From 9c01172f9b3ccd1d5496be5aa1535d81031e9c4b Mon Sep 17 00:00:00 2001 From: Eric Berry Date: Fri, 20 Oct 2023 14:28:18 -0700 Subject: [PATCH] Issue 51: Remove processing thread for SecApi 3.3 --- include/sec_security_svp.h | 20 +- src/sec_adapter_cipher.c | 83 +++----- src/sec_adapter_digest.c | 9 +- src/sec_adapter_key.c | 104 +++++---- src/sec_adapter_keyexchange.c | 15 +- src/sec_adapter_mac.c | 19 +- src/sec_adapter_processor.c | 305 +-------------------------- src/sec_adapter_processor.h | 32 +-- src/sec_adapter_signature.c | 7 +- src/sec_adapter_svp.c | 220 ++----------------- test/main/cpp/cipher.cpp | 5 +- test/main/cpp/concurrent.cpp | 41 ---- test/main/cpp/concurrent.h | 2 - test/main/cpp/sec_api_utest_main.cpp | 3 - test/main/cpp/svp.cpp | 182 ---------------- test/main/cpp/svp.h | 3 - test/openssl/src/test_creds_soc.cpp | 2 +- 17 files changed, 115 insertions(+), 937 deletions(-) diff --git a/include/sec_security_svp.h b/include/sec_security_svp.h index b1af5c9..b48290a 100644 --- a/include/sec_security_svp.h +++ b/include/sec_security_svp.h @@ -28,17 +28,10 @@ extern "C" { #endif -typedef struct svp_processor_buffer_struct { - Sec_ProcessorHandle* processorHandle; - sa_svp_buffer svp_buffer; - struct svp_processor_buffer_struct* next; -} svp_processor_buffer; - struct Sec_OpaqueBufferHandle_struct { + sa_svp_buffer svp_buffer; void* svp_memory; size_t size; - svp_processor_buffer* handles; - pthread_mutex_t mutex; }; typedef struct { @@ -46,15 +39,4 @@ typedef struct { size_t offset_in_target; size_t bytes_to_copy; } SEC_CopyIndex; - -Sec_Result SecOpaqueBuffer_CopyByIndex(Sec_OpaqueBufferHandle* outOpaqueBufferHandle, - Sec_OpaqueBufferHandle* inOpaqueBufferHandle, SEC_CopyIndex* copyIndexArray, SEC_SIZE numOfIndexes); -Sec_Result SecOpaqueBuffer_Create(Sec_OpaqueBufferHandle** opaqueBufferHandle, void* svp_memory, SEC_SIZE bufLength); -sa_svp_buffer get_svp_buffer(Sec_ProcessorHandle* processorHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle); -void release_svp_buffer(Sec_ProcessorHandle* processorHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle); - -#ifdef __cplusplus -} -#endif - #endif // SEC_SECURITY_SVP_H diff --git a/src/sec_adapter_cipher.c b/src/sec_adapter_cipher.c index ad32e70..2c76424 100644 --- a/src/sec_adapter_cipher.c +++ b/src/sec_adapter_cipher.c @@ -110,8 +110,7 @@ Sec_Result SecCipher_GetInstance(Sec_ProcessorHandle* processorHandle, Sec_Ciphe sa_crypto_cipher_context context; sa_status status; - status = sa_invoke(processorHandle, SA_CRYPTO_CIPHER_INIT, &context, cipher_algorithm, cipher_mode, - key->handle, parameters); + status = sa_crypto_cipher_init(&context, cipher_algorithm, cipher_mode, key->handle, parameters); SEC_FREE(parameters); CHECK_STATUS(status) @@ -171,8 +170,7 @@ Sec_Result SecCipher_UpdateIV(Sec_CipherHandle* cipherHandle, SEC_BYTE* iv) { Sec_KeyType key_type = SecKey_GetKeyType(cipherHandle->keyHandle); sa_status status; if (key_type == SEC_KEYTYPE_AES_128 || key_type == SEC_KEYTYPE_AES_256) { - status = sa_invoke(cipherHandle->processorHandle, SA_CRYPTO_CIPHER_UPDATE_IV, cipherHandle->cipher.context, iv, - (size_t) SEC_AES_BLOCK_SIZE); + status = sa_crypto_cipher_update_iv(cipherHandle->cipher.context, iv, SEC_AES_BLOCK_SIZE); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -263,19 +261,19 @@ Sec_Result SecCipher_Process(Sec_CipherHandle* cipherHandle, SEC_BYTE* input, SE ((inputSize / SEC_AES_BLOCK_SIZE) - 1) * SEC_AES_BLOCK_SIZE : (inputSize / SEC_AES_BLOCK_SIZE) * SEC_AES_BLOCK_SIZE; size_t bytes_left = inputSize - bytes_to_process; - sa_status status = sa_invoke(cipherHandle->processorHandle, SA_CRYPTO_CIPHER_PROCESS, &out_buffer, - cipherHandle->cipher.context, &in_buffer, &bytes_to_process); + sa_status status = sa_crypto_cipher_process(&out_buffer, cipherHandle->cipher.context, &in_buffer, + &bytes_to_process); CHECK_STATUS(status) *bytesWritten += bytes_to_process; - status = sa_invoke(cipherHandle->processorHandle, SA_CRYPTO_CIPHER_PROCESS_LAST, &out_buffer, - cipherHandle->cipher.context, &in_buffer, &bytes_left, NULL); + status = sa_crypto_cipher_process_last(&out_buffer, cipherHandle->cipher.context, &in_buffer, + &bytes_left, NULL); CHECK_STATUS(status) *bytesWritten += bytes_left; } else { size_t bytes_to_process = inputSize; - sa_status status = sa_invoke(cipherHandle->processorHandle, SA_CRYPTO_CIPHER_PROCESS, &out_buffer, - cipherHandle->cipher.context, &in_buffer, &bytes_to_process); + sa_status status = sa_crypto_cipher_process(&out_buffer, cipherHandle->cipher.context, &in_buffer, + &bytes_to_process); CHECK_STATUS(status) *bytesWritten = bytes_to_process; } @@ -397,18 +395,6 @@ Sec_Result SecCipher_ProcessFragmented(Sec_CipherHandle* cipherHandle, SEC_BYTE* return result; } -/** - * @brief Process the opaque buffers that were obtained with Sec_OpaqueBufferMalloc. - * - * @param cipherHandle cipher handle. - * @param inputHandle opaque buffer containing input. - * @param outputHandle opaque buffer for writing output. - * @param inputSize the length of input to process. - * @param lastInput SEC_BOOLean value specifying whether this is the last chunk - * of input that will be processed. - * @param bytesWritten pointer to a value that will be set to number. - * of bytes written to the output buffer. - */ Sec_Result SecCipher_ProcessOpaque(Sec_CipherHandle* cipherHandle, Sec_OpaqueBufferHandle* inOpaqueBufferHandle, Sec_OpaqueBufferHandle* outOpaqueBufferHandle, SEC_SIZE inputSize, SEC_BOOL lastInput, SEC_SIZE* bytesWritten) { CHECK_HANDLE(cipherHandle) @@ -418,7 +404,7 @@ Sec_Result SecCipher_ProcessOpaque(Sec_CipherHandle* cipherHandle, Sec_OpaqueBuf } if (outOpaqueBufferHandle == NULL) { - SEC_LOG_ERROR("Invalid outputHandle"); + SEC_LOG_ERROR("Invalid opaqueBufferHandle"); return SEC_RESULT_INVALID_HANDLE; } @@ -443,28 +429,24 @@ Sec_Result SecCipher_ProcessOpaque(Sec_CipherHandle* cipherHandle, Sec_OpaqueBuf case SEC_KEYTYPE_AES_256: { sa_buffer out_buffer; out_buffer.buffer_type = SA_BUFFER_TYPE_SVP; + out_buffer.context.svp.buffer = outOpaqueBufferHandle->svp_buffer; out_buffer.context.svp.offset = 0; - out_buffer.context.svp.buffer = get_svp_buffer(cipherHandle->processorHandle, outOpaqueBufferHandle); - if (out_buffer.context.svp.buffer == INVALID_HANDLE) - return SEC_RESULT_FAILURE; sa_buffer in_buffer; in_buffer.buffer_type = SA_BUFFER_TYPE_SVP; + in_buffer.context.svp.buffer = inOpaqueBufferHandle->svp_buffer; in_buffer.context.svp.offset = 0; - in_buffer.context.svp.buffer = get_svp_buffer(cipherHandle->processorHandle, inOpaqueBufferHandle); - if (in_buffer.context.svp.buffer == INVALID_HANDLE) - return SEC_RESULT_FAILURE; size_t bytes_to_process = inputSize; bool pkcs7 = cipherHandle->algorithm == SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING || cipherHandle->algorithm == SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING; if (lastInput && pkcs7) { - sa_status status = sa_invoke(cipherHandle->processorHandle, SA_CRYPTO_CIPHER_PROCESS_LAST, &out_buffer, - cipherHandle->cipher.context, &in_buffer, &bytes_to_process, NULL); + sa_status status = sa_crypto_cipher_process_last(&out_buffer, cipherHandle->cipher.context, &in_buffer, + &bytes_to_process, NULL); CHECK_STATUS(status) } else { - sa_status status = sa_invoke(cipherHandle->processorHandle, SA_CRYPTO_CIPHER_PROCESS, &out_buffer, - cipherHandle->cipher.context, &in_buffer, &bytes_to_process); + sa_status status = sa_crypto_cipher_process(&out_buffer, cipherHandle->cipher.context, &in_buffer, + &bytes_to_process); CHECK_STATUS(status) } @@ -517,17 +499,13 @@ Sec_Result SecCipher_KeyCheckOpaque(Sec_CipherHandle* cipherHandle, Sec_OpaqueBu sa_status status; sa_buffer in_buffer; in_buffer.buffer_type = SA_BUFFER_TYPE_SVP; + in_buffer.context.svp.buffer = opaqueBufferHandle->svp_buffer; in_buffer.context.svp.offset = 0; - in_buffer.context.svp.buffer = get_svp_buffer(cipherHandle->processorHandle, opaqueBufferHandle); - if (in_buffer.context.svp.buffer == INVALID_HANDLE) - return SEC_RESULT_FAILURE; - if (cipherHandle->mode == SEC_CIPHERMODE_ENCRYPT) return SEC_RESULT_UNIMPLEMENTED_FEATURE; const Sec_Key* key = get_key(cipherHandle->keyHandle); - status = sa_invoke(cipherHandle->processorHandle, SA_SVP_KEY_CHECK, key->handle, &in_buffer, - (size_t) SEC_AES_BLOCK_SIZE, expected, (size_t) SEC_AES_BLOCK_SIZE); + status = sa_svp_key_check(key->handle, &in_buffer, SEC_AES_BLOCK_SIZE, expected, SEC_AES_BLOCK_SIZE); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; @@ -555,7 +533,7 @@ Sec_Result SecCipher_Release(Sec_CipherHandle* cipherHandle) { case SEC_KEYTYPE_HMAC_256: case SEC_KEYTYPE_ECC_NISTP256: case SEC_KEYTYPE_RSA_3072: - sa_invoke(cipherHandle->processorHandle, SA_CRYPTO_CIPHER_RELEASE, cipherHandle->cipher.context); + sa_crypto_cipher_release(cipherHandle->cipher.context); break; default: @@ -932,7 +910,7 @@ Sec_Result SecCipher_ProcessOpaqueWithMap(Sec_CipherHandle* cipherHandle, SEC_BY } if (opaqueBufferHandle == NULL) { - SEC_LOG_ERROR("NULL outputHandle"); + SEC_LOG_ERROR("NULL opaqueBufferHandle"); return SEC_RESULT_FAILURE; } @@ -961,15 +939,8 @@ Sec_Result SecCipher_ProcessOpaqueWithMap(Sec_CipherHandle* cipherHandle, SEC_BY sa_buffer out_buffer; out_buffer.buffer_type = SA_BUFFER_TYPE_SVP; + out_buffer.context.svp.buffer = (*opaqueBufferHandle)->svp_buffer; out_buffer.context.svp.offset = 0; - out_buffer.context.svp.buffer = get_svp_buffer(cipherHandle->processorHandle, *opaqueBufferHandle); - if (out_buffer.context.svp.buffer == INVALID_HANDLE) { - free(subsample_lengths); - SecOpaqueBuffer_Free(*opaqueBufferHandle); - *opaqueBufferHandle = NULL; - *bytesWritten = 0; - return SEC_RESULT_FAILURE; - } sa_buffer in_buffer; in_buffer.buffer_type = SA_BUFFER_TYPE_CLEAR; @@ -988,7 +959,7 @@ Sec_Result SecCipher_ProcessOpaqueWithMap(Sec_CipherHandle* cipherHandle, SEC_BY sample.out = &out_buffer; sample.in = &in_buffer; - sa_status status = sa_invoke(cipherHandle->processorHandle, SA_PROCESS_COMMON_ENCRYPTION, (size_t) 1, &sample); + sa_status status = sa_process_common_encryption(1, &sample); free(subsample_lengths); if (status != SA_STATUS_OK) { SecOpaqueBuffer_Free(*opaqueBufferHandle); @@ -1053,17 +1024,11 @@ Sec_Result SecCipher_ProcessOpaqueWithMapAndPattern(Sec_CipherHandle* cipherHand subsample_lengths[i].bytes_of_protected_data = map[i].encrypted; } + sa_buffer out_buffer; out_buffer.buffer_type = SA_BUFFER_TYPE_SVP; + out_buffer.context.svp.buffer = (*opaqueBufferHandle)->svp_buffer; out_buffer.context.svp.offset = 0; - out_buffer.context.svp.buffer = get_svp_buffer(cipherHandle->processorHandle, *opaqueBufferHandle); - if (out_buffer.context.svp.buffer == INVALID_HANDLE) { - free(subsample_lengths); - SecOpaqueBuffer_Free(*opaqueBufferHandle); - *opaqueBufferHandle = NULL; - *bytesWritten = 0; - return SEC_RESULT_FAILURE; - } sa_buffer in_buffer; in_buffer.buffer_type = SA_BUFFER_TYPE_CLEAR; @@ -1082,7 +1047,7 @@ Sec_Result SecCipher_ProcessOpaqueWithMapAndPattern(Sec_CipherHandle* cipherHand sample.out = &out_buffer; sample.in = &in_buffer; - sa_status status = sa_invoke(cipherHandle->processorHandle, SA_PROCESS_COMMON_ENCRYPTION, (size_t) 1, &sample); + sa_status status = sa_process_common_encryption(1, &sample); free(subsample_lengths); if (status != SA_STATUS_OK) { SecOpaqueBuffer_Free(*opaqueBufferHandle); diff --git a/src/sec_adapter_digest.c b/src/sec_adapter_digest.c index 2629b42..22107e7 100644 --- a/src/sec_adapter_digest.c +++ b/src/sec_adapter_digest.c @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -#include "sa_types.h" +#include "sa.h" #include "sec_adapter_processor.h" #include "sec_security.h" #include @@ -148,8 +148,7 @@ Sec_Result SecDigest_UpdateWithKey(Sec_DigestHandle* digestHandle, Sec_KeyHandle const Sec_Key* key = get_key(keyHandle); sa_digest_algorithm algorithm = (digestHandle->algorithm == SEC_DIGESTALGORITHM_SHA1) ? SA_DIGEST_ALGORITHM_SHA1 : SA_DIGEST_ALGORITHM_SHA256; - sa_status status = sa_invoke(digestHandle->processorHandle, SA_KEY_DIGEST, NULL, &digestHandle->key_digest_length, - key->handle, algorithm); + sa_status status = sa_key_digest(NULL, &digestHandle->key_digest_length, key->handle, algorithm); CHECK_STATUS(status) digestHandle->key_digest = malloc(digestHandle->key_digest_length); @@ -158,8 +157,8 @@ Sec_Result SecDigest_UpdateWithKey(Sec_DigestHandle* digestHandle, Sec_KeyHandle return SEC_RESULT_FAILURE; } - status = sa_invoke(digestHandle->processorHandle, SA_KEY_DIGEST, digestHandle->key_digest, - &digestHandle->key_digest_length, key->handle, algorithm); + status = sa_key_digest(digestHandle->key_digest, &digestHandle->key_digest_length, key->handle, + algorithm); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } diff --git a/src/sec_adapter_key.c b/src/sec_adapter_key.c index ff9c7a8..58767a0 100644 --- a/src/sec_adapter_key.c +++ b/src/sec_adapter_key.c @@ -37,8 +37,8 @@ #define CHECK_MAC_RESULT(processorHandle, status, base_key, mac_context) \ if ((status) != SA_STATUS_OK) { \ if ((mac_context) != 0) \ - sa_invoke(processorHandle, SA_CRYPTO_MAC_RELEASE, mac_context); \ - sa_invoke(processorHandle, SA_KEY_RELEASE, base_key); \ + sa_crypto_mac_release(mac_context); \ + sa_key_release(base_key); \ return SEC_RESULT_FAILURE; \ } @@ -91,9 +91,9 @@ static Sec_Result process_store_key_container(Sec_ProcessorHandle* processorHand static Sec_KeyType get_key_type(sa_header* key_header); static Sec_Result derive_root_key_ladder(Sec_ProcessorHandle* processorHandle, const SEC_BYTE* c1, const SEC_BYTE* c2, - const SEC_BYTE* c3, const SEC_BYTE* c4, SEC_SIZE key_size, const sa_key* key, Sec_KeyType key_type); + const SEC_BYTE* c3, const SEC_BYTE* c4, SEC_SIZE key_size, sa_key* key, Sec_KeyType key_type); -static Sec_Result derive_base_key(Sec_ProcessorHandle* processorHandle, SEC_BYTE* nonce, const sa_key* key, +static Sec_Result derive_base_key(Sec_ProcessorHandle* processorHandle, SEC_BYTE* nonce, sa_key* key, Sec_KeyType key_type); static Sec_Result derive_hkdf(Sec_ProcessorHandle* processorHandle, Sec_MacAlgorithm macAlgorithm, @@ -248,7 +248,7 @@ Sec_Result SecKey_GetProperties(Sec_KeyHandle* keyHandle, Sec_KeyProperties* key case SEC_KEYTYPE_ECC_NISTP256: case SEC_KEYTYPE_RSA_3072: { sa_header key_header; - sa_status status = sa_invoke(keyHandle->processorHandle, SA_KEY_HEADER, &key_header, keyHandle->key.handle); + sa_status status = sa_key_header(&key_header, keyHandle->key.handle); CHECK_STATUS(status) rights = key_header.rights; @@ -357,7 +357,7 @@ SEC_SIZE SecKey_GetKeyLen(Sec_KeyHandle* keyHandle) { case SEC_KEYTYPE_HMAC_256: case SEC_KEYTYPE_ECC_NISTP256: case SEC_KEYTYPE_RSA_3072: - status = sa_invoke(keyHandle->processorHandle, SA_KEY_HEADER, &key_header, keyHandle->key.handle); + status = sa_key_header(&key_header, keyHandle->key.handle); if (status != SA_STATUS_OK) { return 0; } @@ -443,7 +443,7 @@ Sec_Result SecKey_GetInstance(Sec_ProcessorHandle* processorHandle, SEC_OBJECTID (*keyHandle)->key_type = SecKey_GetKeyTypeForClearKeyContainer(key_container); } else { sa_header key_header; - sa_status status = sa_invoke(processorHandle, SA_KEY_HEADER, &key_header, (*keyHandle)->key.handle); + sa_status status = sa_key_header(&key_header, (*keyHandle)->key.handle); if (status == SA_STATUS_OK) { (*keyHandle)->key_type = get_key_type(&key_header); } @@ -477,7 +477,7 @@ Sec_Result SecKey_ExtractRSAPublicKey(Sec_KeyHandle* keyHandle, Sec_RSARawPublic } sa_status status; - status = sa_invoke(keyHandle->processorHandle, SA_KEY_GET_PUBLIC, out, &out_len, keyHandle->key.handle); + status = sa_key_get_public(out, &out_len, keyHandle->key.handle); if (status == SA_STATUS_OK) Pubops_ExtractRSAPubFromPUBKEYDer(out, out_len, public_key); @@ -530,8 +530,7 @@ Sec_Result SecKey_ExtractECCPublicKey(Sec_KeyHandle* keyHandle, Sec_ECCRawPublic return SEC_RESULT_FAILURE; } - sa_status status = sa_invoke(keyHandle->processorHandle, SA_KEY_GET_PUBLIC, out, &out_len, - keyHandle->key.handle); + sa_status status = sa_key_get_public(out, &out_len, keyHandle->key.handle); if (status == SA_STATUS_OK) Pubops_ExtractECCPubFromPUBKEYDer(out, out_len, public_key); @@ -576,8 +575,7 @@ Sec_Result SecKey_Generate(Sec_ProcessorHandle* processorHandle, SEC_OBJECTID ob Sec_Key key; sa_rights rights; rights_set_allow_all(&rights, keyType); - sa_status status = sa_invoke(processorHandle, SA_KEY_GENERATE, &key.handle, &rights, key_type, - parameters); + sa_status status = sa_key_generate(&key.handle, &rights, key_type, parameters); SEC_FREE(parameters); CHECK_STATUS(status) @@ -659,7 +657,7 @@ Sec_Result SecKey_Derive_HKDF(Sec_ProcessorHandle* processorHandle, SEC_OBJECTID Sec_Key key; result = derive_hkdf(processorHandle, macAlgorithm, type_derived, salt, saltSize, info, infoSize, base_key, &key.handle); - sa_invoke(processorHandle, SA_KEY_RELEASE, base_key); + sa_key_release(base_key); if (result != SEC_RESULT_SUCCESS) { return result; } @@ -694,7 +692,7 @@ Sec_Result SecKey_Derive_ConcatKDF(Sec_ProcessorHandle* processorHandle, SEC_OBJ Sec_Key key; result = derive_kdf_concat(processorHandle, digestAlgorithm, type_derived, otherInfo, otherInfoSize, base_key, &key.handle); - sa_invoke(processorHandle, SA_KEY_RELEASE, base_key); + sa_key_release(base_key); if (result != SEC_RESULT_SUCCESS) { return result; } @@ -741,36 +739,35 @@ Sec_Result SecKey_Derive_PBEKDF(Sec_ProcessorHandle* processorHandle, SEC_OBJECT parameters = &hmac_parameters; } - sa_status status = sa_invoke(processorHandle, SA_CRYPTO_MAC_INIT, &mac_context, mac_algorithm, - base_key, parameters); + sa_status status = sa_crypto_mac_init(&mac_context, mac_algorithm, base_key, parameters); CHECK_MAC_RESULT(processorHandle, status, base_key, 0) - status = sa_invoke(processorHandle, SA_CRYPTO_MAC_PROCESS, mac_context, salt, (size_t) saltSize); + status = sa_crypto_mac_process(mac_context, salt, saltSize); CHECK_MAC_RESULT(processorHandle, status, base_key, mac_context) - status = sa_invoke(processorHandle, SA_CRYPTO_MAC_PROCESS, mac_context, loop, sizeof(loop)); + status = sa_crypto_mac_process(mac_context, loop, sizeof(loop)); CHECK_MAC_RESULT(processorHandle, status, base_key, mac_context) SEC_BYTE mac1[SEC_MAC_MAX_LEN]; size_t mac1_len; - status = sa_invoke(processorHandle, SA_CRYPTO_MAC_COMPUTE, mac1, &mac1_len, mac_context); - sa_invoke(processorHandle, SA_CRYPTO_MAC_RELEASE, mac_context); + status = sa_crypto_mac_compute(mac1, &mac1_len, mac_context); + sa_crypto_mac_release(mac_context); CHECK_MAC_RESULT(processorHandle, status, base_key, 0) SEC_BYTE out[SEC_MAC_MAX_LEN]; memcpy(out, mac1, digest_length); for (size_t j = 1; j < numIterations; j++) { - status = sa_invoke(processorHandle, SA_CRYPTO_MAC_INIT, &mac_context, mac_algorithm, base_key, parameters); + status = sa_crypto_mac_init(&mac_context, mac_algorithm, base_key, parameters); CHECK_MAC_RESULT(processorHandle, status, base_key, 0) - status = sa_invoke(processorHandle, SA_CRYPTO_MAC_PROCESS, mac_context, mac1, (size_t) digest_length); + status = sa_crypto_mac_process(mac_context, mac1, digest_length); CHECK_MAC_RESULT(processorHandle, status, base_key, mac_context) SEC_BYTE mac2[SEC_MAC_MAX_LEN]; size_t mac2_len; - status = sa_invoke(processorHandle, SA_CRYPTO_MAC_COMPUTE, mac2, &mac2_len, mac_context); - sa_invoke(processorHandle, SA_KEY_RELEASE, mac_context); + status = sa_crypto_mac_compute(mac2, &mac2_len, mac_context); + sa_crypto_mac_release(mac_context); CHECK_MAC_RESULT(processorHandle, status, base_key, 0) memcpy(mac1, mac2, digest_length); @@ -783,7 +780,7 @@ Sec_Result SecKey_Derive_PBEKDF(Sec_ProcessorHandle* processorHandle, SEC_OBJECT memcpy(out_key + (i - 1) * digest_length, out, cp_len); } - sa_invoke(processorHandle, SA_KEY_RELEASE, base_key); + sa_key_release(base_key); return SecKey_Provision(processorHandle, object_id_derived, loc_derived, SecKey_GetClearContainer(type_derived), out_key, key_length); @@ -981,14 +978,14 @@ Sec_Result SecKey_ECDHKeyAgreementWithKDF(Sec_KeyHandle* keyHandle, Sec_ECCRawPu return SEC_RESULT_FAILURE; } - sa_status status = sa_invoke(keyHandle->processorHandle, SA_KEY_EXCHANGE, &shared_secret, &rights, - SA_KEY_EXCHANGE_ALGORITHM_ECDH, keyHandle->key.handle, other_public, (size_t) other_public_length, NULL); + sa_status status = sa_key_exchange(&shared_secret, &rights, SA_KEY_EXCHANGE_ALGORITHM_ECDH, + keyHandle->key.handle, other_public, other_public_length, NULL); free(other_public); CHECK_STATUS(status) // Derive the key from the shared secret using a key derivation algorithm. if (digestAlgorithm != SEC_DIGESTALGORITHM_SHA1 && digestAlgorithm != SEC_DIGESTALGORITHM_SHA256) { - sa_invoke(keyHandle->processorHandle, SA_KEY_RELEASE, shared_secret); + sa_key_release(shared_secret); SEC_LOG_ERROR("Unsupported digest algorithm specified: %d", digestAlgorithm); return SEC_RESULT_INVALID_PARAMETERS; } @@ -1035,13 +1032,13 @@ Sec_Result SecKey_ECDHKeyAgreementWithKDF(Sec_KeyHandle* keyHandle, Sec_ECCRawPu break; default: - sa_invoke(keyHandle->processorHandle, SA_KEY_RELEASE, shared_secret); + sa_key_release(shared_secret); return SEC_RESULT_INVALID_PARAMETERS; } Sec_Key key; - status = sa_invoke(keyHandle->processorHandle, SA_KEY_DERIVE, &key.handle, &rights, kdf_algorithm, parameters); - sa_invoke(keyHandle->processorHandle, SA_KEY_RELEASE, shared_secret); + status = sa_key_derive(&key.handle, &rights, kdf_algorithm, parameters); + sa_key_release(shared_secret); CHECK_STATUS(status) return prepare_and_store_key_data(keyHandle->processorHandle, loc_derived, id_derived, &key, @@ -1239,7 +1236,7 @@ Sec_Result SecKey_Release(Sec_KeyHandle* keyHandle) { break; default: - sa_invoke(keyHandle->processorHandle, SA_KEY_RELEASE, keyHandle->key.handle); + sa_key_release(keyHandle->key.handle); break; } @@ -2160,7 +2157,7 @@ Sec_Result prepare_and_store_key_data(Sec_ProcessorHandle* processorHandle, Sec_ key_data->info.kc_type = SEC_KEYCONTAINER_EXPORTED; result = export_key(processorHandle, key, NULL, key_data->key_container, SEC_KEYCONTAINER_MAX_LEN, &key_data->kc_len); - sa_invoke(processorHandle, SA_KEY_RELEASE, key->handle); + sa_key_release(key->handle); break; case SEC_KEYCONTAINER_EXPORTED: @@ -2169,7 +2166,7 @@ Sec_Result prepare_and_store_key_data(Sec_ProcessorHandle* processorHandle, Sec_ key_data->info.kc_type = key_container; memcpy(key_data->key_container, key_buffer, key_length); key_data->kc_len = key_length; - sa_invoke(processorHandle, SA_KEY_RELEASE, key->handle); + sa_key_release(key->handle); result = SEC_RESULT_SUCCESS; } else { result = SEC_RESULT_INVALID_PARAMETERS; @@ -2643,8 +2640,7 @@ static Sec_Result process_key_container(Sec_ProcessorHandle* processorHandle, SE } // Validate the key and import it. - status = sa_invoke(processorHandle, SA_KEY_IMPORT, &key->handle, key_format, key_buffer, (size_t) *key_length, - parameters); + status = sa_key_import(&key->handle, key_format, key_buffer, *key_length, parameters); if (cipherKeyHandle != NULL) SecKey_Release(cipherKeyHandle); @@ -3038,10 +3034,10 @@ static Sec_Result process_ec_public_key_container(Sec_KeyContainer in_key_contai const EC_GROUP* group = EC_KEY_get0_group(*ec_key); EC_POINT* ec_point = EC_POINT_new(group); BN_CTX_start(bn_ctx); - BIGNUM* xp; - BIGNUM* yp; + BIGNUM* xp = BN_CTX_get(bn_ctx); + BIGNUM* yp = BN_CTX_get(bn_ctx); - if (((xp = BN_CTX_get(bn_ctx)) == NULL) || ((yp = BN_CTX_get(bn_ctx)) == NULL)) + if (xp == NULL || yp == NULL) return SEC_RESULT_INVALID_PARAMETERS; EC_POINT_set_affine_coordinates_GFp(group, ec_point, @@ -3250,7 +3246,7 @@ static Sec_Result process_store_key_container(Sec_ProcessorHandle* processorHand // Export the key result = export_key(processorHandle, &derived_key, NULL, key_buffer, SEC_KEYCONTAINER_MAX_LEN, key_length); - sa_invoke(processorHandle, SA_KEY_RELEASE, derived_key.handle); + sa_key_release(derived_key.handle); if (result != SEC_RESULT_SUCCESS) { SEC_LOG_ERROR("Export of store keycontainer derived key failed"); return SEC_RESULT_FAILURE; @@ -3269,7 +3265,7 @@ static Sec_Result process_store_key_container(Sec_ProcessorHandle* processorHand } static Sec_Result derive_root_key_ladder(Sec_ProcessorHandle* processorHandle, const SEC_BYTE* c1, const SEC_BYTE* c2, - const SEC_BYTE* c3, const SEC_BYTE* c4, SEC_SIZE key_size, const sa_key* key, Sec_KeyType key_type) { + const SEC_BYTE* c3, const SEC_BYTE* c4, SEC_SIZE key_size, sa_key* key, Sec_KeyType key_type) { sa_kdf_parameters_root_key_ladder kdf_parameters = { .c1 = c1, @@ -3283,13 +3279,12 @@ static Sec_Result derive_root_key_ladder(Sec_ProcessorHandle* processorHandle, c sa_rights rights; rights_set_allow_all(&rights, key_type); - sa_status status = sa_invoke(processorHandle, SA_KEY_DERIVE, key, &rights, SA_KDF_ALGORITHM_ROOT_KEY_LADDER, - &kdf_parameters); + sa_status status = sa_key_derive(key, &rights, SA_KDF_ALGORITHM_ROOT_KEY_LADDER, &kdf_parameters); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } -static Sec_Result derive_base_key(Sec_ProcessorHandle* processorHandle, SEC_BYTE* nonce, const sa_key* key, +static Sec_Result derive_base_key(Sec_ProcessorHandle* processorHandle, SEC_BYTE* nonce, sa_key* key, Sec_KeyType key_type) { SEC_SIZE keySize = SEC_AES_BLOCK_SIZE; SEC_BYTE c1[keySize]; @@ -3344,8 +3339,7 @@ static Sec_Result derive_hkdf(Sec_ProcessorHandle* processorHandle, Sec_MacAlgor sa_rights rights; rights_set_allow_all(&rights, typeDerived); - sa_status status = sa_invoke(processorHandle, SA_KEY_DERIVE, derived_key, &rights, SA_KDF_ALGORITHM_HKDF, - &kdf_parameters); + sa_status status = sa_key_derive(derived_key, &rights, SA_KDF_ALGORITHM_HKDF, &kdf_parameters); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -3374,8 +3368,7 @@ static Sec_Result derive_kdf_concat(Sec_ProcessorHandle* processorHandle, Sec_Di sa_rights rights; rights_set_allow_all(&rights, typeDerived); - sa_status status = sa_invoke(processorHandle, SA_KEY_DERIVE, derived_key, &rights, SA_KDF_ALGORITHM_CONCAT, - &kdf_parameters); + sa_status status = sa_key_derive(derived_key, &rights, SA_KDF_ALGORITHM_CONCAT, &kdf_parameters); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -3407,8 +3400,7 @@ static Sec_Result derive_kdf_cmac(Sec_ProcessorHandle* processorHandle, Sec_KeyT sa_rights rights; rights_set_allow_all(&rights, typeDerived); - sa_status status = sa_invoke(processorHandle, SA_KEY_DERIVE, derived_key, &rights, SA_KDF_ALGORITHM_CMAC, - &cmac_parameters); + sa_status status = sa_key_derive(derived_key, &rights, SA_KDF_ALGORITHM_CMAC, &cmac_parameters); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -3446,8 +3438,8 @@ static Sec_Result unwrap_key(Sec_ProcessorHandle* processorHandle, Sec_CipherAlg } Sec_Key unwrapped_key; - sa_status status = sa_invoke(processorHandle, SA_KEY_UNWRAP, &unwrapped_key.handle, &rights, key_type, - key_parameters, cipher_algorithm, cipher_parameters, keyHandle->key.handle, input, (size_t) input_len); + sa_status status = sa_key_unwrap(&unwrapped_key.handle, &rights, key_type, key_parameters, cipher_algorithm, + cipher_parameters, keyHandle->key.handle, input, input_len); SEC_FREE(key_parameters); SEC_FREE(cipher_parameters); SecKey_Release(keyHandle); @@ -3455,7 +3447,7 @@ static Sec_Result unwrap_key(Sec_ProcessorHandle* processorHandle, Sec_CipherAlg // Export the key result = export_key(processorHandle, &unwrapped_key, NULL, out_key, SEC_KEYCONTAINER_MAX_LEN, out_key_len); - sa_invoke(processorHandle, SA_KEY_RELEASE, unwrapped_key.handle); + sa_key_release(unwrapped_key.handle); return result; } @@ -3518,8 +3510,7 @@ static Sec_Result export_key(Sec_ProcessorHandle* processorHandle, Sec_Key* key, // Get key length. if (exportedKey == NULL) { size_t out_length = 0; - sa_status status = sa_invoke(processorHandle, SA_KEY_EXPORT, exportedKey, &out_length, mixin, - (size_t) SEC_AES_BLOCK_SIZE, key->handle); + sa_status status = sa_key_export(exportedKey, &out_length, mixin, SEC_AES_BLOCK_SIZE, key->handle); CHECK_STATUS(status) // Include the length of the derivationInput. @@ -3528,8 +3519,7 @@ static Sec_Result export_key(Sec_ProcessorHandle* processorHandle, Sec_Key* key, } size_t out_length = keyBufferLen; - sa_status status = sa_invoke(processorHandle, SA_KEY_EXPORT, exportedKey, &out_length, mixin, - (size_t) SEC_AES_BLOCK_SIZE, key->handle); + sa_status status = sa_key_export(exportedKey, &out_length, mixin, SEC_AES_BLOCK_SIZE, key->handle); CHECK_STATUS(status) *keyBytesWritten = out_length; return SEC_RESULT_SUCCESS; diff --git a/src/sec_adapter_keyexchange.c b/src/sec_adapter_keyexchange.c index 8a6b133..5900a4d 100644 --- a/src/sec_adapter_keyexchange.c +++ b/src/sec_adapter_keyexchange.c @@ -131,13 +131,11 @@ Sec_Result SecKeyExchange_GenerateKeys(Sec_KeyExchangeHandle* keyExchangeHandle, return SEC_RESULT_FAILURE; } - sa_status status = sa_invoke(keyExchangeHandle->processorHandle, SA_KEY_GENERATE, keyExchangeHandle->key, &rights, - type, keyExchangeHandle->parameters); + sa_status status = sa_key_generate(keyExchangeHandle->key, &rights, type, keyExchangeHandle->parameters); CHECK_STATUS(status) size_t out_length = BUFFER_SIZE; SEC_BYTE public_key_bytes[BUFFER_SIZE]; - status = sa_invoke(keyExchangeHandle->processorHandle, SA_KEY_GET_PUBLIC, &public_key_bytes, &out_length, - *keyExchangeHandle->key); + status = sa_key_get_public(&public_key_bytes, &out_length, *keyExchangeHandle->key); CHECK_STATUS(status) switch (keyExchangeHandle->alg) { @@ -231,8 +229,7 @@ Sec_Result SecKeyExchange_ComputeSecret(Sec_KeyExchangeHandle* keyExchangeHandle switch (keyExchangeHandle->alg) { case SEC_KEYEXCHANGE_DH: { sa_header header; - sa_status status = sa_invoke(keyExchangeHandle->processorHandle, SA_KEY_HEADER, &header, - *keyExchangeHandle->key); + sa_status status = sa_key_header(&header, *keyExchangeHandle->key); CHECK_STATUS(status) algorithm = SA_KEY_EXCHANGE_ALGORITHM_DH; @@ -348,8 +345,8 @@ Sec_Result SecKeyExchange_ComputeSecret(Sec_KeyExchangeHandle* keyExchangeHandle } sa_key shared_secret; - sa_status status = sa_invoke(keyExchangeHandle->processorHandle, SA_KEY_EXCHANGE, &shared_secret, &rights, - algorithm, *keyExchangeHandle->key, public_key_bytes, (size_t) key_len, NULL); + sa_status status = sa_key_exchange(&shared_secret, &rights, algorithm, *keyExchangeHandle->key, public_key_bytes, + key_len, NULL); free(public_key_bytes); CHECK_STATUS(status) @@ -361,7 +358,7 @@ Sec_Result SecKeyExchange_ComputeSecret(Sec_KeyExchangeHandle* keyExchangeHandle Sec_Result SecKeyExchange_Release(Sec_KeyExchangeHandle* keyExchangeHandle) { if (keyExchangeHandle != NULL) { if (keyExchangeHandle->key != NULL) - sa_invoke(keyExchangeHandle->processorHandle, SA_KEY_RELEASE, *keyExchangeHandle->key); + sa_key_release(*keyExchangeHandle->key); SEC_FREE(keyExchangeHandle->parameters); SEC_FREE(keyExchangeHandle->key); diff --git a/src/sec_adapter_mac.c b/src/sec_adapter_mac.c index b9e36f2..6efeff8 100644 --- a/src/sec_adapter_mac.c +++ b/src/sec_adapter_mac.c @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -#include "sa_types.h" +#include "sa.h" #include "sec_adapter_processor.h" #include "sec_security.h" @@ -121,11 +121,7 @@ Sec_Result SecMac_GetInstance(Sec_ProcessorHandle* processorHandle, Sec_MacAlgor } const Sec_Key* key = get_key(keyHandle); - sa_status status = sa_invoke(processorHandle, SA_CRYPTO_MAC_INIT, &newMacHandle->mac_context, mac_algorithm, - key->handle, parameters); - if (status != SA_STATUS_OK) - free(newMacHandle); - + sa_status status = sa_crypto_mac_init(&newMacHandle->mac_context, mac_algorithm, key->handle, parameters); CHECK_STATUS(status) *macHandle = newMacHandle; return SEC_RESULT_SUCCESS; @@ -142,8 +138,7 @@ Sec_Result SecMac_GetInstance(Sec_ProcessorHandle* processorHandle, Sec_MacAlgor */ Sec_Result SecMac_Update(Sec_MacHandle* macHandle, SEC_BYTE* input, SEC_SIZE inputSize) { CHECK_HANDLE(macHandle) - sa_status status = sa_invoke(macHandle->processorHandle, SA_CRYPTO_MAC_PROCESS, macHandle->mac_context, input, - inputSize); + sa_status status = sa_crypto_mac_process(macHandle->mac_context, input, inputSize); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -160,8 +155,7 @@ Sec_Result SecMac_UpdateWithKey(Sec_MacHandle* macHandle, Sec_KeyHandle* keyHand CHECK_HANDLE(macHandle) CHECK_HANDLE(keyHandle) const Sec_Key* key = get_key(keyHandle); - sa_status status = sa_invoke(macHandle->processorHandle, SA_CRYPTO_MAC_PROCESS_KEY, macHandle->mac_context, - key->handle); + sa_status status = sa_crypto_mac_process_key(macHandle->mac_context, key->handle); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -180,9 +174,8 @@ Sec_Result SecMac_Release(Sec_MacHandle* macHandle, SEC_BYTE* macBuffer, SEC_SIZ CHECK_HANDLE(macHandle) size_t out_length = SEC_MAC_MAX_LEN; - sa_status status = sa_invoke(macHandle->processorHandle, SA_CRYPTO_MAC_COMPUTE, macBuffer, &out_length, - macHandle->mac_context); - sa_invoke(macHandle->processorHandle, SA_CRYPTO_MAC_RELEASE, macHandle->mac_context); + sa_status status = sa_crypto_mac_compute(macBuffer, &out_length, macHandle->mac_context); + sa_crypto_mac_release(macHandle->mac_context); *macSize = out_length; SEC_FREE(macHandle); CHECK_STATUS(status) diff --git a/src/sec_adapter_processor.c b/src/sec_adapter_processor.c index 1d598e0..14dffac 100644 --- a/src/sec_adapter_processor.c +++ b/src/sec_adapter_processor.c @@ -18,18 +18,12 @@ #include "sec_adapter_processor.h" // NOLINT #include "sa.h" -#include "sec_security_svp.h" - -static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; -static Sec_ProcessorHandle* processorHandleList = NULL; struct Sec_ProcessorInitParams_struct { }; static Sec_Result Sec_SetStorageDir(const char* provided_dir, const char* default_dir, char* output_dir); -static void* sa_invoke_handler(void* processorHandle); - /** * @brief Initialize secure processor. * @@ -44,8 +38,7 @@ static void* sa_invoke_handler(void* processorHandle); * * @return The status of the operation. */ -Sec_Result SecProcessor_GetInstance(Sec_ProcessorHandle** processorHandle, - Sec_ProcessorInitParams* socInitParams) { +Sec_Result SecProcessor_GetInstance(Sec_ProcessorHandle** processorHandle, Sec_ProcessorInitParams* socInitParams) { return SecProcessor_GetInstance_Directories(processorHandle, SEC_GLOBAL_DIR_DEFAULT, SEC_GLOBAL_DIR_DEFAULT); } @@ -136,33 +129,6 @@ Sec_Result SecProcessor_GetInstance_Directories(Sec_ProcessorHandle** processorH return result; } - if (pthread_mutex_init(&newProcessorHandle->mutex, NULL) != 0) { - SEC_LOG_ERROR("Error initializing mutex"); - SEC_FREE(newProcessorHandle->app_dir); - SEC_FREE(newProcessorHandle->global_dir); - SEC_FREE(newProcessorHandle); - return SEC_RESULT_FAILURE; - } - - if (pthread_cond_init(&newProcessorHandle->cond, NULL) != 0) { - SEC_LOG_ERROR("Error creating app_dir"); - pthread_mutex_destroy(&newProcessorHandle->mutex); - SEC_FREE(newProcessorHandle->app_dir); - SEC_FREE(newProcessorHandle->global_dir); - SEC_FREE(newProcessorHandle); - return SEC_RESULT_FAILURE; - } - - if (pthread_create(&newProcessorHandle->thread, NULL, sa_invoke_handler, newProcessorHandle) != 0) { - SEC_LOG_ERROR("Error creating app_dir"); - pthread_mutex_destroy(&newProcessorHandle->mutex); - pthread_cond_destroy(&newProcessorHandle->cond); - SEC_FREE(newProcessorHandle->app_dir); - SEC_FREE(newProcessorHandle->global_dir); - SEC_FREE(newProcessorHandle); - return SEC_RESULT_FAILURE; - } - /* generate sec store proc ins */ result = SecStore_GenerateLadderInputs(newProcessorHandle, SEC_STORE_AES_LADDER_INPUT, NULL, (SEC_BYTE*) &derived_inputs, sizeof(derived_inputs)); @@ -238,10 +204,6 @@ Sec_Result SecProcessor_GetInstance_Directories(Sec_ProcessorHandle** processorH return result; } - pthread_mutex_lock(&mutex); - newProcessorHandle->nextHandle = processorHandleList; - processorHandleList = newProcessorHandle; - pthread_mutex_unlock(&mutex); *processorHandle = newProcessorHandle; return SEC_RESULT_SUCCESS; } @@ -357,29 +319,6 @@ Sec_Result SecProcessor_Release(Sec_ProcessorHandle* processorHandle) { if (processorHandle == NULL) return SEC_RESULT_INVALID_HANDLE; - Sec_ProcessorHandle* tempHandle = processorHandleList; - Sec_ProcessorHandle* parentHandle = NULL; - while (tempHandle != NULL && tempHandle != processorHandle) { - parentHandle = tempHandle; - tempHandle = tempHandle->nextHandle; - } - - if (tempHandle != processorHandle) { - SEC_LOG_ERROR("Attempting to free a handle that has already been freed"); - return SEC_RESULT_INVALID_HANDLE; - } - - pthread_mutex_lock(&mutex); - if (parentHandle == NULL) - processorHandleList = tempHandle->nextHandle; - else - parentHandle->nextHandle = tempHandle->nextHandle; - - pthread_mutex_unlock(&mutex); - - while (processorHandle->opaque_buffer_handle != NULL) - release_svp_buffer(processorHandle, processorHandle->opaque_buffer_handle->opaqueBufferHandle); - /* release ram keys */ while (processorHandle->ram_keys != NULL) SecKey_Delete(processorHandle, processorHandle->ram_keys->object_id); @@ -392,16 +331,6 @@ Sec_Result SecProcessor_Release(Sec_ProcessorHandle* processorHandle) { while (processorHandle->ram_certs != NULL) SecCertificate_Delete(processorHandle, processorHandle->ram_certs->object_id); - pthread_mutex_lock(&processorHandle->mutex); - processorHandle->shutdown = true; - pthread_cond_broadcast(&processorHandle->cond); - pthread_mutex_unlock(&processorHandle->mutex); - - void* thread_return = NULL; - pthread_join(processorHandle->thread, &thread_return); - pthread_cond_destroy(&processorHandle->cond); - pthread_mutex_destroy(&processorHandle->mutex); - SEC_FREE(processorHandle->app_dir); SEC_FREE(processorHandle->global_dir); free(processorHandle); @@ -459,235 +388,3 @@ Sec_Result Sec_SetStorageDir(const char* provided_dir, const char* default_dir, return SEC_RESULT_SUCCESS; } - -void sa_process_command(sa_command* command) { - switch (command->command_id) { - case SA_KEY_GENERATE: - command->result = sa_key_generate(va_arg(*command->arguments, sa_key*), - va_arg(*command->arguments, sa_rights*), va_arg(*command->arguments, sa_key_type), - va_arg(*command->arguments, void*)); - break; - - case SA_KEY_EXPORT: - command->result = sa_key_export(va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t*), - va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t), - va_arg(*command->arguments, sa_key)); - break; - - case SA_KEY_IMPORT: - command->result = sa_key_import(va_arg(*command->arguments, sa_key*), - va_arg(*command->arguments, sa_key_format), va_arg(*command->arguments, void*), - va_arg(*command->arguments, size_t), va_arg(*command->arguments, void*)); - break; - - case SA_KEY_UNWRAP: - command->result = sa_key_unwrap(va_arg(*command->arguments, sa_key*), - va_arg(*command->arguments, sa_rights*), va_arg(*command->arguments, sa_key_type), - va_arg(*command->arguments, void*), va_arg(*command->arguments, sa_cipher_algorithm), - va_arg(*command->arguments, void*), va_arg(*command->arguments, sa_key), - va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t)); - break; - - case SA_KEY_GET_PUBLIC: - command->result = sa_key_get_public(va_arg(*command->arguments, void*), - va_arg(*command->arguments, size_t*), va_arg(*command->arguments, sa_key)); - break; - - case SA_KEY_DERIVE: - command->result = sa_key_derive(va_arg(*command->arguments, sa_key*), - va_arg(*command->arguments, sa_rights*), va_arg(*command->arguments, sa_kdf_algorithm), - va_arg(*command->arguments, void*)); - break; - - case SA_KEY_EXCHANGE: - command->result = sa_key_exchange(va_arg(*command->arguments, sa_key*), - va_arg(*command->arguments, sa_rights*), va_arg(*command->arguments, sa_key_exchange_algorithm), - va_arg(*command->arguments, sa_key), va_arg(*command->arguments, void*), - va_arg(*command->arguments, size_t), va_arg(*command->arguments, void*)); - break; - - case SA_KEY_RELEASE: - command->result = sa_key_release(va_arg(*command->arguments, sa_key)); - break; - - case SA_KEY_HEADER: - command->result = sa_key_header(va_arg(*command->arguments, sa_header*), - va_arg(*command->arguments, sa_key)); - break; - - case SA_KEY_DIGEST: - command->result = sa_key_digest(va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t*), - va_arg(*command->arguments, sa_key), va_arg(*command->arguments, sa_digest_algorithm)); - break; - - case SA_CRYPTO_CIPHER_INIT: - command->result = sa_crypto_cipher_init(va_arg(*command->arguments, sa_crypto_cipher_context*), - va_arg(*command->arguments, sa_cipher_algorithm), va_arg(*command->arguments, sa_cipher_mode), - va_arg(*command->arguments, sa_key), va_arg(*command->arguments, void*)); - break; - - case SA_CRYPTO_CIPHER_UPDATE_IV: - command->result = sa_crypto_cipher_update_iv(va_arg(*command->arguments, sa_crypto_cipher_context), - va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t)); - break; - - case SA_CRYPTO_CIPHER_PROCESS: - command->result = sa_crypto_cipher_process(va_arg(*command->arguments, sa_buffer*), - va_arg(*command->arguments, sa_crypto_cipher_context), va_arg(*command->arguments, sa_buffer*), - va_arg(*command->arguments, size_t*)); - break; - - case SA_CRYPTO_CIPHER_PROCESS_LAST: - command->result = sa_crypto_cipher_process_last(va_arg(*command->arguments, sa_buffer*), - va_arg(*command->arguments, sa_crypto_cipher_context), va_arg(*command->arguments, sa_buffer*), - va_arg(*command->arguments, size_t*), va_arg(*command->arguments, void*)); - break; - - case SA_CRYPTO_CIPHER_RELEASE: - command->result = sa_crypto_cipher_release(va_arg(*command->arguments, sa_crypto_cipher_context)); - break; - - case SA_CRYPTO_MAC_INIT: - command->result = sa_crypto_mac_init(va_arg(*command->arguments, sa_crypto_mac_context*), - va_arg(*command->arguments, sa_mac_algorithm), va_arg(*command->arguments, sa_key), - va_arg(*command->arguments, void*)); - break; - - case SA_CRYPTO_MAC_PROCESS: - command->result = sa_crypto_mac_process(va_arg(*command->arguments, sa_crypto_mac_context), - va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t)); - break; - - case SA_CRYPTO_MAC_PROCESS_KEY: - command->result = sa_crypto_mac_process_key(va_arg(*command->arguments, sa_crypto_mac_context), - va_arg(*command->arguments, sa_key)); - break; - - case SA_CRYPTO_MAC_COMPUTE: - command->result = sa_crypto_mac_compute(va_arg(*command->arguments, void*), - va_arg(*command->arguments, size_t*), va_arg(*command->arguments, sa_crypto_mac_context)); - break; - - case SA_CRYPTO_MAC_RELEASE: - command->result = sa_crypto_mac_release(va_arg(*command->arguments, sa_crypto_mac_context)); - break; - - case SA_CRYPTO_SIGN: - command->result = sa_crypto_sign(va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t*), - va_arg(*command->arguments, sa_signature_algorithm), va_arg(*command->arguments, sa_key), - va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t), - va_arg(*command->arguments, void*)); - break; - - case SA_SVP_BUFFER_CREATE: - command->result = sa_svp_buffer_create(va_arg(*command->arguments, sa_svp_buffer*), - va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t)); - break; - - case SA_SVP_BUFFER_FREE: - command->result = sa_svp_buffer_free(va_arg(*command->arguments, sa_svp_buffer)); - break; - - case SA_SVP_BUFFER_RELEASE: - command->result = sa_svp_buffer_release(va_arg(*command->arguments, void**), - va_arg(*command->arguments, size_t*), va_arg(*command->arguments, sa_svp_buffer)); - break; - - case SA_SVP_BUFFER_WRITE: - command->result = sa_svp_buffer_write(va_arg(*command->arguments, sa_svp_buffer), - va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t), - va_arg(*command->arguments, sa_svp_offset*), va_arg(*command->arguments, size_t)); - break; - - case SA_SVP_BUFFER_COPY: - command->result = sa_svp_buffer_copy(va_arg(*command->arguments, sa_svp_buffer), - va_arg(*command->arguments, sa_svp_buffer), va_arg(*command->arguments, sa_svp_offset*), - va_arg(*command->arguments, size_t)); - break; - - case SA_SVP_KEY_CHECK: - command->result = sa_svp_key_check(va_arg(*command->arguments, sa_key), - va_arg(*command->arguments, sa_buffer*), va_arg(*command->arguments, size_t), - va_arg(*command->arguments, void*), va_arg(*command->arguments, size_t)); - break; - - case SA_SVP_BUFFER_CHECK: - command->result = sa_svp_buffer_check(va_arg(*command->arguments, sa_svp_buffer), - va_arg(*command->arguments, size_t), va_arg(*command->arguments, size_t), - va_arg(*command->arguments, sa_digest_algorithm), va_arg(*command->arguments, void*), - va_arg(*command->arguments, size_t)); - break; - - case SA_PROCESS_COMMON_ENCRYPTION: - command->result = sa_process_common_encryption(va_arg(*command->arguments, size_t), - va_arg(*command->arguments, sa_sample*)); - break; - - case SA_GET_VERSION: - case SA_GET_DEVICE_ID: - case SA_CRYPTO_RANDOM: - // Doesn't require a handle so called directly and not in the invoke thread. - case SA_GET_NAME: - case SA_SVP_BUFFER_ALLOC: - case SA_SVP_SUPPORTED: - // Unused - default: - command->result = SA_STATUS_INTERNAL_ERROR; - } -} - -sa_status sa_invoke(Sec_ProcessorHandle* processorHandle, SA_COMMAND_ID command_id, ...) { - if (processorHandle == NULL) - return SA_STATUS_INVALID_PARAMETER; - - va_list va_args; - va_start(va_args, command_id); - sa_command command = {command_id, &va_args, -1}; - - bool command_queued = false; - pthread_mutex_lock(&processorHandle->mutex); - while (!processorHandle->shutdown && command.result == -1) { - if (processorHandle->queue_size < MAX_QUEUE_SIZE && !command_queued) { - processorHandle->queue[(processorHandle->queue_front + processorHandle->queue_size) % MAX_QUEUE_SIZE] = - &command; - processorHandle->queue_size++; - command_queued = true; - pthread_cond_broadcast(&processorHandle->cond); - } - - pthread_cond_wait(&processorHandle->cond, &processorHandle->mutex); - } - - va_end(va_args); - pthread_mutex_unlock(&processorHandle->mutex); - return command.result; -} - -void* sa_invoke_handler(void* handle) { - if (handle == NULL) - return (void*) SEC_RESULT_INVALID_HANDLE; // NOLINT - - Sec_ProcessorHandle* processorHandle = (Sec_ProcessorHandle*) handle; - pthread_mutex_lock(&processorHandle->mutex); - while (!processorHandle->shutdown) { - if (processorHandle->queue_size > 0) { - sa_command* command = processorHandle->queue[processorHandle->queue_front]; - processorHandle->queue[processorHandle->queue_front] = NULL; - processorHandle->queue_front = ++processorHandle->queue_front % MAX_QUEUE_SIZE; - processorHandle->queue_size--; - - if (command != NULL) { - pthread_mutex_unlock(&processorHandle->mutex); - sa_process_command(command); - pthread_mutex_lock(&processorHandle->mutex); - } - - pthread_cond_broadcast(&processorHandle->cond); - } else { - pthread_cond_wait(&processorHandle->cond, &processorHandle->mutex); - } - } - - pthread_mutex_unlock(&processorHandle->mutex); - return (void*) SEC_RESULT_SUCCESS; -} diff --git a/src/sec_adapter_processor.h b/src/sec_adapter_processor.h index 40490a8..cf104ab 100644 --- a/src/sec_adapter_processor.h +++ b/src/sec_adapter_processor.h @@ -19,8 +19,6 @@ #ifndef SEC_ADAPTER_PROCESSOR_H #define SEC_ADAPTER_PROCESSOR_H -#include "sa_ta_types.h" -#include "sa_types.h" #include "sec_adapter_key.h" #include "sec_security.h" #include "sec_security_store.h" @@ -36,18 +34,10 @@ #include #endif -#define MAX_QUEUE_SIZE 32 - #define MIN_SA_VERSION(x, y, z) ( \ - (SA_SPECIFICATION_MAJOR > x) || \ - (SA_SPECIFICATION_MAJOR == x && SA_SPECIFICATION_MINOR > y) || \ - (SA_SPECIFICATION_MAJOR == x && SA_SPECIFICATION_MINOR == y && SA_SPECIFICATION_REVISION >= z)) - -typedef struct { - SA_COMMAND_ID command_id; - va_list* arguments; - sa_status result; -} sa_command; + (SA_SPECIFICATION_MAJOR > (x)) || \ + (SA_SPECIFICATION_MAJOR == (x) && SA_SPECIFICATION_MINOR > (y)) || \ + (SA_SPECIFICATION_MAJOR == (x) && SA_SPECIFICATION_MINOR == (y) && SA_SPECIFICATION_REVISION >= (z))) typedef struct { SEC_BYTE input1[SEC_AES_BLOCK_SIZE]; @@ -85,11 +75,6 @@ typedef struct Sec_RAMBundleData_struct { struct Sec_RAMBundleData_struct* next; } Sec_RAMBundleData; -typedef struct opaque_buffer_handle_entry_struct { - Sec_OpaqueBufferHandle* opaqueBufferHandle; - struct opaque_buffer_handle_entry_struct* next; -} opaque_buffer_handle_entry; - struct Sec_ProcessorHandle_struct { Sec_RAMKeyData* ram_keys; Sec_RAMBundleData* ram_bundles; @@ -97,15 +82,6 @@ struct Sec_ProcessorHandle_struct { char* global_dir; char* app_dir; int device_settings_init_flag; - opaque_buffer_handle_entry* opaque_buffer_handle; - pthread_t thread; - pthread_cond_t cond; - pthread_mutex_t mutex; - bool shutdown; - sa_command* queue[MAX_QUEUE_SIZE]; - size_t queue_front; - size_t queue_size; - struct Sec_ProcessorHandle_struct* nextHandle; }; static const int SECAPI3_KEY_DEPTH = 4; @@ -145,6 +121,4 @@ static const int SECAPI3_KEY_DEPTH = 4; return SEC_RESULT_FAILURE; \ } -sa_status sa_invoke(Sec_ProcessorHandle* processorHandle, SA_COMMAND_ID command_id, ...); - #endif // SEC_ADAPTER_PROCESSOR_H diff --git a/src/sec_adapter_signature.c b/src/sec_adapter_signature.c index b379ae9..952b839 100644 --- a/src/sec_adapter_signature.c +++ b/src/sec_adapter_signature.c @@ -151,11 +151,10 @@ Sec_Result SecSignature_Process(Sec_SignatureHandle* signatureHandle, SEC_BYTE* size_t out_length = 0; const Sec_Key* key = get_key(signatureHandle->keyHandle); // Get the out_length since it is not given to us. - sa_status status = sa_invoke(signatureHandle->processorHandle, SA_CRYPTO_SIGN, NULL, &out_length, - signature_algorithm, key->handle, input, (size_t) inputSize, parameters); + sa_status status = sa_crypto_sign(NULL, &out_length, signature_algorithm, key->handle, input, inputSize, + parameters); CHECK_STATUS(status) - status = sa_invoke(signatureHandle->processorHandle, SA_CRYPTO_SIGN, signature, &out_length, - signature_algorithm, key->handle, input, (size_t) inputSize, parameters); + status = sa_crypto_sign(signature, &out_length, signature_algorithm, key->handle, input, inputSize, parameters); CHECK_STATUS(status) *signatureSize = out_length; } else { diff --git a/src/sec_adapter_svp.c b/src/sec_adapter_svp.c index 753c1c1..e01a0e1 100644 --- a/src/sec_adapter_svp.c +++ b/src/sec_adapter_svp.c @@ -16,107 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -#include "sa_svp.h" -#include "sec_security_svp.h" // NOLINT - -sa_svp_buffer get_svp_buffer(Sec_ProcessorHandle* processorHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle) { - if (processorHandle == NULL || opaqueBufferHandle == NULL) - return INVALID_HANDLE; - - // Look up the buffer for this processorHandle. - pthread_mutex_lock(&opaqueBufferHandle->mutex); - svp_processor_buffer* next_processor_buffer = opaqueBufferHandle->handles; - svp_processor_buffer* previous_processor_buffer = NULL; - while (next_processor_buffer != NULL) { - if (next_processor_buffer->processorHandle == processorHandle) { - pthread_mutex_unlock(&opaqueBufferHandle->mutex); - return next_processor_buffer->svp_buffer; - } - - previous_processor_buffer = next_processor_buffer; - next_processor_buffer = next_processor_buffer->next; - } - - // Not found, so create a new one. - sa_svp_buffer svp_buffer; - if (sa_invoke(processorHandle, SA_SVP_BUFFER_CREATE, &svp_buffer, opaqueBufferHandle->svp_memory, - opaqueBufferHandle->size) != SA_STATUS_OK) { - SEC_LOG_ERROR("sa_svp_buffer_create failed"); - return INVALID_HANDLE; - } - - next_processor_buffer = (svp_processor_buffer*) calloc(1, sizeof(svp_processor_buffer)); - if (previous_processor_buffer == NULL) - opaqueBufferHandle->handles = next_processor_buffer; - else - previous_processor_buffer->next = next_processor_buffer; - - next_processor_buffer->processorHandle = processorHandle; - next_processor_buffer->svp_buffer = svp_buffer; - pthread_mutex_unlock(&opaqueBufferHandle->mutex); - - // Register this opaqueBufferHandle with processorHandle for later clean up. - pthread_mutex_lock(&processorHandle->mutex); - opaque_buffer_handle_entry* opaque_buffer_handle = - (opaque_buffer_handle_entry*) calloc(1, sizeof(opaque_buffer_handle_entry)); - opaque_buffer_handle->opaqueBufferHandle = opaqueBufferHandle; - opaque_buffer_handle->next = processorHandle->opaque_buffer_handle; - processorHandle->opaque_buffer_handle = opaque_buffer_handle; - pthread_mutex_unlock(&processorHandle->mutex); - - return next_processor_buffer->svp_buffer; -} - -void release_svp_buffer(Sec_ProcessorHandle* processorHandle, Sec_OpaqueBufferHandle* opaqueBufferHandle) { - if (processorHandle == NULL || opaqueBufferHandle == NULL) - return; - - // Find the buffer for this processorHandle and release it. - pthread_mutex_lock(&opaqueBufferHandle->mutex); - svp_processor_buffer* next_processor_buffer = opaqueBufferHandle->handles; - svp_processor_buffer* previous_processor_buffer = NULL; - while (next_processor_buffer != NULL) { - if (next_processor_buffer->processorHandle == processorHandle) { - if (previous_processor_buffer == NULL) - opaqueBufferHandle->handles = next_processor_buffer->next; - else - previous_processor_buffer->next = next_processor_buffer->next; - - void* svp_memory; - size_t svp_size; - sa_invoke(processorHandle, SA_SVP_BUFFER_RELEASE, &svp_memory, &svp_size, - next_processor_buffer->svp_buffer); - free(next_processor_buffer); - break; - } - - previous_processor_buffer = next_processor_buffer; - next_processor_buffer = next_processor_buffer->next; - } - - pthread_mutex_unlock(&opaqueBufferHandle->mutex); - - // Unregister this opaqueBufferHandle from the processorHandle. - pthread_mutex_lock(&processorHandle->mutex); - opaque_buffer_handle_entry* next_opaque_buffer_handle = processorHandle->opaque_buffer_handle; - opaque_buffer_handle_entry* previous_opaque_buffer_handle = NULL; - while (next_opaque_buffer_handle != NULL) { - if (next_opaque_buffer_handle->opaqueBufferHandle == opaqueBufferHandle) { - if (previous_opaque_buffer_handle == NULL) - processorHandle->opaque_buffer_handle = next_opaque_buffer_handle->next; - else - previous_opaque_buffer_handle->next = next_opaque_buffer_handle->next; - - free(next_opaque_buffer_handle); - break; - } - - previous_opaque_buffer_handle = next_opaque_buffer_handle; - next_opaque_buffer_handle = next_opaque_buffer_handle->next; - } - - pthread_mutex_unlock(&processorHandle->mutex); -} +#include "sec_security_svp.h" // Deprecated Sec_Result Sec_OpaqueBufferMalloc(SEC_SIZE bufLength, void** handle, void* params) { @@ -140,10 +40,10 @@ Sec_Result SecOpaqueBuffer_Create(Sec_OpaqueBufferHandle** opaqueBufferHandle, v return SEC_RESULT_FAILURE; } - if (pthread_mutex_init(&(*opaqueBufferHandle)->mutex, NULL) != 0) { - SEC_LOG_ERROR("Error initializing mutex"); - free(*opaqueBufferHandle); - return SEC_RESULT_FAILURE; + sa_status status = sa_svp_buffer_create(&(*opaqueBufferHandle)->svp_buffer, svp_memory, bufLength); + if (status != SA_STATUS_OK) { + SEC_LOG_ERROR("sa_svp_buffer_create failed"); + CHECK_STATUS(status) } (*opaqueBufferHandle)->svp_memory = svp_memory; @@ -207,25 +107,8 @@ Sec_Result SecOpaqueBuffer_Write(Sec_OpaqueBufferHandle* opaqueBufferHandle, SEC } sa_svp_offset svp_offset = {offset, 0, length}; - if (opaqueBufferHandle->handles != NULL) { - sa_status status = sa_invoke(opaqueBufferHandle->handles->processorHandle, SA_SVP_BUFFER_WRITE, - opaqueBufferHandle->handles->svp_buffer, data, (size_t) length, &svp_offset, 1); - CHECK_STATUS(status) - } else { - sa_svp_buffer svp_buffer; - if (sa_svp_buffer_create(&svp_buffer, opaqueBufferHandle->svp_memory, - opaqueBufferHandle->size) != SA_STATUS_OK) { - SEC_LOG_ERROR("sa_svp_buffer_create failed"); - return SEC_RESULT_FAILURE; - } - - sa_status status = sa_svp_buffer_write(svp_buffer, data, length, &svp_offset, 1); - void* svp_memory; - size_t svp_size; - sa_svp_buffer_release(&svp_memory, &svp_size, svp_buffer); - CHECK_STATUS(status) - } - + sa_status status = sa_svp_buffer_write((*opaqueBufferHandle).svp_buffer, data, length, &svp_offset, 1); + CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -235,11 +118,7 @@ Sec_Result Sec_OpaqueBufferFree(Sec_OpaqueBufferHandle* opaqueBufferHandle, void Sec_Result SecOpaqueBuffer_Free(Sec_OpaqueBufferHandle* opaqueBufferHandle) { if (opaqueBufferHandle != NULL) { - while (opaqueBufferHandle->handles != NULL) - release_svp_buffer(opaqueBufferHandle->handles->processorHandle, opaqueBufferHandle); - - sa_svp_memory_free(opaqueBufferHandle->svp_memory); - pthread_mutex_destroy(&opaqueBufferHandle->mutex); + sa_svp_buffer_free(opaqueBufferHandle->svp_buffer); SEC_FREE(opaqueBufferHandle); } @@ -254,39 +133,9 @@ Sec_Result SecOpaqueBuffer_Copy(Sec_OpaqueBufferHandle* outOpaqueBufferHandle, S } sa_svp_offset svp_offset = {out_offset, in_offset, num_to_copy}; - if (outOpaqueBufferHandle->handles != NULL) { - sa_svp_buffer in_svp_buffer = get_svp_buffer(outOpaqueBufferHandle->handles->processorHandle, - inOpaqueBufferHandle); - if (in_svp_buffer == INVALID_HANDLE) - return SEC_RESULT_FAILURE; - - sa_status status = sa_invoke(outOpaqueBufferHandle->handles->processorHandle, SA_SVP_BUFFER_COPY, - outOpaqueBufferHandle->handles->svp_buffer, in_svp_buffer, &svp_offset, (size_t) 1); - CHECK_STATUS(status) - } else { - void* svp_memory; - size_t svp_size; - sa_svp_buffer out_svp_buffer; - if (sa_svp_buffer_create(&out_svp_buffer, outOpaqueBufferHandle->svp_memory, - outOpaqueBufferHandle->size) != SA_STATUS_OK) { - SEC_LOG_ERROR("sa_svp_buffer_create failed"); - return SEC_RESULT_FAILURE; - } - - sa_svp_buffer in_svp_buffer; - if (sa_svp_buffer_create(&in_svp_buffer, inOpaqueBufferHandle->svp_memory, - inOpaqueBufferHandle->size) != SA_STATUS_OK) { - SEC_LOG_ERROR("sa_svp_buffer_create failed"); - sa_svp_buffer_release(&svp_memory, &svp_size, out_svp_buffer); - return SEC_RESULT_FAILURE; - } - - sa_status status = sa_svp_buffer_copy(out_svp_buffer, in_svp_buffer, &svp_offset, (size_t) 1); - sa_svp_buffer_release(&svp_memory, &svp_size, out_svp_buffer); - sa_svp_buffer_release(&svp_memory, &svp_size, in_svp_buffer); - CHECK_STATUS(status) - } - + sa_status status = sa_svp_buffer_copy(outOpaqueBufferHandle->svp_buffer, inOpaqueBufferHandle->svp_buffer, + &svp_offset, 1); + CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -296,11 +145,9 @@ Sec_Result SecOpaqueBuffer_Release(Sec_OpaqueBufferHandle* opaqueBufferHandle, S return SEC_RESULT_FAILURE; } - while (opaqueBufferHandle->handles != NULL) - release_svp_buffer(opaqueBufferHandle->handles->processorHandle, opaqueBufferHandle); - - *svpHandle = opaqueBufferHandle->svp_memory; - SEC_FREE(opaqueBufferHandle); + size_t out_length; + sa_status status = sa_svp_buffer_release(svpHandle, &out_length, opaqueBufferHandle->svp_buffer); + CHECK_STATUS(status) return SEC_RESULT_SUCCESS; } @@ -335,43 +182,8 @@ Sec_Result SecOpaqueBuffer_CopyByIndex(Sec_OpaqueBufferHandle* outOpaqueBufferHa svp_offsets[i].length = copyIndexArray[i].bytes_to_copy; } - sa_status status; - if (outOpaqueBufferHandle->handles != NULL) { - sa_svp_buffer in_svp_buffer = get_svp_buffer(outOpaqueBufferHandle->handles->processorHandle, - inOpaqueBufferHandle); - if (in_svp_buffer == INVALID_HANDLE) { - SEC_LOG_ERROR("sa_svp_buffer_create failed"); - SEC_FREE(svp_offsets); - return SEC_RESULT_FAILURE; - } - - status = sa_invoke(outOpaqueBufferHandle->handles->processorHandle, SA_SVP_BUFFER_COPY, - outOpaqueBufferHandle->handles->svp_buffer, in_svp_buffer, svp_offsets, (size_t) numOfIndexes); - } else { - void* svp_memory; - size_t svp_size; - sa_svp_buffer out_svp_buffer; - if (sa_svp_buffer_create(&out_svp_buffer, outOpaqueBufferHandle->svp_memory, - outOpaqueBufferHandle->size) != SA_STATUS_OK) { - SEC_LOG_ERROR("sa_svp_buffer_create failed"); - SEC_FREE(svp_offsets); - return SEC_RESULT_FAILURE; - } - - sa_svp_buffer in_svp_buffer; - if (sa_svp_buffer_create(&in_svp_buffer, inOpaqueBufferHandle->svp_memory, - inOpaqueBufferHandle->size) != SA_STATUS_OK) { - SEC_LOG_ERROR("sa_svp_buffer_create failed"); - sa_svp_buffer_release(&svp_memory, &svp_size, out_svp_buffer); - SEC_FREE(svp_offsets); - return SEC_RESULT_FAILURE; - } - - status = sa_svp_buffer_copy(out_svp_buffer, in_svp_buffer, svp_offsets, (size_t) numOfIndexes); - sa_svp_buffer_release(&svp_memory, &svp_size, out_svp_buffer); - sa_svp_buffer_release(&svp_memory, &svp_size, in_svp_buffer); - } - + sa_status status = sa_svp_buffer_copy(outOpaqueBufferHandle->svp_buffer, inOpaqueBufferHandle->svp_buffer, + svp_offsets, numOfIndexes); SEC_FREE(svp_offsets); CHECK_STATUS(status) return SEC_RESULT_SUCCESS; diff --git a/test/main/cpp/cipher.cpp b/test/main/cpp/cipher.cpp index 6dd7c31..5ed36e5 100644 --- a/test/main/cpp/cipher.cpp +++ b/test/main/cpp/cipher.cpp @@ -1310,8 +1310,9 @@ Sec_Result testProcessOpaqueWithMapAndPattern(SEC_OBJECTID id, TestKey key, Test std::vector decrypted; Sec_OpaqueBufferHandle* opaqueBufferHandle; SEC_SIZE bytesWritten = 0; - Sec_Result result = SecCipher_ProcessOpaqueWithMapAndPattern(cipherHandle, iv.data(), encrypted.data(), encrypted.size(), - SEC_TRUE, map, subsampleCount, numEncryptedBlocks, numClearBlocks, &opaqueBufferHandle, &bytesWritten); + Sec_Result result = SecCipher_ProcessOpaqueWithMapAndPattern(cipherHandle, iv.data(), encrypted.data(), + encrypted.size(), SEC_TRUE, map, subsampleCount, numEncryptedBlocks, numClearBlocks, &opaqueBufferHandle, + &bytesWritten); if (result != SEC_RESULT_SUCCESS) { delete[] map; SEC_LOG_ERROR("SecCipher_ProcessOpaqueWithMapAndPattern failed"); diff --git a/test/main/cpp/concurrent.cpp b/test/main/cpp/concurrent.cpp index cd3433c..e7443fc 100644 --- a/test/main/cpp/concurrent.cpp +++ b/test/main/cpp/concurrent.cpp @@ -19,7 +19,6 @@ #include "concurrent.h" // NOLINT #include "cipher.h" #include "key.h" -#include "test_ctx.h" struct Vendor128Args { // NOLINT(altera-struct-pack-align) SEC_OBJECTID id; @@ -130,43 +129,3 @@ Sec_Result testConcurrentRsa(TestKey pub, TestKey priv, TestKc kc, SEC_SIZE numT return SEC_RESULT_SUCCESS; } - -static void* testProcessorGetDeviceId(void* arg) { - auto* ctx = static_cast(arg); - SEC_BYTE device_id[SEC_DEVICEID_LEN]; - Sec_Result result = SecProcessor_GetDeviceId(ctx->proc(), device_id); - if (result != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("SecProcessor_GetDeviceId failed %d", result); - return reinterpret_cast(result); // NOLINT - } - - return reinterpret_cast(SEC_RESULT_SUCCESS); // NOLINT -} - -Sec_Result testConcurrentProcessorInvoke(SEC_SIZE numThreads) { - std::vector threads; - threads.resize(numThreads); - - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_PRINT("Spawning %d threads\n", numThreads); - for (pthread_t& thread : threads) { - pthread_create(&thread, nullptr, testProcessorGetDeviceId, &ctx); - } - - SEC_PRINT("Waiting for threads to complete\n"); - bool failed = false; - for (auto& thread : threads) { - void* return_val; - pthread_join(thread, reinterpret_cast(&return_val)); - if (reinterpret_cast(return_val) != SEC_RESULT_SUCCESS) - failed = true; - } - - SEC_PRINT("Threads completed\n"); - return failed ? SEC_RESULT_FAILURE : SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/concurrent.h b/test/main/cpp/concurrent.h index a42197c..8431037 100644 --- a/test/main/cpp/concurrent.h +++ b/test/main/cpp/concurrent.h @@ -26,6 +26,4 @@ Sec_Result testConcurrentVendor128(SEC_SIZE numThreads); Sec_Result testConcurrentRsa(TestKey pub, TestKey priv, TestKc kc, SEC_SIZE numThreads); -Sec_Result testConcurrentProcessorInvoke(SEC_SIZE numThreads); - #endif // CONCURRENT_H diff --git a/test/main/cpp/sec_api_utest_main.cpp b/test/main/cpp/sec_api_utest_main.cpp index bdc7f59..bb78bb0 100644 --- a/test/main/cpp/sec_api_utest_main.cpp +++ b/test/main/cpp/sec_api_utest_main.cpp @@ -833,8 +833,6 @@ void runSVPTests(SuiteCtx* suite) { SEC_CIPHERALGORITHM_AES_CTR, 498)) RUN_TEST(suite, testProcessDataShiftOpaque(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)) - RUN_TEST(suite, testOpaqueMultiProcHandle(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM, - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) } } @@ -1237,7 +1235,6 @@ void runConcurrentTests(SuiteCtx* suite) { RUN_TEST(suite, testConcurrentRsa(TESTKEY_RSA1024_ENC_PUB, TESTKEY_RSA1024_ENC_PRIV, TESTKC_CONDITIONAL, 10)) } RUN_TEST(suite, testConcurrentRsa(TESTKEY_RSA2048_ENC_PUB, TESTKEY_RSA2048_ENC_PRIV, TESTKC_CONDITIONAL, 10)) - RUN_TEST(suite, testConcurrentProcessorInvoke(50)) } void runExchangeTests(SuiteCtx* suite) { diff --git a/test/main/cpp/svp.cpp b/test/main/cpp/svp.cpp index 724a585..871771e 100644 --- a/test/main/cpp/svp.cpp +++ b/test/main/cpp/svp.cpp @@ -342,185 +342,3 @@ Sec_Result testProcessDataShiftOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, #endif return SEC_RESULT_SUCCESS; } - -Sec_Result testOpaqueMultiProcHandle(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm cipher_algorithm, int size) { - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector data = TestCtx::random(size); - - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle* keyHandle; - if ((keyHandle = ctx.provisionKey(id, loc, key, kc)) == nullptr) { - SEC_LOG_ERROR("ctx.provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - Sec_CipherHandle* cipherHandle = nullptr; - if (SecCipher_GetInstance(ctx.proc(), cipher_algorithm, SEC_CIPHERMODE_DECRYPT, keyHandle, iv.data(), - &cipherHandle) != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - SEC_SIZE written = 0; - SEC_BOOL last = size % 16 == 0 ? SEC_TRUE : SEC_FALSE; - std::vector output(size); - if (SecCipher_Process(cipherHandle, data.data(), data.size(), last, output.data(), output.size(), &written) != - SEC_RESULT_SUCCESS) { - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); - return SEC_RESULT_FAILURE; - } - - SecCipher_Release(cipherHandle); - auto digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, output); - - Sec_OpaqueBufferHandle* inOpaqueBufferHandle = nullptr; - if (SecOpaqueBuffer_Malloc(size, &inOpaqueBufferHandle) != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - if (SecOpaqueBuffer_Write(inOpaqueBufferHandle, 0, data.data(), data.size()) != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - return SEC_RESULT_FAILURE; - } - - TestCtx ctx1; - if (ctx1.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle* keyHandle1; - if ((keyHandle1 = ctx1.provisionKey(id, loc, key, kc)) == nullptr) { - SEC_LOG_ERROR("ctx.provisionKey failed"); - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - return SEC_RESULT_FAILURE; - } - - Sec_CipherHandle* cipherHandle1 = nullptr; - if (SecCipher_GetInstance(ctx1.proc(), cipher_algorithm, SEC_CIPHERMODE_DECRYPT, keyHandle1, iv.data(), - &cipherHandle1) != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - return SEC_RESULT_FAILURE; - } - - Sec_OpaqueBufferHandle* outOpaqueBufferHandle1 = nullptr; - if (SecOpaqueBuffer_Malloc(size, &outOpaqueBufferHandle1) != SEC_RESULT_SUCCESS) { - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - SecOpaqueBuffer_Free(outOpaqueBufferHandle1); - SecCipher_Release(cipherHandle1); - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - written = 0; - if (SecCipher_ProcessOpaque(cipherHandle1, inOpaqueBufferHandle, outOpaqueBufferHandle1, size, last, &written) != - SEC_RESULT_SUCCESS) { - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - SecOpaqueBuffer_Free(outOpaqueBufferHandle1); - SecCipher_Release(cipherHandle1); - SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); - return SEC_RESULT_FAILURE; - } - - SecOpaqueBuffer_Free(outOpaqueBufferHandle1); - SecCipher_Release(cipherHandle1); - TestCtx ctx2; - if (ctx2.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - SecOpaqueBuffer_Free(outOpaqueBufferHandle1); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle* keyHandle2; - if ((keyHandle2 = ctx2.provisionKey(id, loc, key, kc)) == nullptr) { - SEC_LOG_ERROR("ctx.provisionKey failed"); - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - SecOpaqueBuffer_Free(outOpaqueBufferHandle1); - return SEC_RESULT_FAILURE; - } - - Sec_CipherHandle* cipherHandle2 = nullptr; - if (SecCipher_GetInstance(ctx2.proc(), cipher_algorithm, SEC_CIPHERMODE_DECRYPT, keyHandle2, iv.data(), - &cipherHandle2) != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - SecOpaqueBuffer_Free(outOpaqueBufferHandle1); - return SEC_RESULT_FAILURE; - } - - Sec_OpaqueBufferHandle* outOpaqueBufferHandle2 = nullptr; - if (SecOpaqueBuffer_Malloc(size, &outOpaqueBufferHandle2) != SEC_RESULT_SUCCESS) { - SecOpaqueBuffer_Free(outOpaqueBufferHandle2); - SecCipher_Release(cipherHandle2); - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - written = 0; - if (SecCipher_ProcessOpaque(cipherHandle2, inOpaqueBufferHandle, outOpaqueBufferHandle2, size, last, &written) != - SEC_RESULT_SUCCESS) { - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - SecOpaqueBuffer_Free(outOpaqueBufferHandle2); - SecCipher_Release(cipherHandle2); - SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); - return SEC_RESULT_FAILURE; - } - - SecOpaqueBuffer_Free(outOpaqueBufferHandle2); - SecCipher_Release(cipherHandle2); - TestCtx ctx3; - if (ctx3.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle* keyHandle3; - if ((keyHandle3 = ctx3.provisionKey(id, loc, key, kc)) == nullptr) { - SEC_LOG_ERROR("ctx.provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - Sec_CipherHandle* cipherHandle3 = nullptr; - if (SecCipher_GetInstance(ctx3.proc(), cipher_algorithm, SEC_CIPHERMODE_DECRYPT, keyHandle3, iv.data(), - &cipherHandle3) != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - return SEC_RESULT_FAILURE; - } - - Sec_OpaqueBufferHandle* outOpaqueBufferHandle3 = nullptr; - if (SecOpaqueBuffer_Malloc(size, &outOpaqueBufferHandle3) != SEC_RESULT_SUCCESS) { - SecOpaqueBuffer_Free(outOpaqueBufferHandle3); - SecCipher_Release(cipherHandle3); - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - written = 0; - if (SecCipher_ProcessOpaque(cipherHandle3, inOpaqueBufferHandle, outOpaqueBufferHandle3, size, last, &written) != - SEC_RESULT_SUCCESS) { - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - SecOpaqueBuffer_Free(outOpaqueBufferHandle3); - SecCipher_Release(cipherHandle3); - SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); - return SEC_RESULT_FAILURE; - } - - SecOpaqueBuffer_Free(inOpaqueBufferHandle); - SecOpaqueBuffer_Free(outOpaqueBufferHandle3); - SecCipher_Release(cipherHandle3); - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/svp.h b/test/main/cpp/svp.h index f384e6a..2c6874e 100644 --- a/test/main/cpp/svp.h +++ b/test/main/cpp/svp.h @@ -38,7 +38,4 @@ Sec_Result testProcessOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_Storag Sec_Result testProcessDataShiftOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); -Sec_Result testOpaqueMultiProcHandle(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm cipher_algorithm, int size); - #endif // SVP_H diff --git a/test/openssl/src/test_creds_soc.cpp b/test/openssl/src/test_creds_soc.cpp index b5e1e42..69e9486 100644 --- a/test/openssl/src/test_creds_soc.cpp +++ b/test/openssl/src/test_creds_soc.cpp @@ -16,7 +16,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -#include "sa_types.h" +#include "sa.h" #include "sec_security_utils.h" #include "test_creds.h" #include "test_ctx.h"