Expanding mutexing

wolfSSL · Sep 3, 2024 · 99cee17 · 99cee17
1 parent cb5506e
commit 99cee17
Show file tree

Hide file tree

Showing 5 changed files with 300 additions and 17 deletions.
diff --git a/wolfcrypt/src/port/maxim/max3266x.c b/wolfcrypt/src/port/maxim/max3266x.c
@@ -131,7 +131,7 @@ int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz)
     if (output == NULL) {
         return BAD_FUNC_ARG;
     }
-    status = wolfSSL_CryptHwMutexLock(); /* Lock Mutex needed since */
+    status = wolfSSL_HwRngMutexLock(); /* Lock Mutex needed since */
                                          /* calling TPU init */
     if (status != 0) {
         return status;
@@ -146,7 +146,7 @@ int wc_MXC_TRNG_Random(unsigned char* output, unsigned int sz)
         MAX3266X_MSG("TRNG Device did not initialize");
         status = RNG_FAILURE_E;
     }
-    wolfSSL_CryptHwMutexUnLock(); /* Unlock Mutex no matter status value */
+    wolfSSL_HwRngMutexUnLock(); /* Unlock Mutex no matter status value */
     return status;
 }
 #endif /* MAX3266X_RNG */
@@ -162,7 +162,7 @@ int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv,
     if (in == NULL || iv == NULL || enc_key == NULL || out == NULL) {
         return BAD_FUNC_ARG;
     }
-    status = wolfSSL_CryptHwMutexLock();
+    status = wolfSSL_HwAesMutexLock();
     MAX3266X_MSG("AES HW Encryption");
     if (status != 0) {
         MAX3266X_MSG("Hardware Mutex Failure");
@@ -192,11 +192,11 @@ int wc_MXC_TPU_AesEncrypt(const unsigned char* in, const unsigned char* iv,
             break;
         default:
             MAX3266X_MSG("AES HW ERROR: Length Not Supported");
-            wolfSSL_CryptHwMutexUnLock();
+            wolfSSL_HwAesMutexUnLock();
             return WC_HW_E;
         break;
     }
-    wolfSSL_CryptHwMutexUnLock();
+    wolfSSL_HwAesMutexUnLock();
     if (status != 0) {
         MAX3266X_MSG("AES HW Acceleration Error Occurred");
         return WC_HW_E;
@@ -214,7 +214,7 @@ int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv,
     if (in == NULL || iv == NULL || dec_key == NULL || out == NULL) {
         return BAD_FUNC_ARG;
     }
-    status = wolfSSL_CryptHwMutexLock();
+    status = wolfSSL_HwAesMutexLock();
     if (status != 0) {
         return status;
     }
@@ -242,11 +242,11 @@ int wc_MXC_TPU_AesDecrypt(const unsigned char* in, const unsigned char* iv,
             break;
         default:
             MAX3266X_MSG("AES HW ERROR: Length Not Supported");
-            wolfSSL_CryptHwMutexUnLock();
+            wolfSSL_HwAesMutexUnLock();
             return WC_HW_E;
         break;
     }
-    wolfSSL_CryptHwMutexUnLock();
+    wolfSSL_HwAesMutexUnLock();
     if (status != 0) {
         MAX3266X_MSG("AES HW Acceleration Error Occurred");
         return WC_HW_E;
@@ -331,7 +331,7 @@ int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest,
     }
     /* False Case where msg needs to be processed */
     else if (status == 0) {
-        status = wolfSSL_CryptHwMutexLock(); /* Set Mutex **/
+        status = wolfSSL_HwHashMutexLock(); /* Set Mutex **/
         if (status != 0) { /* Mutex Call Check */
             return status;
         }
@@ -340,7 +340,7 @@ int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest,
         status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size,
                                          (char *)digest);
         MAX3266X_MSG("SHA HW Acceleration Used");
-        wolfSSL_CryptHwMutexUnLock(); /* Release Mutex */
+        wolfSSL_HwHashMutexUnLock(); /* Release Mutex */
         if (wc_MXC_error(&status) != 0) {
             MAX3266X_MSG("SHA HW Error Occurred");
             return status;
@@ -684,7 +684,7 @@ int wc_MXC_MAA_init(unsigned int len)
 {
     int status;
     MAX3266X_MSG("Setting Hardware Mutex and Starting MAA");
-    status = wolfSSL_CryptHwMutexLock();
+    status = wolfSSL_HwPkMutexLock();
     if (status == 0) {
         status = MXC_TPU_MAA_Init(len);
     }
@@ -701,7 +701,7 @@ int wc_MXC_MAA_Shutdown(void)
                                 /* This is returned when MAA cannot stop */
         status = WC_HW_E;
     }
-    wolfSSL_CryptHwMutexUnLock(); /* Always call Unlock in shutdown */
+    wolfSSL_HwPkMutexUnLock(); /* Always call Unlock in shutdown */
     return wc_MXC_error(&status);
 }
 
@@ -901,7 +901,7 @@ int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp,
     ret = wc_MXC_MAA_init(length*sizeof(mp_digit)*8);
     if (ret != 0) {
         MAX3266X_MSG("HW Init Failed");
-        wolfSSL_CryptHwMutexUnLock();
+        wolfSSL_HwPkMutexUnLock();
         return ret;
     }
 
@@ -915,14 +915,14 @@ int wc_MXC_MAA_math(mp_int* multiplier, mp_int* multiplicand, mp_int* exp,
     MAX3266X_MSG("MAA Finished Computation");
     if (wc_MXC_error(&ret) != 0) {
         MAX3266X_MSG("HW Computation Error");
-        wolfSSL_CryptHwMutexUnLock();
+        wolfSSL_HwPkMutexUnLock();
         return ret;
     }
 
     ret = wc_MXC_MAA_Shutdown();
     if (ret != 0) {
         MAX3266X_MSG("HW Shutdown Failure");
-        /* Shutdown will always call wolfSSL_CryptHwMutexUnLock(); */
+        /* Shutdown will always call wolfSSL_HwPkMutexUnLock(); */
         /* before returning */
         return ret;
     }

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
@@ -3839,15 +3839,30 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 #elif defined(MAX3266X_RNG)
     int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     {
+        #ifdef WOLFSSL_MAX3266X
+        int status;
+        #endif /* WOLFSSL_MAX3266X */
         static int initDone = 0;
         (void)os;
         if (initDone == 0) {
+            #ifdef WOLFSSL_MAX3266X
+            status = wolfSSL_HwRngMutexLock();
+            if (status != 0) {
+                return status;
+            }
+            #endif /* WOLFSSL_MAX3266X */
             if(MXC_TRNG_HealthTest() != 0) {
-                #if defined(DEBUG_WOLFSSL)
+                #ifdef DEBUG_WOLFSSL
                 WOLFSSL_MSG("TRNG HW Health Test Failed");
-                #endif
+                #endif /* DEBUG_WOLFSSL */
+                #ifdef WOLFSSL_MAX3266X
+                wolfSSL_HwRngMutexUnLock();
+                #endif /* WOLFSSL_MAX3266X */
                 return WC_HW_E;
             }
+            #ifdef WOLFSSL_MAX3266X
+            wolfSSL_HwRngMutexUnLock();
+            #endif /* WOLFSSL_MAX3266X */
             initDone = 1;
         }
         return wc_MXC_TRNG_Random(output, sz);

diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
@@ -1358,6 +1358,196 @@ int wolfSSL_CryptHwMutexUnLock(void)
 #endif /* WOLFSSL_CRYPT_HW_MUTEX */
 
 
+#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
+/* Mutex for protection of cryptography hardware */
+#ifndef NO_RNG_MUTEX
+static wolfSSL_Mutex wcCryptHwRngMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex);
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static wolfSSL_Mutex wcCryptHwAesMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex);
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static wolfSSL_Mutex wcCryptHwHashMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex);
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static wolfSSL_Mutex wcCryptHwPkMutex \
+                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex);
+#endif /* NO_PK_MUTEX */
+
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+#ifndef NO_RNG_MUTEX
+static int wcCryptHwRngMutexInit = 0;
+#endif /* NO_RNG_MUTEX */
+#ifndef NO_AES_MUTEX
+static int wcCryptHwAesMutexInit = 0;
+#endif /* NO_AES_MUTEX */
+#ifndef NO_HASH_MUTEX
+static int wcCryptHwHashMutexInit = 0;
+#endif /* NO_HASH_MUTEX */
+#ifndef NO_PK_MUTEX
+static int wcCryptHwPkMutexInit = 0;
+#endif /* NO_PK_MUTEX */
+#endif /* WOLFSSL_MUTEX_INITIALIZER */
+
+
+/* Allows ability to switch to different mutex based on enum type */
+/* hw_mutex_algo, expects the derefernce Ptrs to be set to NULL */
+int hwAlgoPtrSet(hw_mutex_algo hwAlgo, wolfSSL_Mutex** wcHwAlgoMutexPtr,
+                                int** wcHwAlgoInitPtr)
+{
+    if (*wcHwAlgoMutexPtr != NULL || *wcHwAlgoInitPtr != NULL) {
+        return BAD_FUNC_ARG;
+    }
+    switch (hwAlgo) {
+        #ifndef NO_RNG_MUTEX
+        case rng_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwRngMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwRngMutexInit;
+            break;
+        #endif
+        #ifndef NO_AES_MUTEX
+        case aes_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwAesMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwAesMutexInit;
+            break;
+        #endif
+        #ifndef NO_HASH_MUTEX
+        case hash_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwHashMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwHashMutexInit;
+            break;
+        #endif
+        #ifndef NO_PK_MUTEX
+        case pk_mutex:
+            *wcHwAlgoMutexPtr = &wcCryptHwPkMutex;
+            *wcHwAlgoInitPtr = &wcCryptHwPkMutexInit;
+            break;
+        #endif
+        default:
+            return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+
+int hwAlgoMutexInit(hw_mutex_algo hwAlgo)
+{
+    int ret = 0;
+#ifndef WOLFSSL_MUTEX_INITIALIZER
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    if (*wcHwAlgoInitPtr == 0) {
+        ret = wc_InitMutex(wcHwAlgoMutexPtr);
+        if (ret == 0) {
+            *wcHwAlgoInitPtr = 1;
+        }
+    }
+#endif
+    return ret;
+}
+
+int hwAlgoMutexLock(hw_mutex_algo hwAlgo)
+{
+    /* Make sure HW Mutex has been initialized */
+    int ret = 0;
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr);
+    if (ret != 0) {
+        return ret;
+    }
+    ret = hwAlgoMutexInit(hwAlgo);
+    if (ret == 0) {
+        ret = wc_LockMutex(wcHwAlgoMutexPtr);
+    }
+    return ret;
+}
+
+int hwAlgoMutexUnLock(hw_mutex_algo hwAlgo)
+{
+    wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL;
+    int* wcHwAlgoInitPtr = NULL;
+    if (hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr) != 0) {
+        return BAD_FUNC_ARG;
+    }
+    if (*wcHwAlgoInitPtr) {
+        return wc_UnLockMutex(wcHwAlgoMutexPtr);
+    }
+    else {
+        return BAD_MUTEX_E;
+    }
+}
+
+/* Wrap around generic hwAlgo* functions and use correct */
+/* global mutex to determine if it can be unlocked/locked */
+#ifndef NO_RNG_MUTEX
+int wolfSSL_HwRngMutexInit(void)
+{
+    return hwAlgoMutexInit(rng_mutex);
+}
+int wolfSSL_HwRngMutexLock(void)
+{
+    return hwAlgoMutexLock(rng_mutex);
+}
+int wolfSSL_HwRngMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(rng_mutex);
+}
+#endif /* NO_RNG_MUTEX */
+
+#ifndef NO_AES_MUTEX
+int wolfSSL_HwAesMutexInit(void)
+{
+    return hwAlgoMutexInit(aes_mutex);
+}
+int wolfSSL_HwAesMutexLock(void)
+{
+    return hwAlgoMutexLock(aes_mutex);
+}
+int wolfSSL_HwAesMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(aes_mutex);
+}
+#endif /* NO_AES_MUTEX */
+
+#ifndef NO_HASH_MUTEX
+int wolfSSL_HwHashMutexInit(void)
+{
+    return hwAlgoMutexInit(hash_mutex);
+}
+int wolfSSL_HwHashMutexLock(void)
+{
+    return hwAlgoMutexLock(hash_mutex);
+}
+int wolfSSL_HwHashMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(hash_mutex);
+}
+#endif /* NO_HASH_MUTEX */
+
+#ifndef NO_PK_MUTEX
+int wolfSSL_HwPkMutexInit(void)
+{
+    return hwAlgoMutexInit(pk_mutex);
+}
+int wolfSSL_HwPkMutexLock(void)
+{
+    return hwAlgoMutexLock(pk_mutex);
+}
+int wolfSSL_HwPkMutexUnLock(void)
+{
+    return hwAlgoMutexUnLock(pk_mutex);
+}
+#endif /* NO_PK_MUTEX */
+
+#endif /* WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) */
+
 /* ---------------------------------------------------------------------------*/
 /* Mutex Ports */
 /* ---------------------------------------------------------------------------*/

diff --git a/wolfssl/wolfcrypt/port/maxim/max3266x.h b/wolfssl/wolfcrypt/port/maxim/max3266x.h
@@ -41,6 +41,16 @@
     #define MAX3266X_MATH
 #endif
 
+/* Crypto HW can be used in parallel on this device */
+/* Sets up new Mutexing if desired */
+#ifdef WOLFSSL_ALGO_HW_MUTEX
+    /* SDK only supports using RNG in parallel with crypto HW */
+    /* AES, HASH, and PK must share some mutex */
+    #define NO_AES_MUTEX
+    #define NO_HASH_MUTEX
+    #define NO_PK_MUTEX
+#endif /* WOLFSSL_ALGO_HW_MUTEX */
+
 #if defined(WOLFSSL_MAX3266X_OLD)
     /* Support for older SDK API Maxim provides */