aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Selkirk <paul@psgd.org>2016-07-05 22:45:35 -0400
committerPaul Selkirk <paul@psgd.org>2016-07-05 22:45:35 -0400
commit30f8e4e85b6a337291b09d55d8edc15e422b6341 (patch)
tree19199dd47bb98e18a96281d34e35d1971565fc72
parente1c57eff41a57b8a3f16e5d652b5598d75887a21 (diff)
Attempt to add resource management, for multiple cores of the same type.
Find a suitable core, and mark it busy. Don't forget to release it as soon as you're done. This has a knock-on effect of un-const'ing core arguments and struct fields in a lot of places, and it moves some core checks around.
-rw-r--r--aes_keywrap.c36
-rw-r--r--core.c70
-rw-r--r--csprng.c19
-rw-r--r--hal.h39
-rw-r--r--hash.c92
-rw-r--r--masterkey.c2
-rw-r--r--mkmif.c97
-rw-r--r--modexp.c20
-rw-r--r--pbkdf2.c11
-rw-r--r--rsa.c4
-rw-r--r--tests/test-aes-key-wrap.c4
-rw-r--r--tests/test-hash.c12
-rw-r--r--tests/test-mkmif.c12
-rw-r--r--tests/test-pbkdf2.c4
-rw-r--r--tests/test-rsa.c10
-rw-r--r--utils/cores.c2
16 files changed, 248 insertions, 186 deletions
diff --git a/aes_keywrap.c b/aes_keywrap.c
index d666624..08cc05f 100644
--- a/aes_keywrap.c
+++ b/aes_keywrap.c
@@ -156,7 +156,7 @@ static hal_error_t do_block(const hal_core_t *core, uint8_t *b1, uint8_t *b2)
* buffer size.
*/
-hal_error_t hal_aes_keywrap(const hal_core_t *core,
+hal_error_t hal_aes_keywrap(hal_core_t *core,
const uint8_t *K, const size_t K_len,
const uint8_t * const Q,
const size_t m,
@@ -170,15 +170,15 @@ hal_error_t hal_aes_keywrap(const hal_core_t *core,
assert(calculated_C_len % 8 == 0);
- if ((err = hal_core_check_name(&core, AES_CORE_NAME)) != HAL_OK)
- return err;
-
if (Q == NULL || C == NULL || C_len == NULL || *C_len < calculated_C_len)
return HAL_ERROR_BAD_ARGUMENTS;
- if ((err = load_kek(core, K, K_len, KEK_encrypting)) != HAL_OK)
+ if ((err = hal_core_alloc(AES_CORE_NAME, &core)) != HAL_OK)
return err;
+ if ((err = load_kek(core, K, K_len, KEK_encrypting)) != HAL_OK)
+ goto out;
+
*C_len = calculated_C_len;
if (C + 8 != Q)
@@ -198,7 +198,7 @@ hal_error_t hal_aes_keywrap(const hal_core_t *core,
if (n == 1) {
if ((err = do_block(core, C, C + 8)) != HAL_OK)
- return err;
+ goto out;
}
else {
@@ -206,7 +206,7 @@ hal_error_t hal_aes_keywrap(const hal_core_t *core,
for (i = 1; i <= n; i++) {
uint32_t t = n * j + i;
if ((err = do_block(core, C, C + i * 8)) != HAL_OK)
- return err;
+ goto out;
C[7] ^= t & 0xFF; t >>= 8;
C[6] ^= t & 0xFF; t >>= 8;
C[5] ^= t & 0xFF; t >>= 8;
@@ -215,7 +215,9 @@ hal_error_t hal_aes_keywrap(const hal_core_t *core,
}
}
- return HAL_OK;
+out:
+ hal_core_free(core);
+ return err;
}
@@ -225,7 +227,7 @@ hal_error_t hal_aes_keywrap(const hal_core_t *core,
* Q should be the same size as C. Q and C can overlap.
*/
-hal_error_t hal_aes_keyunwrap(const hal_core_t * core,
+hal_error_t hal_aes_keyunwrap(hal_core_t * core,
const uint8_t *K, const size_t K_len,
const uint8_t * const C,
const size_t C_len,
@@ -237,15 +239,15 @@ hal_error_t hal_aes_keyunwrap(const hal_core_t * core,
long i, j;
size_t m;
- if ((err = hal_core_check_name(&core, AES_CORE_NAME)) != HAL_OK)
- return err;
-
if (C == NULL || Q == NULL || C_len % 8 != 0 || C_len < 16 || Q_len == NULL || *Q_len < C_len)
return HAL_ERROR_BAD_ARGUMENTS;
- if ((err = load_kek(core, K, K_len, KEK_decrypting)) != HAL_OK)
+ if ((err = hal_core_alloc(AES_CORE_NAME, &core)) != HAL_OK)
return err;
+ if ((err = load_kek(core, K, K_len, KEK_decrypting)) != HAL_OK)
+ goto out;
+
n = (C_len / 8) - 1;
if (Q != C)
@@ -253,7 +255,7 @@ hal_error_t hal_aes_keyunwrap(const hal_core_t * core,
if (n == 1) {
if ((err = do_block(core, Q, Q + 8)) != HAL_OK)
- return err;
+ goto out;
}
else {
@@ -265,7 +267,7 @@ hal_error_t hal_aes_keyunwrap(const hal_core_t * core,
Q[5] ^= t & 0xFF; t >>= 8;
Q[4] ^= t & 0xFF;
if ((err = do_block(core, Q, Q + i * 8)) != HAL_OK)
- return err;
+ goto out;
}
}
}
@@ -287,7 +289,9 @@ hal_error_t hal_aes_keyunwrap(const hal_core_t * core,
memmove(Q, Q + 8, m);
- return HAL_OK;
+out:
+ hal_core_free(core);
+ return err;
}
/*
diff --git a/core.c b/core.c
index ffe61e6..9488ab9 100644
--- a/core.c
+++ b/core.c
@@ -76,6 +76,7 @@
struct hal_core {
hal_core_info_t info;
+ uint32_t busy;
struct hal_core *next;
};
@@ -166,12 +167,12 @@ static hal_core_t *probe_cores(void)
return NULL;
}
-const hal_core_t * hal_core_iterate(const hal_core_t *core)
+hal_core_t * hal_core_iterate(hal_core_t *core)
{
return core == NULL ? probe_cores() : core->next;
}
-const hal_core_t *hal_core_find(const char *name, const hal_core_t *core)
+hal_core_t *hal_core_find(const char *name, hal_core_t *core)
{
for (core = hal_core_iterate(core); core != NULL; core = core->next)
if (name_matches(core, name))
@@ -179,18 +180,64 @@ const hal_core_t *hal_core_find(const char *name, const hal_core_t *core)
return NULL;
}
-hal_error_t hal_core_check_name(const hal_core_t **core, const char *name)
+__attribute__((weak)) void hal_critical_section_start(void)
{
- if (core == NULL || name == NULL)
+ return;
+}
+
+__attribute__((weak)) void hal_critical_section_end(void)
+{
+ return;
+}
+
+hal_error_t hal_core_alloc(const char *name, hal_core_t **pcore)
+{
+ hal_core_t *core;
+ hal_error_t err = HAL_ERROR_CORE_NOT_FOUND;
+
+ if (name == NULL && (pcore == NULL || *pcore == NULL))
return HAL_ERROR_BAD_ARGUMENTS;
- if (*core == NULL && (*core = hal_core_find(name, NULL)) != NULL)
- return HAL_OK;
+ core = *pcore;
+ if (name == NULL)
+ name = core->info.name;
+
+ hal_critical_section_start();
+ if (core != NULL) {
+ /* if we can reallocate the same core, do it now */
+ if (!core->busy) {
+ core->busy = 1;
+ hal_critical_section_end();
+ return HAL_OK;
+ }
+ /* else fall through to search */
+ }
+ for (core = hal_core_iterate(NULL); core != NULL; core = core->next) {
+ if (name_matches(core, name)) {
+ if (core->busy) {
+ err = HAL_ERROR_CORE_BUSY;
+ continue;
+ }
+ else {
+ err = HAL_OK;
+ *pcore = core;
+ core->busy = 1;
+ break;
+ }
+ }
+ }
+ hal_critical_section_end();
- if (*core == NULL || !name_matches(*core, name))
- return HAL_ERROR_CORE_NOT_FOUND;
+ return err;
+}
- return HAL_OK;
+void hal_core_free(hal_core_t *core)
+{
+ if (core != NULL) {
+ hal_critical_section_start();
+ core->busy = 0;
+ hal_critical_section_end();
+ }
}
hal_addr_t hal_core_base(const hal_core_t *core)
@@ -203,6 +250,11 @@ const hal_core_info_t *hal_core_info(const hal_core_t *core)
return core == NULL ? NULL : &core->info;
}
+const int hal_core_busy(const hal_core_t *core)
+{
+ return (int)core->busy;
+}
+
/*
* Local variables:
* indent-tabs-mode: nil
diff --git a/csprng.c b/csprng.c
index c6ae4e1..7ff6c69 100644
--- a/csprng.c
+++ b/csprng.c
@@ -43,23 +43,23 @@
#define WAIT_FOR_CSPRNG_VALID 1
#endif
-hal_error_t hal_get_random(const hal_core_t *core, void *buffer, const size_t length)
+hal_error_t hal_get_random(hal_core_t *core, void *buffer, const size_t length)
{
uint8_t temp[4], *buf = buffer;
hal_error_t err;
size_t i;
- if ((err = hal_core_check_name(&core, CSPRNG_NAME)) != HAL_OK)
+ if ((err = hal_core_alloc(CSPRNG_NAME, &core)) != HAL_OK)
return err;
for (i = 0; i < length; i += 4) {
const int last = (length - i) < 4;
if (WAIT_FOR_CSPRNG_VALID && (err = hal_io_wait_valid(core)) != HAL_OK)
- return err;
+ goto out;
if ((err = hal_io_read(core, CSPRNG_ADDR_RANDOM, (last ? temp : &buf[i]), 4)) != HAL_OK)
- return err;
+ goto out;
if (last)
for (; i < length; i++)
@@ -67,10 +67,15 @@ hal_error_t hal_get_random(const hal_core_t *core, void *buffer, const size_t le
}
for (i = 0, buf = buffer; i < length; i++, buf++)
- if (*buf != 0)
- return HAL_OK;
+ if (*buf != 0) {
+ err = HAL_OK;
+ goto out;
+ }
+ err = HAL_ERROR_CSPRNG_BROKEN;
- return HAL_ERROR_CSPRNG_BROKEN;
+out:
+ hal_core_free(core);
+ return err;
}
/*
diff --git a/hal.h b/hal.h
index 04dab48..2955c2d 100644
--- a/hal.h
+++ b/hal.h
@@ -127,6 +127,7 @@
DEFINE_HAL_ERROR(HAL_ERROR_KEY_NOT_ON_CURVE, "EC key is not on its purported curve") \
DEFINE_HAL_ERROR(HAL_ERROR_INVALID_SIGNATURE, "Invalid signature") \
DEFINE_HAL_ERROR(HAL_ERROR_CORE_NOT_FOUND, "Requested core not found") \
+ DEFINE_HAL_ERROR(HAL_ERROR_CORE_BUSY, "Requested core busy") \
DEFINE_HAL_ERROR(HAL_ERROR_KEYSTORE_ACCESS, "Could not access keystore") \
DEFINE_HAL_ERROR(HAL_ERROR_KEY_NOT_FOUND, "Key not found") \
DEFINE_HAL_ERROR(HAL_ERROR_KEY_NAME_IN_USE, "Key name in use") \
@@ -204,11 +205,15 @@ typedef struct {
hal_addr_t base;
} hal_core_info_t;
-extern const hal_core_t *hal_core_find(const char *name, const hal_core_t *core);
+extern hal_core_t *hal_core_find(const char *name, hal_core_t *core);
extern const hal_core_info_t *hal_core_info(const hal_core_t *core);
-extern hal_error_t hal_core_check_name(const hal_core_t **core, const char *name);
extern hal_addr_t hal_core_base(const hal_core_t *core);
-extern const hal_core_t * hal_core_iterate(const hal_core_t *core);
+extern hal_core_t * hal_core_iterate(hal_core_t *core);
+extern hal_error_t hal_core_alloc(const char *name, hal_core_t **core);
+extern void hal_core_free(hal_core_t *core);
+extern void hal_critical_section_start(void);
+extern void hal_critical_section_end(void);
+extern const int hal_core_busy(const hal_core_t *core);
/*
* Slightly higher level public API, still working directly with cores.
@@ -218,7 +223,7 @@ extern const hal_core_t * hal_core_iterate(const hal_core_t *core);
* Get random bytes from the CSPRNG.
*/
-extern hal_error_t hal_get_random(const hal_core_t *core, void *buffer, const size_t length);
+extern hal_error_t hal_get_random(hal_core_t *core, void *buffer, const size_t length);
/*
* Hash and HMAC API.
@@ -289,7 +294,7 @@ extern const hal_hash_descriptor_t hal_hash_sha512[1];
extern void hal_hash_set_debug(int onoff);
-extern hal_error_t hal_hash_initialize(const hal_core_t *core,
+extern hal_error_t hal_hash_initialize(hal_core_t *core,
const hal_hash_descriptor_t * const descriptor,
hal_hash_state_t **state,
void *state_buffer, const size_t state_length);
@@ -300,7 +305,7 @@ extern hal_error_t hal_hash_update(hal_hash_state_t *state,
extern hal_error_t hal_hash_finalize(hal_hash_state_t *state,
uint8_t *digest, const size_t length);
-extern hal_error_t hal_hmac_initialize(const hal_core_t *core,
+extern hal_error_t hal_hmac_initialize(hal_core_t *core,
const hal_hash_descriptor_t * const descriptor,
hal_hmac_state_t **state,
void *state_buffer, const size_t state_length,
@@ -323,12 +328,12 @@ extern const hal_hash_descriptor_t *hal_hmac_get_descriptor(const hal_hmac_state
* AES key wrap functions.
*/
-extern hal_error_t hal_aes_keywrap(const hal_core_t *core,
+extern hal_error_t hal_aes_keywrap(hal_core_t *core,
const uint8_t *kek, const size_t kek_length,
const uint8_t *plaintext, const size_t plaintext_length,
uint8_t *cyphertext, size_t *ciphertext_length);
-extern hal_error_t hal_aes_keyunwrap(const hal_core_t *core,
+extern hal_error_t hal_aes_keyunwrap(hal_core_t *core,
const uint8_t *kek, const size_t kek_length,
const uint8_t *ciphertext, const size_t ciphertext_length,
unsigned char *plaintext, size_t *plaintext_length);
@@ -340,7 +345,7 @@ extern size_t hal_aes_keywrap_ciphertext_length(const size_t plaintext_length);
* the pseudo-random function (PRF).
*/
-extern hal_error_t hal_pbkdf2(const hal_core_t *core,
+extern hal_error_t hal_pbkdf2(hal_core_t *core,
const hal_hash_descriptor_t * const descriptor,
const uint8_t * const password, const size_t password_length,
const uint8_t * const salt, const size_t salt_length,
@@ -353,7 +358,7 @@ extern hal_error_t hal_pbkdf2(const hal_core_t *core,
extern void hal_modexp_set_debug(const int onoff);
-extern hal_error_t hal_modexp(const hal_core_t *core,
+extern hal_error_t hal_modexp(hal_core_t *core,
const uint8_t * const msg, const size_t msg_len, /* Message */
const uint8_t * const exp, const size_t exp_len, /* Exponent */
const uint8_t * const mod, const size_t mod_len, /* Modulus */
@@ -363,13 +368,13 @@ extern hal_error_t hal_modexp(const hal_core_t *core,
* Master Key Memory Interface
*/
-extern hal_error_t hal_mkmif_init(const hal_core_t *core);
-extern hal_error_t hal_mkmif_set_clockspeed(const hal_core_t *core, const uint32_t divisor);
-extern hal_error_t hal_mkmif_get_clockspeed(const hal_core_t *core, uint32_t *divisor);
-extern hal_error_t hal_mkmif_write(const hal_core_t *core, uint32_t addr, const uint8_t *buf, size_t len);
-extern hal_error_t hal_mkmif_write_word(const hal_core_t *core, uint32_t addr, const uint32_t data);
-extern hal_error_t hal_mkmif_read(const hal_core_t *core, uint32_t addr, uint8_t *buf, size_t len);
-extern hal_error_t hal_mkmif_read_word(const hal_core_t *core, uint32_t addr, uint32_t *data);
+extern hal_error_t hal_mkmif_init(hal_core_t *core);
+extern hal_error_t hal_mkmif_set_clockspeed(hal_core_t *core, const uint32_t divisor);
+extern hal_error_t hal_mkmif_get_clockspeed(hal_core_t *core, uint32_t *divisor);
+extern hal_error_t hal_mkmif_write(hal_core_t *core, uint32_t addr, const uint8_t *buf, size_t len);
+extern hal_error_t hal_mkmif_write_word(hal_core_t *core, uint32_t addr, const uint32_t data);
+extern hal_error_t hal_mkmif_read(hal_core_t *core, uint32_t addr, uint8_t *buf, size_t len);
+extern hal_error_t hal_mkmif_read_word(hal_core_t *core, uint32_t addr, uint32_t *data);
/*
diff --git a/hash.c b/hash.c
index 5fface0..5709a6a 100644
--- a/hash.c
+++ b/hash.c
@@ -100,11 +100,11 @@ struct hal_hash_driver {
*/
struct hal_hash_state {
- const hal_core_t *core;
+ hal_core_t *core;
const hal_hash_descriptor_t *descriptor;
const hal_hash_driver_t *driver;
- uint64_t msg_length_high; /* Total data hashed in this message */
- uint64_t msg_length_low; /* (128 bits in SHA-512 cases) */
+ long long unsigned msg_length_high; /* Total data hashed in this message */
+ long long unsigned msg_length_low; /* (128 bits in SHA-512 cases) */
uint8_t block[HAL_MAX_HASH_BLOCK_LENGTH], /* Block we're accumulating */
core_state[HAL_MAX_HASH_DIGEST_LENGTH]; /* Saved core state */
size_t block_used; /* How much of the block we've used */
@@ -362,42 +362,10 @@ static inline const hal_hash_driver_t *check_driver(const hal_hash_descriptor_t
}
/*
- * Internal utility to check core against descriptor, including
- * attempting to locate an appropriate core if we weren't given one.
- */
-
-static inline hal_error_t check_core(const hal_core_t **core,
- const hal_hash_descriptor_t * const descriptor,
- unsigned *flags)
-{
- assert(descriptor != NULL && descriptor->driver != NULL);
-
-#if RPC_CLIENT == RPC_CLIENT_MIXED
- hal_error_t err = HAL_ERROR_CORE_NOT_FOUND;
-#else
- hal_error_t err = hal_core_check_name(core, descriptor->core_name);
-#endif
-
-#if HAL_ENABLE_SOFTWARE_HASH_CORES
-
- if (err == HAL_ERROR_CORE_NOT_FOUND && descriptor->driver->sw_core) {
-
- if (flags != NULL)
- *flags |= STATE_FLAG_SOFTWARE_CORE;
-
- err = HAL_OK;
- }
-
-#endif /* HAL_ENABLE_SOFTWARE_HASH_CORES */
-
- return err;
-}
-
-/*
* Initialize hash state.
*/
-hal_error_t hal_hash_initialize(const hal_core_t *core,
+hal_error_t hal_hash_initialize(hal_core_t *core,
const hal_hash_descriptor_t * const descriptor,
hal_hash_state_t **state_,
void *state_buffer, const size_t state_length)
@@ -405,7 +373,6 @@ hal_error_t hal_hash_initialize(const hal_core_t *core,
const hal_hash_driver_t * const driver = check_driver(descriptor);
hal_hash_state_t *state = state_buffer;
unsigned flags = 0;
- hal_error_t err;
if (driver == NULL || state_ == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -413,9 +380,6 @@ hal_error_t hal_hash_initialize(const hal_core_t *core,
if (state_buffer != NULL && state_length < descriptor->hash_state_length)
return HAL_ERROR_BAD_ARGUMENTS;
- if ((err = check_core(&core, descriptor, &flags)) != HAL_OK)
- return err;
-
if (state_buffer == NULL && (state = alloc_static_hash_state()) == NULL)
return HAL_ERROR_ALLOCATION_FAILURE;
@@ -515,9 +479,6 @@ static hal_error_t hash_write_block(hal_hash_state_t * const state)
uint8_t ctrl_cmd[4];
hal_error_t err;
- if (HAL_ENABLE_SOFTWARE_HASH_CORES && (state->flags & STATE_FLAG_SOFTWARE_CORE) != 0)
- return state->driver->sw_core(state);
-
if ((err = hal_io_wait_ready(state->core)) != HAL_OK)
return err;
@@ -556,7 +517,7 @@ hal_error_t hal_hash_update(hal_hash_state_t *state, /* Opaque state
size_t data_buffer_length) /* Length of data_buffer */
{
const uint8_t *p = data_buffer;
- hal_error_t err;
+ hal_error_t err = HAL_OK;
size_t n;
if (state == NULL || data_buffer == NULL)
@@ -568,6 +529,11 @@ hal_error_t hal_hash_update(hal_hash_state_t *state, /* Opaque state
assert(state->descriptor != NULL && state->driver != NULL);
assert(state->descriptor->block_length <= sizeof(state->block));
+#if RPC_CLIENT != RPC_CLIENT_MIXED
+ if ((err = hal_core_alloc(state->descriptor->core_name, &state->core)) != HAL_OK)
+ return err;
+#endif
+
while ((n = state->descriptor->block_length - state->block_used) <= data_buffer_length) {
/*
* We have enough data for another complete block.
@@ -582,7 +548,7 @@ hal_error_t hal_hash_update(hal_hash_state_t *state, /* Opaque state
data_buffer_length -= n;
p += n;
if ((err = hash_write_block(state)) != HAL_OK)
- return err;
+ goto out;
state->block_count++;
}
@@ -600,7 +566,11 @@ hal_error_t hal_hash_update(hal_hash_state_t *state, /* Opaque state
state->block_used += data_buffer_length;
}
- return HAL_OK;
+out:
+#if RPC_CLIENT != RPC_CLIENT_MIXED
+ hal_core_free(state->core);
+#endif
+ return err;
}
/*
@@ -627,6 +597,11 @@ hal_error_t hal_hash_finalize(hal_hash_state_t *state, /* Opaqu
assert(state->descriptor->block_length <= sizeof(state->block));
+#if RPC_CLIENT != RPC_CLIENT_MIXED
+ if ((err = hal_core_alloc(NULL, &state->core)) != HAL_OK)
+ return err;
+#endif
+
/*
* Add padding, then pull result from the core
*/
@@ -646,7 +621,7 @@ hal_error_t hal_hash_finalize(hal_hash_state_t *state, /* Opaqu
if (n > 0)
memset(state->block + state->block_used, 0, n);
if ((err = hash_write_block(state)) != HAL_OK)
- return err;
+ goto out;
state->block_count++;
state->block_used = 0;
}
@@ -671,25 +646,27 @@ hal_error_t hal_hash_finalize(hal_hash_state_t *state, /* Opaqu
/* Push final block */
if ((err = hash_write_block(state)) != HAL_OK)
- return err;
+ goto out;
state->block_count++;
/* All data pushed to core, now we just need to read back the result */
- if (HAL_ENABLE_SOFTWARE_HASH_CORES && (state->flags & STATE_FLAG_SOFTWARE_CORE) != 0)
- swytebop(digest_buffer, state->core_state, state->descriptor->digest_length, state->driver->sw_word_size);
-#if RPC_CLIENT != RPC_CLIENT_MIXED
- else if ((err = hash_read_digest(state->core, state->driver, digest_buffer, state->descriptor->digest_length)) != HAL_OK)
+#if RPC_CLIENT == RPC_CLIENT_MIXED
+ swytebop(digest_buffer, state->core_state, state->descriptor->digest_length, state->driver->sw_word_size);
+out:
+ return err;
+#else
+ err = hash_read_digest(state->core, state->driver, digest_buffer, state->descriptor->digest_length);
+out:
+ hal_core_free(state->core);
+ return err;
#endif
- return err;
-
- return HAL_OK;
}
/*
* Initialize HMAC state.
*/
-hal_error_t hal_hmac_initialize(const hal_core_t *core,
+hal_error_t hal_hmac_initialize(hal_core_t *core,
const hal_hash_descriptor_t * const descriptor,
hal_hmac_state_t **state_,
void *state_buffer, const size_t state_length,
@@ -706,9 +683,6 @@ hal_error_t hal_hmac_initialize(const hal_core_t *core,
if (state_buffer != NULL && state_length < descriptor->hmac_state_length)
return HAL_ERROR_BAD_ARGUMENTS;
- if ((err = check_core(&core, descriptor, NULL)) != HAL_OK)
- return err;
-
if (state_buffer == NULL && (state = alloc_static_hmac_state()) == NULL)
return HAL_ERROR_ALLOCATION_FAILURE;
diff --git a/masterkey.c b/masterkey.c
index 6425515..ffae618 100644
--- a/masterkey.c
+++ b/masterkey.c
@@ -63,7 +63,7 @@
static int volatile_init = 0, flash_init = 0;
-static const hal_core_t *core = NULL;
+static hal_core_t *core = NULL;
#define MKM_VOLATILE_STATUS_ADDRESS 0
#define MKM_VOLATILE_SCLK_DIV 0x20
diff --git a/mkmif.c b/mkmif.c
index ffa9319..06a2c4b 100644
--- a/mkmif.c
+++ b/mkmif.c
@@ -43,77 +43,77 @@ typedef union {
uint32_t word;
} byteword_t;
-hal_error_t hal_mkmif_init(const hal_core_t *core)
+hal_error_t hal_mkmif_init(hal_core_t *core)
{
byteword_t cmd;
hal_error_t err;
- if (core == NULL)
- return HAL_ERROR_CORE_NOT_FOUND;
-
cmd.word = htonl(MKMIF_CTRL_CMD_INIT);
- if ((err = hal_io_write(core, MKMIF_ADDR_CTRL, cmd.byte, 4)) ||
- (err = hal_io_wait_ready(core)))
- return err;
+ err = hal_core_alloc(MKMIF_NAME, &core) ||
+ hal_io_write(core, MKMIF_ADDR_CTRL, cmd.byte, 4) ||
+ hal_io_wait_ready(core);
- return HAL_OK;
+ hal_core_free(core);
+ return err;
}
-hal_error_t hal_mkmif_set_clockspeed(const hal_core_t *core, const uint32_t divisor)
+hal_error_t hal_mkmif_set_clockspeed(hal_core_t *core, const uint32_t divisor)
{
byteword_t data;
-
- if (core == NULL)
- return HAL_ERROR_CORE_NOT_FOUND;
+ hal_error_t err;
data.word = htonl(divisor);
- return hal_io_write(core, MKMIF_ADDR_SCLK_DIV, data.byte, 4);
+ err = hal_core_alloc(MKMIF_NAME, &core) ||
+ hal_io_write(core, MKMIF_ADDR_SCLK_DIV, data.byte, 4);
+
+ hal_core_free(core);
+ return err;
}
-hal_error_t hal_mkmif_get_clockspeed(const hal_core_t *core, uint32_t *divisor)
+hal_error_t hal_mkmif_get_clockspeed(hal_core_t *core, uint32_t *divisor)
{
byteword_t data;
hal_error_t err;
- if (core == NULL)
- return HAL_ERROR_CORE_NOT_FOUND;
+ err = hal_core_alloc(MKMIF_NAME, &core) ||
+ hal_io_read(core, MKMIF_ADDR_SCLK_DIV, data.byte, 4);
- if ((err = hal_io_read(core, MKMIF_ADDR_SCLK_DIV, data.byte, 4)))
- return err;
+ if (err == HAL_OK)
+ *divisor = htonl(data.word);
- *divisor = htonl(data.word);
- return HAL_OK;
+ hal_core_free(core);
+ return err;
}
-hal_error_t hal_mkmif_write(const hal_core_t *core, uint32_t addr, const uint8_t *buf, size_t len)
+hal_error_t hal_mkmif_write(hal_core_t *core, uint32_t addr, const uint8_t *buf, size_t len)
{
byteword_t cmd;
hal_error_t err;
- if (core == NULL)
- return HAL_ERROR_CORE_NOT_FOUND;
-
if (len % 4 != 0)
return HAL_ERROR_IO_BAD_COUNT;
cmd.word = htonl(MKMIF_CTRL_CMD_WRITE);
- for (; len > 0; addr += 4, buf += 4, len -= 4) {
- byteword_t write_addr;
- write_addr.word = htonl((uint32_t)addr);
- if ((err = hal_io_write(core, MKMIF_ADDR_EMEM_ADDR, write_addr.byte, 4)) ||
- (err = hal_io_write(core, MKMIF_ADDR_EMEM_DATA, buf, 4)) ||
- (err = hal_io_write(core, MKMIF_ADDR_CTRL, cmd.byte, 4)) ||
- (err = hal_io_wait_ready(core)))
- return err;
+ if ((err = hal_core_alloc(MKMIF_NAME, &core)) == HAL_OK) {
+ for (; len > 0; addr += 4, buf += 4, len -= 4) {
+ byteword_t write_addr;
+ write_addr.word = htonl((uint32_t)addr);
+ if ((err = hal_io_write(core, MKMIF_ADDR_EMEM_ADDR, write_addr.byte, 4)) ||
+ (err = hal_io_write(core, MKMIF_ADDR_EMEM_DATA, buf, 4)) ||
+ (err = hal_io_write(core, MKMIF_ADDR_CTRL, cmd.byte, 4)) ||
+ (err = hal_io_wait_ready(core)))
+ return err;
+ }
}
- return HAL_OK;
+ hal_core_free(core);
+ return err;
}
-hal_error_t hal_mkmif_write_word(const hal_core_t *core, uint32_t addr, const uint32_t data)
+hal_error_t hal_mkmif_write_word(hal_core_t *core, uint32_t addr, const uint32_t data)
{
byteword_t d;
@@ -122,33 +122,34 @@ hal_error_t hal_mkmif_write_word(const hal_core_t *core, uint32_t addr, const ui
return hal_mkmif_write(core, addr, d.byte, 4);
}
-hal_error_t hal_mkmif_read(const hal_core_t *core, uint32_t addr, uint8_t *buf, size_t len)
+hal_error_t hal_mkmif_read(hal_core_t *core, uint32_t addr, uint8_t *buf, size_t len)
{
byteword_t cmd;
hal_error_t err;
- if (core == NULL)
- return HAL_ERROR_CORE_NOT_FOUND;
-
if (len % 4 != 0)
return HAL_ERROR_IO_BAD_COUNT;
cmd.word = htonl(MKMIF_CTRL_CMD_READ);
- for (; len > 0; addr += 4, buf += 4, len -= 4) {
- byteword_t read_addr;
- read_addr.word = htonl((uint32_t)addr);
- if ((err = hal_io_write(core, MKMIF_ADDR_EMEM_ADDR, read_addr.byte, 4)) ||
- (err = hal_io_write(core, MKMIF_ADDR_CTRL, cmd.byte, 4)) ||
- (err = hal_io_wait_valid(core)) ||
- (err = hal_io_read(core, MKMIF_ADDR_EMEM_DATA, buf, 4)))
- return err;
+ if ((err = hal_core_alloc(MKMIF_NAME, &core)) == HAL_OK) {
+ for (; len > 0; addr += 4, buf += 4, len -= 4) {
+ byteword_t read_addr;
+ read_addr.word = htonl((uint32_t)addr);
+ if ((err = hal_io_write(core, MKMIF_ADDR_EMEM_ADDR, read_addr.byte, 4)) ||
+ (err = hal_io_write(core, MKMIF_ADDR_CTRL, cmd.byte, 4)) ||
+ (err = hal_io_wait_valid(core)) ||
+ (err = hal_io_read(core, MKMIF_ADDR_EMEM_DATA, buf, 4)))
+ goto out;
+ }
}
- return HAL_OK;
+out:
+ hal_core_free(core);
+ return err;
}
-hal_error_t hal_mkmif_read_word(const hal_core_t *core, uint32_t addr, uint32_t *data)
+hal_error_t hal_mkmif_read_word(hal_core_t *core, uint32_t addr, uint32_t *data)
{
byteword_t d;
hal_error_t err;
diff --git a/modexp.c b/modexp.c
index b84c51b..bad492b 100644
--- a/modexp.c
+++ b/modexp.c
@@ -138,12 +138,14 @@ static hal_error_t set_buffer(const hal_core_t *core,
* Run one modexp operation.
*/
-hal_error_t hal_modexp(const hal_core_t *core,
+hal_error_t hal_modexp(hal_core_t *core,
const uint8_t * const msg, const size_t msg_len, /* Message */
const uint8_t * const exp, const size_t exp_len, /* Exponent */
const uint8_t * const mod, const size_t mod_len, /* Modulus */
uint8_t *result, const size_t result_len)
{
+ hal_error_t err;
+
/*
* All pointers must be set, neither message nor exponent may be
* longer than modulus, result buffer must not be shorter than
@@ -160,6 +162,22 @@ hal_error_t hal_modexp(const hal_core_t *core,
((msg_len | exp_len | mod_len) & 3) != 0)
return HAL_ERROR_BAD_ARGUMENTS;
+ if (((err = hal_core_alloc(MODEXPS6_NAME, &core)) == HAL_ERROR_CORE_NOT_FOUND) &&
+ ((err = hal_core_alloc(MODEXPA7_NAME, &core)) != HAL_OK))
+ return err;
+
+#undef check
+#define check(_expr_) \
+ do { \
+ hal_error_t _err = (_expr_); \
+ if (_err != HAL_OK && debug) \
+ printf("%s failed: %s\n", #_expr_, hal_error_string(_err)); \
+ if (_err != HAL_OK) { \
+ hal_core_free(core); \
+ return _err; \
+ } \
+ } while (0)
+
/*
* We probably ought to take the mode (fast vs constant-time) as an
* argument, but for the moment we just guess that really short
diff --git a/pbkdf2.c b/pbkdf2.c
index f361328..690831f 100644
--- a/pbkdf2.c
+++ b/pbkdf2.c
@@ -46,7 +46,7 @@
* if and when we get clever about reusing HMAC state for speed.
*/
-static hal_error_t do_hmac(const hal_core_t *core,
+static hal_error_t do_hmac(hal_core_t *core,
const hal_hash_descriptor_t * const d,
const uint8_t * const pw, const size_t pw_len,
const uint8_t * const data, const size_t data_len,
@@ -78,7 +78,7 @@ static hal_error_t do_hmac(const hal_core_t *core,
* Derive a key from a passphrase using the PBKDF2 algorithm.
*/
-hal_error_t hal_pbkdf2(const hal_core_t *core,
+hal_error_t hal_pbkdf2(hal_core_t *core,
const hal_hash_descriptor_t * const descriptor,
const uint8_t * const password, const size_t password_length,
const uint8_t * const salt, const size_t salt_length,
@@ -108,6 +108,13 @@ hal_error_t hal_pbkdf2(const hal_core_t *core,
memset(result, 0, sizeof(result));
memset(mac, 0, sizeof(mac));
+#if 1
+ /* HACK - find the second sha256 core, to avoid interfering with rpc.
+ */
+ core = hal_core_find(descriptor->core_name, NULL);
+ core = hal_core_find(descriptor->core_name, core);
+#endif
+
/*
* We probably should check here to see whether the password is
* longer than the HMAC block size, and, if so, we should hash the
diff --git a/rsa.c b/rsa.c
index c8a1479..82b7597 100644
--- a/rsa.c
+++ b/rsa.c
@@ -197,10 +197,6 @@ static hal_error_t modexp(const hal_core_t *core,
{
hal_error_t err = HAL_OK;
- if (((err = hal_core_check_name(&core, MODEXPS6_NAME)) != HAL_OK) &&
- ((err = hal_core_check_name(&core, MODEXPA7_NAME)) != HAL_OK))
- return err;
-
assert(msg != NULL && exp != NULL && mod != NULL && res != NULL);
fp_int reduced_msg[1] = INIT_FP_INT;
diff --git a/tests/test-aes-key-wrap.c b/tests/test-aes-key-wrap.c
index 1207acb..5ecd46d 100644
--- a/tests/test-aes-key-wrap.c
+++ b/tests/test-aes-key-wrap.c
@@ -109,7 +109,7 @@ static const char *format_hex(const uint8_t *bin, const size_t len, char *hex, c
return hex;
}
-static int run_test(const hal_core_t *core,
+static int run_test(hal_core_t *core,
const uint8_t * const K, const size_t K_len,
const uint8_t * const C, const size_t C_len)
{
@@ -169,7 +169,7 @@ int main (int argc, char *argv[])
printf("Testing whether AES core reports present...");
- const hal_core_t *core = hal_core_find(AES_CORE_NAME, NULL);
+ hal_core_t *core = hal_core_find(AES_CORE_NAME, NULL);
if (core == NULL) {
printf("no, skipping keywrap tests\n");
diff --git a/tests/test-hash.c b/tests/test-hash.c
index 65ddf15..4e78243 100644
--- a/tests/test-hash.c
+++ b/tests/test-hash.c
@@ -540,7 +540,7 @@ static const uint8_t hmac_sha2_tc_7_result_sha512[] = { /* 64 bytes */
0xfa, 0x8c, 0x6a, 0x58
};
-static int _test_hash(const hal_core_t *core,
+static int _test_hash(hal_core_t *core,
const hal_hash_descriptor_t * const descriptor,
const uint8_t * const data, const size_t data_len,
const uint8_t * const result, const size_t result_len,
@@ -588,7 +588,7 @@ static int _test_hash(const hal_core_t *core,
return 1;
}
-static int _test_hmac(const hal_core_t *core,
+static int _test_hmac(hal_core_t *core,
const hal_hash_descriptor_t * const descriptor,
const uint8_t * const key, const size_t key_len,
const uint8_t * const data, const size_t data_len,
@@ -643,7 +643,7 @@ static int _test_hmac(const hal_core_t *core,
#define test_hmac(_core_, _desc_, _key_, _data_, _result_, _label_) \
_test_hmac(_core_, _desc_, _key_, sizeof(_key_), _data_, sizeof(_data_), _result_, sizeof(_result_), _label_)
-static void show_core(const hal_core_t *core, const char *whinge)
+static void show_core(hal_core_t *core, const char *whinge)
{
const hal_core_info_t *core_info = hal_core_info(core);
if (core_info != NULL)
@@ -654,9 +654,9 @@ static void show_core(const hal_core_t *core, const char *whinge)
int main (int argc, char *argv[])
{
- const hal_core_t * const sha1_core = hal_core_find(SHA1_NAME, NULL);
- const hal_core_t * const sha256_core = hal_core_find(SHA256_NAME, NULL);
- const hal_core_t * const sha512_core = hal_core_find(SHA512_NAME, NULL);
+ hal_core_t * const sha1_core = hal_core_find(SHA1_NAME, NULL);
+ hal_core_t * const sha256_core = hal_core_find(SHA256_NAME, NULL);
+ hal_core_t * const sha512_core = hal_core_find(SHA512_NAME, NULL);
show_core(sha1_core, "sha-1");
show_core(sha256_core, "sha-256");
diff --git a/tests/test-mkmif.c b/tests/test-mkmif.c
index a382cf6..ab5801e 100644
--- a/tests/test-mkmif.c
+++ b/tests/test-mkmif.c
@@ -19,7 +19,7 @@ typedef union {
uint32_t word;
} byteword_t;
-static hal_error_t sclk_test(const hal_core_t *core, const uint32_t divisor)
+static hal_error_t sclk_test(hal_core_t *core, const uint32_t divisor)
{
uint32_t readback;
hal_error_t err;
@@ -41,7 +41,7 @@ static hal_error_t sclk_test(const hal_core_t *core, const uint32_t divisor)
return HAL_OK;
}
-static hal_error_t init_test(const hal_core_t *core)
+static hal_error_t init_test(hal_core_t *core)
{
hal_error_t err;
@@ -55,7 +55,7 @@ static hal_error_t init_test(const hal_core_t *core)
return HAL_OK;
}
-static hal_error_t write_test(const hal_core_t *core)
+static hal_error_t write_test(hal_core_t *core)
{
uint32_t write_data;
uint32_t write_address;
@@ -78,7 +78,7 @@ static hal_error_t write_test(const hal_core_t *core)
return HAL_OK;
}
-static hal_error_t read_test(const hal_core_t *core)
+static hal_error_t read_test(hal_core_t *core)
{
uint32_t read_data;
uint32_t read_address;
@@ -101,7 +101,7 @@ static hal_error_t read_test(const hal_core_t *core)
return HAL_OK;
}
-static hal_error_t write_read_test(const hal_core_t *core)
+static hal_error_t write_read_test(hal_core_t *core)
{
uint32_t data;
uint32_t readback;
@@ -131,7 +131,7 @@ static hal_error_t write_read_test(const hal_core_t *core)
int main(void)
{
- const hal_core_t *core = hal_core_find(MKMIF_NAME, NULL);
+ hal_core_t *core = hal_core_find(MKMIF_NAME, NULL);
if (core == NULL) {
printf("MKMIF core not present, not testing.\n");
diff --git a/tests/test-pbkdf2.c b/tests/test-pbkdf2.c
index 6de4b99..f3072a7 100644
--- a/tests/test-pbkdf2.c
+++ b/tests/test-pbkdf2.c
@@ -154,7 +154,7 @@ static void print_hex(const uint8_t * const val, const size_t len)
printf(" %02x", val[i]);
}
-static int _test_pbkdf2(const hal_core_t *core,
+static int _test_pbkdf2(hal_core_t *core,
const uint8_t * const pwd, const size_t pwd_len,
const uint8_t * const salt, const size_t salt_len,
const uint8_t * const dk, const size_t dk_len,
@@ -198,7 +198,7 @@ static int _test_pbkdf2(const hal_core_t *core,
int main (int argc, char *argv[])
{
- const hal_core_t *core = hal_core_find(SHA1_NAME, NULL);
+ hal_core_t *core = hal_core_find(SHA1_NAME, NULL);
int ok = 1;
if (core == NULL)
diff --git a/tests/test-rsa.c b/tests/test-rsa.c
index 60fe2a5..57037c0 100644
--- a/tests/test-rsa.c
+++ b/tests/test-rsa.c
@@ -49,7 +49,7 @@
* Run one modexp test.
*/
-static int test_modexp(const hal_core_t *core,
+static int test_modexp(hal_core_t *core,
const char * const kind,
const rsa_tc_t * const tc,
const rsa_tc_bn_t * const msg, /* Input message */
@@ -74,7 +74,7 @@ static int test_modexp(const hal_core_t *core,
* Run one RSA CRT test.
*/
-static int test_decrypt(const hal_core_t *core,
+static int test_decrypt(hal_core_t *core,
const char * const kind,
const rsa_tc_t * const tc)
{
@@ -115,7 +115,7 @@ static int test_decrypt(const hal_core_t *core,
* Run one RSA key generation + CRT test.
*/
-static int test_gen(const hal_core_t *core,
+static int test_gen(hal_core_t *core,
const char * const kind,
const rsa_tc_t * const tc)
{
@@ -277,7 +277,7 @@ static void _time_check(const struct timeval t0, const int ok)
* and try generating a signature with that.
*/
-static int test_rsa(const hal_core_t *core, const rsa_tc_t * const tc)
+static int test_rsa(hal_core_t *core, const rsa_tc_t * const tc)
{
int ok = 1;
@@ -298,7 +298,7 @@ static int test_rsa(const hal_core_t *core, const rsa_tc_t * const tc)
int main(int argc, char *argv[])
{
- const hal_core_t *core = hal_core_find(MODEXPS6_NAME, NULL);
+ hal_core_t *core = hal_core_find(MODEXPS6_NAME, NULL);
if (core == NULL)
core = hal_core_find(MODEXPA7_NAME, NULL);
const hal_core_info_t *core_info = hal_core_info(core);
diff --git a/utils/cores.c b/utils/cores.c
index 18e994d..b055dea 100644
--- a/utils/cores.c
+++ b/utils/cores.c
@@ -44,7 +44,7 @@
int main(int argc, char *argv[])
{
- const hal_core_t *core;
+ hal_core_t *core;
const hal_core_info_t *info;
for (core = hal_core_iterate(NULL); core != NULL; core = hal_core_iterate(core)) {