e.raw, &key->n.raw, out, outLen); - #else /* WOLFSSL_ASYNC_CRYPT_SW */ + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng); #endif break; @@ -2884,7 +2887,11 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, key->dataLen = *outSz; ret = wc_RsaFunction(in, inLen, out, &key->dataLen, type, key, rng); - if (ret >= 0 || ret == WC_PENDING_E) { + if (ret >= 0 + #ifdef WC_ENABLE_ASYNC_RSA_INTERNAL + || ret == WC_PENDING_E + #endif + ) { key->state = (type == RSA_PRIVATE_ENCRYPT || type == RSA_PUBLIC_ENCRYPT) ? RSA_STATE_ENCRYPT_RES: RSA_STATE_DECRYPT_RES; @@ -3112,7 +3119,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !TEST_UNPAD_CONSTANT_TIME && \ * !NO_RSA_BOUNDS_CHECK */ -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) +#ifdef WC_ENABLE_ASYNC_RSA_INTERNAL if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && key->n.raw.len > 0) { ret = wc_RsaFunctionAsync(in, inLen, out, outLen, type, key, rng); @@ -3299,7 +3306,11 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, ret = wc_RsaFunction(out, (word32)sz, out, &key->dataLen, rsa_type, key, rng); - if (ret >= 0 || ret == WC_PENDING_E) { + if (ret >= 0 + #ifdef WC_ENABLE_ASYNC_RSA_INTERNAL + || ret == WC_PENDING_E + #endif + ) { key->state = RSA_STATE_ENCRYPT_RES; } if (ret < 0) { @@ -3480,7 +3491,11 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, rng, pad_type != WC_RSA_OAEP_PAD); #endif - if (ret >= 0 || ret == WC_PENDING_E) { + if (ret >= 0 + #ifdef WC_ENABLE_ASYNC_RSA_INTERNAL + || ret == WC_PENDING_E + #endif + ) { key->state = RSA_STATE_DECRYPT_UNPAD; } if (ret < 0) { @@ -4726,7 +4741,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #endif #ifndef WOLF_CRYPTO_CB_ONLY_RSA -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ +#if defined(WC_ENABLE_ASYNC_RSA_INTERNAL) && \ defined(WC_ASYNC_ENABLE_RSA_KEYGEN) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) { #ifdef HAVE_CAVIUM @@ -4734,7 +4749,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #elif defined(HAVE_INTEL_QA) err = IntelQaRsaKeyGen(&key->asyncDev, key, size, e, rng); goto out; - #else + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_RSA_MAKE)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; sw->rsaMake.rng = rng; @@ -4744,6 +4759,8 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) err = WC_PENDING_E; goto out; } + #else + #error "Not implemented" #endif } #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 7e44d312c..0f9bb0104 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2473,6 +2473,7 @@ extern void uITRON4_free(void *p) ; /* Asynchronous Crypto */ #ifdef WOLFSSL_ASYNC_CRYPT #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \ + !defined(WOLF_CRYPTO_CB) && !defined(HAVE_PK_CALLBACKS) && \ !defined(WOLFSSL_ASYNC_CRYPT_SW) #error No async backend defined with WOLFSSL_ASYNC_CRYPT! #endif From b34348680aa177b80382c81231f7d4cd620f4906 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 11 Sep 2023 14:33:19 -0400 Subject: [PATCH 05/10] New format --- .github/workflows/async.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml index 949e87dfd..84eb4c588 100644 --- a/.github/workflows/async.yml +++ b/.github/workflows/async.yml @@ -23,7 +23,7 @@ jobs: - name: Test wolfSSL async run: | - ./async-check.sh setup + ./async-check.sh install ./configure ${{ matrix.config }} make check From 07e2f90fbbfeaeb9f3b4d09f657d56c383de67cd Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 11 Sep 2023 14:48:17 -0400 Subject: [PATCH 06/10] Reorder and add async_* sources --- rpm/spec.in | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rpm/spec.in b/rpm/spec.in index 163a4e4bd..01a4b5833 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -67,10 +67,12 @@ mkdir -p $RPM_BUILD_ROOT/ %defattr(-,root,root,-) %doc AUTHORS ChangeLog.md COPYING README README.md %{_docdir}/wolfssl/taoCert.txt -%{_docdir}/wolfssl/example/echoserver.c +%{_docdir}/wolfssl/example/async_client.c +%{_docdir}/wolfssl/example/async_server.c +%{_docdir}/wolfssl/example/client.c %{_docdir}/wolfssl/example/server.c %{_docdir}/wolfssl/example/echoclient.c -%{_docdir}/wolfssl/example/client.c +%{_docdir}/wolfssl/example/echoserver.c %{_docdir}/wolfssl/example/sctp-client.c %{_docdir}/wolfssl/example/sctp-server.c %{_docdir}/wolfssl/example/sctp-client-dtls.c From 6cb1aef836c027323f8bd13ad11759ed8aea4eea Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 11 Sep 2023 14:54:42 -0400 Subject: [PATCH 07/10] Clean up old comments --- async-check.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/async-check.sh b/async-check.sh index d3fbee83c..28599c471 100755 --- a/async-check.sh +++ b/async-check.sh @@ -1,17 +1,7 @@ #!/bin/bash -# async-check.sh - # This script creates symbolic links to the required asynchronous # file for using the asynchronous simulator and make check -# -# $ ./async-check [keep|clean|setup] -# -# - keep: (default off) ./async and links kept around for inspection -# - clean: (default off) only cleanup existing ./async and links -# - setup: (default off) only setup ./async and links but don't run config -# or make -# # Fail on any error in script set -e From 42985ebdfab2518bec6a11b2ac27d0676fbd3c77 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 11 Sep 2023 12:11:36 -0400 Subject: [PATCH 08/10] Revert "Add in ASYNC_CRYPTO_SW checks" This reverts commit f5ef7b40dbb544ccbf5664991aeb11ce2f94d169. --- configure.ac | 63 +++++++++++++++++------------------- wolfcrypt/src/aes.c | 8 ++--- wolfcrypt/src/des3.c | 4 +-- wolfcrypt/src/dh.c | 4 +-- wolfcrypt/src/ecc.c | 2 +- wolfcrypt/src/rsa.c | 37 ++++++--------------- wolfssl/wolfcrypt/settings.h | 1 - 7 files changed, 49 insertions(+), 70 deletions(-) diff --git a/configure.ac b/configure.ac index cb115484a..a46ac7747 100644 --- a/configure.ac +++ b/configure.ac @@ -6988,7 +6988,7 @@ AC_ARG_WITH([cavium-v], ENABLED_CAVIUM_V=yes ], [ - ENABLED_CAVIUM=no + ENABLED_CAVIUM_=no ENABLED_CAVIUM_V=no ] ) @@ -7762,30 +7762,6 @@ then AC_MSG_ERROR([please use --with-libz if enabling mcapi.]) fi - -# cryptodev is old name, replaced with cryptocb -AC_ARG_ENABLE([cryptodev], - [AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])], - [ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ]) - -# Support for crypto callbacks -AC_ARG_ENABLE([cryptocb], - [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])], - [ ENABLED_CRYPTOCB=$enableval ], - [ ENABLED_CRYPTOCB=no ] - ) - -if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no" -then - ENABLED_CRYPTOCB=yes -fi -if test "$ENABLED_CRYPTOCB" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB" -fi - - - # Asynchronous Crypto AC_ARG_ENABLE([asynccrypt], [AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])], @@ -7808,7 +7784,6 @@ fi if test "$ENABLED_ASYNCCRYPT" = "yes" then - AC_MSG_NOTICE([Enabling asynchronous support]) if ! test -f ${srcdir}/wolfcrypt/src/async.c || ! test -f ${srcdir}/wolfssl/wolfcrypt/async.h then AC_MSG_ERROR([--enable-asynccrypt requested, but WOLFSSL_ASYNC_CRYPT source files are missing.]) @@ -7818,14 +7793,15 @@ then # If no async backend (hardware or software) has been explicitly enabled, # use the software backend for testing. - if test "x$ENABLED_CAVIUM" != "xyes" && test "x$ENABLED_INTEL_QA" != "xyes" && test "x$ENABLED_CRYPTOCB" != "xyes" && test "x$ENABLED_PKCALLBACKS" != "xyes" && test "x$ENABLED_ASYNCCRYPT_SW" != "xyes" + if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno" && + test "x$ENABLED_ASYNCCRYPT_SW" = "xno" then - AC_MSG_NOTICE([Enabling asynchronous software simulator]) + # Async threading is Linux specific AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_SW" - ENABLED_ASYNCCRYPT_SW=yes fi fi + # check for async if using Intel QuckAssist or Cavium if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then @@ -7833,7 +7809,8 @@ if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then fi fi -# Asynchronous threading (Linux specific) + +# Asynchronous threading AC_ARG_ENABLE([asyncthreads], [AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])], [ ENABLED_ASYNCTHREADS=$enableval ], @@ -7856,6 +7833,28 @@ else fi +# cryptodev is old name, replaced with cryptocb +AC_ARG_ENABLE([cryptodev], + [AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])], + [ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ]) + +# Support for crypto callbacks +AC_ARG_ENABLE([cryptocb], + [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])], + [ ENABLED_CRYPTOCB=$enableval ], + [ ENABLED_CRYPTOCB=no ] + ) + +if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no" +then + ENABLED_CRYPTOCB=yes +fi +if test "$ENABLED_CRYPTOCB" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB" +fi + + # Session Export AC_ARG_ENABLE([sessionexport], [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])], @@ -9474,8 +9473,7 @@ echo " * Stack sizes in tests: $ENABLED_STACKSIZE" echo " * Heap stats in tests: $ENABLED_TRACKMEMORY" echo " * User Crypto: $ENABLED_USER_CRYPTO" echo " * Fast RSA: $ENABLED_FAST_RSA" -echo " * Asynchronous Crypto: $ENABLED_ASYNCCRYPT" -echo " * Asynchronous Crypto (sim): $ENABLED_ASYNCCRYPT_SW" +echo " * Async Crypto: $ENABLED_ASYNCCRYPT" echo " * PKCS#8: $ENABLED_PKCS8" echo " * PKCS#11: $ENABLED_PKCS11" echo " * PKCS#12: $ENABLED_PKCS12" @@ -9496,7 +9494,6 @@ echo " * Inline Code: $ENABLED_INLINE" echo " * Linux AF_ALG: $ENABLED_AFALG" echo " * Linux KCAPI: $ENABLED_KCAPI" echo " * Linux devcrypto: $ENABLED_DEVCRYPTO" -echo " * PK callbacks: $ENABLED_PKCALLBACKS" echo " * Crypto callbacks: $ENABLED_CRYPTOCB" echo " * i.MX CAAM: $ENABLED_CAAM" echo " * IoT-Safe: $ENABLED_IOTSAFE" diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index afc6a4d4e..8a46dd1fc 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4037,7 +4037,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return IntelQaSymAesCbcEncrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, (byte*)aes->reg, AES_BLOCK_SIZE); - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else /* WOLFSSL_ASYNC_CRYPT_SW */ if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_ENCRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; sw->aes.aes = aes; @@ -4173,7 +4173,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return IntelQaSymAesCbcDecrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, (byte*)aes->reg, AES_BLOCK_SIZE); - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else /* WOLFSSL_ASYNC_CRYPT_SW */ if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_DECRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; sw->aes.aes = aes; @@ -6715,7 +6715,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, return IntelQaSymAesGcmEncrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, iv, ivSz, authTag, authTagSz, authIn, authInSz); - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else /* WOLFSSL_ASYNC_CRYPT_SW */ if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_GCM_ENCRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; sw->aes.aes = aes; @@ -7275,7 +7275,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, return IntelQaSymAesGcmDecrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, iv, ivSz, authTag, authTagSz, authIn, authInSz); - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else /* WOLFSSL_ASYNC_CRYPT_SW */ if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_GCM_DECRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; sw->aes.aes = aes; diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 650c33a36..741cfce65 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -1616,7 +1616,7 @@ #elif defined(HAVE_INTEL_QA) return IntelQaSymDes3CbcEncrypt(&des->asyncDev, out, in, sz, (const byte*)des->devKey, DES3_KEYLEN, (byte*)des->reg, DES3_IVLEN); - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else /* WOLFSSL_ASYNC_CRYPT_SW */ if (wc_AsyncSwInit(&des->asyncDev, ASYNC_SW_DES3_CBC_ENCRYPT)) { WC_ASYNC_SW* sw = &des->asyncDev.sw; sw->des.des = des; @@ -1667,7 +1667,7 @@ #elif defined(HAVE_INTEL_QA) return IntelQaSymDes3CbcDecrypt(&des->asyncDev, out, in, sz, (const byte*)des->devKey, DES3_KEYLEN, (byte*)des->reg, DES3_IVLEN); - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else /* WOLFSSL_ASYNC_CRYPT_SW */ if (wc_AsyncSwInit(&des->asyncDev, ASYNC_SW_DES3_CBC_DECRYPT)) { WC_ASYNC_SW* sw = &des->asyncDev.sw; sw->des.des = des; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index e638a51ce..086fc048d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1433,7 +1433,7 @@ static int wc_DhGenerateKeyPair_Async(DhKey* key, WC_RNG* rng, #elif defined(HAVE_CAVIUM) /* TODO: Not implemented - use software for now */ -#elif defined(WOLFSSL_ASYNC_CRYPT_SW) +#else /* WOLFSSL_ASYNC_CRYPT_SW */ if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_DH_GEN)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; sw->dhGen.key = key; @@ -2207,7 +2207,7 @@ static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz, #elif defined(HAVE_CAVIUM) /* TODO: Not implemented - use software for now */ -#elif defined(WOLFSSL_ASYNC_CRYPT_SW) +#else /* WOLFSSL_ASYNC_CRYPT_SW */ if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_DH_AGREE)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; sw->dhAgree.key = key; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 59ff57aa6..eaff8ae8c 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -5495,7 +5495,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, /* TODO: Not implemented */ #elif defined(HAVE_INTEL_QA) /* Implemented in ecc_make_pub_ex for the pub calc */ - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_MAKE)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; sw->eccMake.rng = rng; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index bc9fa7531..e65228689 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2745,10 +2745,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, #endif /* WOLF_CRYPTO_CB_ONLY_RSA */ #endif -#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ - (defined(HAVE_CAVIUM) || defined(HAVE_INTEL_QA) || \ - defined(WOLFSSL_ASYNC_CRYPT_SW)) -#define WC_ENABLE_ASYNC_RSA_INTERNAL /* internal marker */ +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng) { @@ -2770,7 +2767,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, } #endif /* WOLFSSL_ASYNC_CRYPT_SW */ - switch (type) { + switch(type) { #ifndef WOLFSSL_RSA_PUBLIC_ONLY case RSA_PRIVATE_DECRYPT: case RSA_PRIVATE_ENCRYPT: @@ -2792,7 +2789,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, &key->u.raw, out, outLen); #endif - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else /* WOLFSSL_ASYNC_CRYPT_SW */ ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng); #endif break; @@ -2810,7 +2807,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, ret = IntelQaRsaPublic(&key->asyncDev, in, inLen, &key->e.raw, &key->n.raw, out, outLen); - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else /* WOLFSSL_ASYNC_CRYPT_SW */ ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng); #endif break; @@ -2887,11 +2884,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, key->dataLen = *outSz; ret = wc_RsaFunction(in, inLen, out, &key->dataLen, type, key, rng); - if (ret >= 0 - #ifdef WC_ENABLE_ASYNC_RSA_INTERNAL - || ret == WC_PENDING_E - #endif - ) { + if (ret >= 0 || ret == WC_PENDING_E) { key->state = (type == RSA_PRIVATE_ENCRYPT || type == RSA_PUBLIC_ENCRYPT) ? RSA_STATE_ENCRYPT_RES: RSA_STATE_DECRYPT_RES; @@ -3119,7 +3112,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !TEST_UNPAD_CONSTANT_TIME && \ * !NO_RSA_BOUNDS_CHECK */ -#ifdef WC_ENABLE_ASYNC_RSA_INTERNAL +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && key->n.raw.len > 0) { ret = wc_RsaFunctionAsync(in, inLen, out, outLen, type, key, rng); @@ -3306,11 +3299,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, ret = wc_RsaFunction(out, (word32)sz, out, &key->dataLen, rsa_type, key, rng); - if (ret >= 0 - #ifdef WC_ENABLE_ASYNC_RSA_INTERNAL - || ret == WC_PENDING_E - #endif - ) { + if (ret >= 0 || ret == WC_PENDING_E) { key->state = RSA_STATE_ENCRYPT_RES; } if (ret < 0) { @@ -3491,11 +3480,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, rng, pad_type != WC_RSA_OAEP_PAD); #endif - if (ret >= 0 - #ifdef WC_ENABLE_ASYNC_RSA_INTERNAL - || ret == WC_PENDING_E - #endif - ) { + if (ret >= 0 || ret == WC_PENDING_E) { key->state = RSA_STATE_DECRYPT_UNPAD; } if (ret < 0) { @@ -4741,7 +4726,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #endif #ifndef WOLF_CRYPTO_CB_ONLY_RSA -#if defined(WC_ENABLE_ASYNC_RSA_INTERNAL) && \ +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ defined(WC_ASYNC_ENABLE_RSA_KEYGEN) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) { #ifdef HAVE_CAVIUM @@ -4749,7 +4734,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #elif defined(HAVE_INTEL_QA) err = IntelQaRsaKeyGen(&key->asyncDev, key, size, e, rng); goto out; - #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #else if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_RSA_MAKE)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; sw->rsaMake.rng = rng; @@ -4759,8 +4744,6 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) err = WC_PENDING_E; goto out; } - #else - #error "Not implemented" #endif } #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 0f9bb0104..7e44d312c 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2473,7 +2473,6 @@ extern void uITRON4_free(void *p) ; /* Asynchronous Crypto */ #ifdef WOLFSSL_ASYNC_CRYPT #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \ - !defined(WOLF_CRYPTO_CB) && !defined(HAVE_PK_CALLBACKS) && \ !defined(WOLFSSL_ASYNC_CRYPT_SW) #error No async backend defined with WOLFSSL_ASYNC_CRYPT! #endif From c7f50437741770a8968d96f109518bb58dbce402 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 11 Sep 2023 15:57:20 -0400 Subject: [PATCH 09/10] Fixes for the sanitizer --- examples/async/async_server.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/examples/async/async_server.c b/examples/async/async_server.c index 6efc5f438..12b24e78c 100644 --- a/examples/async/async_server.c +++ b/examples/async/async_server.c @@ -67,7 +67,11 @@ static int mShutdown = 0; #ifdef HAVE_SIGNAL static void sig_handler(const int sig) { +#ifdef DEBUG_WOLFSSL fprintf(stderr, "SIGINT handled = %d.\n", sig); +#else + (void)sig; +#endif mShutdown = 1; if (mConnd != SOCKET_INVALID) { @@ -101,9 +105,15 @@ int server_async_test(int argc, char** argv) /* declare wolfSSL objects */ WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; +#ifdef HAVE_SIGNAL + sighandler_t sigRet = 0; +#endif #ifdef HAVE_SIGNAL - signal(SIGINT, sig_handler); + if ((sigRet = signal(SIGINT, sig_handler)) == SIG_ERR) { + fprintf(stderr, "ERROR: failed to listen to SIGINT (errno: %d)\n",errno); + goto exit; + } #endif /* Initialize the server address struct with zeros */ @@ -125,11 +135,17 @@ int server_async_test(int argc, char** argv) /* make sure server is setup for reuse addr/port */ on = 1; - setsockopt(mSockfd, SOL_SOCKET, SO_REUSEADDR, - (char*)&on, (socklen_t)sizeof(on)); + if (setsockopt(mSockfd, SOL_SOCKET, SO_REUSEADDR, + (char*)&on, (socklen_t)sizeof(on)) != 0) { + fprintf(stderr, "ERROR: failed to set SO_REUSEADDR (errno: %d)\n",errno); + goto exit; + } #ifdef SO_REUSEPORT - setsockopt(mSockfd, SOL_SOCKET, SO_REUSEPORT, - (char*)&on, (socklen_t)sizeof(on)); + if (setsockopt(mSockfd, SOL_SOCKET, SO_REUSEPORT, + (char*)&on, (socklen_t)sizeof(on)) != 0) { + fprintf(stderr, "ERROR: failed to set SO_REUSEPORT (errno: %d)\n",errno); + goto exit; + } #endif /* Bind the server socket to our port */ From d25f4f06bfcf51fb284f574b4514c78eb7e310b9 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 11 Sep 2023 16:30:29 -0400 Subject: [PATCH 10/10] clang-tidy is being super picky --- examples/async/async_server.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/examples/async/async_server.c b/examples/async/async_server.c index 12b24e78c..41eaae86e 100644 --- a/examples/async/async_server.c +++ b/examples/async/async_server.c @@ -105,12 +105,9 @@ int server_async_test(int argc, char** argv) /* declare wolfSSL objects */ WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; -#ifdef HAVE_SIGNAL - sighandler_t sigRet = 0; -#endif #ifdef HAVE_SIGNAL - if ((sigRet = signal(SIGINT, sig_handler)) == SIG_ERR) { + if ((signal(SIGINT, sig_handler)) == SIG_ERR) { fprintf(stderr, "ERROR: failed to listen to SIGINT (errno: %d)\n",errno); goto exit; }