diff --git a/.github/workflows/build-and-bench.yml b/.github/workflows/build-and-bench.yml index a7c6e15b..def5fbb7 100644 --- a/.github/workflows/build-and-bench.yml +++ b/.github/workflows/build-and-bench.yml @@ -32,3 +32,7 @@ jobs: # Benchmark with everything enabled - name: Benchmark All run: cd benchmark && make clean && make WOLFSSL_DIR=../wolfssl DMA=1 && make run + + # Benchmark with DEBUG_VERBOSE=1 (includes DEBUG) + - name: Benchmark with DEBUG_VERBOSE + run: cd benchmark && make clean && make -j DEBUG_VERBOSE=1 WOLFSSL_DIR=../wolfssl && make run diff --git a/.github/workflows/build-and-run-examples.yml b/.github/workflows/build-and-run-examples.yml index 5e0ecc49..50761557 100644 --- a/.github/workflows/build-and-run-examples.yml +++ b/.github/workflows/build-and-run-examples.yml @@ -12,6 +12,7 @@ jobs: matrix: transport: [ 'tcp', 'shm', 'dma' ] asan: [ 'ASAN=1', 'ASAN=0' ] + debug: [ '', 'DEBUG_VERBOSE=1' ] runs-on: ubuntu-latest timeout-minutes: 5 @@ -29,16 +30,16 @@ jobs: - name: Build POSIX server run: | if [ "${{ matrix.transport }}" = "dma" ]; then - cd examples/posix/wh_posix_server && ${{ matrix.asan }} DMA=1 make -j WOLFSSL_DIR=../../../wolfssl + cd examples/posix/wh_posix_server && ${{ matrix.asan }} ${{ matrix.debug }} DMA=1 make -j WOLFSSL_DIR=../../../wolfssl else - cd examples/posix/wh_posix_server && ${{ matrix.asan }} make -j WOLFSSL_DIR=../../../wolfssl + cd examples/posix/wh_posix_server && ${{ matrix.asan }} ${{ matrix.debug }} make -j WOLFSSL_DIR=../../../wolfssl fi - name: Build POSIX client run: | if [ "${{ matrix.transport }}" = "dma" ]; then - cd examples/posix/wh_posix_client && ${{ matrix.asan }} DMA=1 make -j WOLFSSL_DIR=../../../wolfssl + cd examples/posix/wh_posix_client && ${{ matrix.asan }} ${{ matrix.debug }} DMA=1 make -j WOLFSSL_DIR=../../../wolfssl else - cd examples/posix/wh_posix_client && ${{ matrix.asan }} make -j WOLFSSL_DIR=../../../wolfssl + cd examples/posix/wh_posix_client && ${{ matrix.asan }} ${{ matrix.debug }} make -j WOLFSSL_DIR=../../../wolfssl fi # Start the server in the background diff --git a/.github/workflows/build-and-test-clientonly.yml b/.github/workflows/build-and-test-clientonly.yml index d4647c21..ef4a2334 100644 --- a/.github/workflows/build-and-test-clientonly.yml +++ b/.github/workflows/build-and-test-clientonly.yml @@ -50,7 +50,25 @@ jobs: make clean make -j CLIENT_ONLY_TCP=1 SHE=1 ASAN=1 WOLFSSL_DIR=../wolfssl && make run - # Optional: Kill the server process if it doesn't exit on its own + # Restart server with fresh state for second test run + - name: Restart POSIX server + run: | + kill $TCP_SERVER_PID || true + cd examples/posix/wh_posix_server + rm -f *.bin || true + ./Build/wh_posix_server.elf & + TCP_SERVER_PID=$! + echo "TCP_SERVER_PID=$TCP_SERVER_PID" >> $GITHUB_ENV + sleep 2 + + # Build and test client-only with DEBUG_VERBOSE=1 (includes DEBUG) + - name: Build client-only unit tests with DEBUG_VERBOSE + run: | + cd test + make clean + make -j CLIENT_ONLY_TCP=1 SHE=1 DEBUG_VERBOSE=1 WOLFSSL_DIR=../wolfssl && make run + + # Optional: Kill the server process if it doesn't exit on its own - name: Cleanup POSIX TCP server if: always() run: kill $TCP_SERVER_PID || true diff --git a/.github/workflows/build-and-test-whnvmtool.yml b/.github/workflows/build-and-test-whnvmtool.yml index 503280a6..4db0bd8a 100644 --- a/.github/workflows/build-and-test-whnvmtool.yml +++ b/.github/workflows/build-and-test-whnvmtool.yml @@ -37,3 +37,11 @@ jobs: - name: Build and test NVM tool with ASAN run: cd tools/whnvmtool && make clean && make check WOLFSSL_DIR=../../wolfssl ASAN=1 + # Build and test with DEBUG=1 + - name: Build and test NVM tool with DEBUG + run: cd tools/whnvmtool && make clean && make check WOLFSSL_DIR=../../wolfssl DEBUG=1 + + # Build and test with DEBUG_VERBOSE=1 (includes DEBUG) + - name: Build and test NVM tool with DEBUG_VERBOSE + run: cd tools/whnvmtool && make clean && make check WOLFSSL_DIR=../../wolfssl DEBUG_VERBOSE=1 + diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index e7add7f2..aa6d4f32 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -56,3 +56,11 @@ jobs: # Build and test with SHE and ASAN - name: Build and test ASAN SHE run: cd test && make clean && make -j SHE=1 ASAN=1 WOLFSSL_DIR=../wolfssl && make run + + # Build and test with DEBUG=1 + - name: Build and test with DEBUG + run: cd test && make clean && make -j DEBUG=1 WOLFSSL_DIR=../wolfssl && make run + + # Build and test with DEBUG_VERBOSE=1 (includes DEBUG) + - name: Build and test with DEBUG_VERBOSE + run: cd test && make clean && make -j DEBUG_VERBOSE=1 WOLFSSL_DIR=../wolfssl && make run diff --git a/Makefile b/Makefile index 044d3b88..9e8ce39a 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,9 @@ .PHONY: all test benchmark tools examples clean +export DEBUG +export DEBUG_VERBOSE + all: test benchmark tools examples test: diff --git a/benchmark/Makefile b/benchmark/Makefile index c54e1fa1..874d96cb 100644 --- a/benchmark/Makefile +++ b/benchmark/Makefile @@ -71,6 +71,16 @@ ifeq ($(DEBUG),1) DBGFLAGS = -ggdb -g3 CFLAGS += $(DBGFLAGS) LDFLAGS += $(DBGFLAGS) +DEF += -DWOLFHSM_CFG_DEBUG +endif + +# Check if DEBUG_VERBOSE is set to 1 and enable verbose WOLFHSM debug output +# Note: DEBUG_VERBOSE implies DEBUG +ifeq ($(DEBUG_VERBOSE),1) +DBGFLAGS = -ggdb -g3 +CFLAGS += $(DBGFLAGS) +LDFLAGS += $(DBGFLAGS) +DEF += -DWOLFHSM_CFG_DEBUG -DWOLFHSM_CFG_DEBUG_VERBOSE endif ifneq ($(DEBUG),1) @@ -89,15 +99,6 @@ ifeq ($(DEBUG_WOLFSSL),1) DEF += -DDEBUG_WOLFSSL endif -ifeq ($(DEBUG_CRYPTOCB),1) - DEF += -DDEBUG_CRYPTOCB -endif - -ifeq ($(DEBUG_CRYPTOCB_VERBOSE),1) - DEF += -DDEBUG_CRYPTOCB -DDEBUG_CRYPTOCB_VERBOSE -endif - - ## wolfHSM defines ifeq ($(NOCRYPTO),1) DEF += -DWOLFHSM_CFG_NO_CRYPTO diff --git a/benchmark/config/user_settings.h b/benchmark/config/user_settings.h index 8a463fe7..81a5264a 100644 --- a/benchmark/config/user_settings.h +++ b/benchmark/config/user_settings.h @@ -35,8 +35,8 @@ extern "C" { /* #define WC_NO_ASYNC_THREADING */ /* -#define DEBUG_CRYPTOCB -#define DEBUG_CRYPTOCB_VERBOSE +#define WOLFHSM_CFG_DEBUG +#define WOLFHSM_CFG_DEBUG_VERBOSE */ /** wolfHSM required settings for wolfCrypt */ diff --git a/benchmark/wh_bench.c b/benchmark/wh_bench.c index 60e79e69..2be892e9 100644 --- a/benchmark/wh_bench.c +++ b/benchmark/wh_bench.c @@ -586,7 +586,7 @@ static int _whBench_ClientCfg_PosixDmaHeap(posixTransportShmContext* shmCtx) ret = posixTransportShm_GetDma(shmCtx, &dma, &dmaSz); if (ret != 0) { - printf("Failed to get DMA\n"); + WOLFHSM_CFG_PRINTF("Failed to get DMA\n"); return ret; } diff --git a/benchmark/wh_bench_main.c b/benchmark/wh_bench_main.c index 6a63ef56..aca1aafe 100644 --- a/benchmark/wh_bench_main.c +++ b/benchmark/wh_bench_main.c @@ -29,10 +29,10 @@ void Usage(const char* exeName) { - printf("Usage: %s --type --module --list\n", exeName); - printf("Type: mem, shm, tcp, dma\n"); - printf("Module: index of the module to run\n"); - printf("List: list all modules\n"); + WOLFHSM_CFG_PRINTF("Usage: %s --type --module --list\n", exeName); + WOLFHSM_CFG_PRINTF("Type: mem, shm, tcp, dma\n"); + WOLFHSM_CFG_PRINTF("Module: index of the module to run\n"); + WOLFHSM_CFG_PRINTF("List: list all modules\n"); exit(1); } @@ -62,7 +62,7 @@ int main(int argc, char** argv) transport = WH_BENCH_TRANSPORT_POSIX_DMA; } else { - printf("Invalid transport type: %s\n", type); + WOLFHSM_CFG_PRINTF("Invalid transport type: %s\n", type); Usage(argv[0]); return -1; } @@ -75,7 +75,7 @@ int main(int argc, char** argv) return 0; } else { - printf("Invalid argument: %s\n", argv[i]); + WOLFHSM_CFG_PRINTF("Invalid argument: %s\n", argv[i]); Usage(argv[0]); return -1; } diff --git a/examples/demo/client/wh_demo_client_crypto.c b/examples/demo/client/wh_demo_client_crypto.c index bec7ae86..63bc36eb 100644 --- a/examples/demo/client/wh_demo_client_crypto.c +++ b/examples/demo/client/wh_demo_client_crypto.c @@ -72,21 +72,21 @@ int wh_DemoClient_CryptoRsa(whClientContext* clientContext) /* initialize rng to make the rsa key */ ret = wc_InitRng_ex(rng, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitRng_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRng_ex %d\n", ret); goto exit; } /* initialize the rsa key */ ret = wc_InitRsaKey_ex(rsa, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitRsaKey_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRsaKey_ex %d\n", ret); goto exit; } /* make the rsa key */ ret = wc_MakeRsaKey(rsa, 2048, 65537, rng); if (ret != 0) { - printf("Failed to wc_MakeRsaKey %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_MakeRsaKey %d\n", ret); goto exit; } @@ -94,7 +94,7 @@ int wh_DemoClient_CryptoRsa(whClientContext* clientContext) encSz = ret = wc_RsaPublicEncrypt(plainText, sizeof(plainString), cipherText, sizeof(cipherText), rsa, rng); if (ret < 0) { - printf("Failed to wc_RsaPublicEncrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_RsaPublicEncrypt %d\n", ret); goto exit; } @@ -102,18 +102,18 @@ int wh_DemoClient_CryptoRsa(whClientContext* clientContext) ret = wc_RsaPrivateDecrypt(cipherText, encSz, plainText, sizeof(plainText), rsa); if (ret < 0) { - printf("Failed to wc_RsaPrivateDecrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_RsaPrivateDecrypt %d\n", ret); goto exit; } ret = 0; /* verify the decryption output */ if (memcmp(plainText, plainString, sizeof(plainString)) != 0) { - printf("Failed to verify RSA output\n"); + WOLFHSM_CFG_PRINTF("Failed to verify RSA output\n"); ret = -1; } else - printf("RSA Decryption matches original plaintext\n"); + WOLFHSM_CFG_PRINTF("RSA Decryption matches original plaintext\n"); exit: (void)wc_FreeRng(rng); @@ -149,21 +149,21 @@ int wh_DemoClient_CryptoRsaImport(whClientContext* clientContext) /* initialize rng to encrypt with the rsa key */ ret = wc_InitRng_ex(rng, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitRng_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRng_ex %d\n", ret); goto exit; } /* open the RSA key */ ret = keyFd = open(keyFile, O_RDONLY, 0); if (ret < 0) { - printf("Failed to open %s %d\n", keyFile, ret); + WOLFHSM_CFG_PRINTF("Failed to open %s %d\n", keyFile, ret); goto exit; } /* read the RSA key to local buffer */ ret = keySz = read(keyFd, keyBuf, sizeof(keyBuf)); if (ret < 0) { - printf("Failed to read %s %d\n", keyFile, ret); + WOLFHSM_CFG_PRINTF("Failed to read %s %d\n", keyFile, ret); close(keyFd); goto exit; } @@ -174,7 +174,7 @@ int wh_DemoClient_CryptoRsaImport(whClientContext* clientContext) clientContext, WH_NVM_FLAGS_USAGE_ENCRYPT | WH_NVM_FLAGS_USAGE_DECRYPT, (uint8_t*)keyLabel, strlen(keyLabel), keyBuf, keySz, &keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } needEvict = 1; @@ -182,14 +182,14 @@ int wh_DemoClient_CryptoRsaImport(whClientContext* clientContext) /* initialize the rsa key */ ret = wc_InitRsaKey_ex(rsa, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitRsaKey_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRsaKey_ex %d\n", ret); goto exit; } /* set the assigned keyId */ ret = wh_Client_RsaSetKeyId(rsa, keyId); if (ret != 0) { - printf("Failed to wh_Client_SetKeyIdRsa %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_SetKeyIdRsa %d\n", ret); goto exit; } @@ -197,7 +197,7 @@ int wh_DemoClient_CryptoRsaImport(whClientContext* clientContext) encSz = ret = wc_RsaPublicEncrypt(plainText, sizeof(plainString), cipherText, sizeof(cipherText), rsa, rng); if (ret < 0) { - printf("Failed to wc_RsaPublicEncrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_RsaPublicEncrypt %d\n", ret); goto exit; } @@ -205,24 +205,24 @@ int wh_DemoClient_CryptoRsaImport(whClientContext* clientContext) ret = wc_RsaPrivateDecrypt(cipherText, encSz, plainText, sizeof(plainText), rsa); if (ret < 0) { - printf("Failed to wc_RsaPrivateDecrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_RsaPrivateDecrypt %d\n", ret); goto exit; } ret = 0; /* verify the decryption output */ if (memcmp(plainText, plainString, sizeof(plainString)) != 0) { - printf("Failed to verify RSA output\n"); + WOLFHSM_CFG_PRINTF("Failed to verify RSA output\n"); ret = -1; } else - printf("RSA Decryption matches original plaintext with imported key\n"); + WOLFHSM_CFG_PRINTF("RSA Decryption matches original plaintext with imported key\n"); exit: (void)wc_FreeRng(rng); if (needEvict) { int evictRet = wh_Client_KeyEvict(clientContext, keyId); if (evictRet != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); if (ret == 0) { ret = evictRet; } @@ -257,33 +257,33 @@ int wh_DemoClient_CryptoCurve25519(whClientContext* clientContext) /* initialize rng to make the curve25519 keys */ ret = wc_InitRng_ex(rng, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitRng_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRng_ex %d\n", ret); goto exit; } /* initialize the keys */ ret = wc_curve25519_init_ex(curve25519PrivateKey, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_curve25519_init_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_init_ex %d\n", ret); goto exit; } ret = wc_curve25519_init_ex(curve25519PublicKey, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_curve25519_init_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_init_ex %d\n", ret); goto exit; } /* generate the keys on the HSM */ ret = wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, curve25519PrivateKey); if (ret != 0) { - printf("Failed to wc_curve25519_make_key %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_make_key %d\n", ret); goto exit; } ret = wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, curve25519PublicKey); if (ret != 0) { - printf("Failed to wc_curve25519_make_key %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_make_key %d\n", ret); goto exit; } @@ -292,7 +292,7 @@ int wh_DemoClient_CryptoCurve25519(whClientContext* clientContext) ret = wc_curve25519_shared_secret(curve25519PrivateKey, curve25519PublicKey, sharedOne, (word32*)&outLen); if (ret != 0) { - printf("Failed to wc_curve25519_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_shared_secret %d\n", ret); goto exit; } @@ -300,18 +300,18 @@ int wh_DemoClient_CryptoCurve25519(whClientContext* clientContext) ret = wc_curve25519_shared_secret(curve25519PublicKey, curve25519PrivateKey, sharedTwo, (word32*)&outLen); if (ret != 0) { - printf("Failed to wc_curve25519_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_shared_secret %d\n", ret); goto exit; } /* Compare the shared secrets, they should match */ if (memcmp(sharedOne, sharedTwo, outLen) != 0) { - printf("CURVE25519 shared secrets don't match\n"); + WOLFHSM_CFG_PRINTF("CURVE25519 shared secrets don't match\n"); ret = -1; goto exit; } else { - printf("CURVE25519 shared secrets match\n"); + WOLFHSM_CFG_PRINTF("CURVE25519 shared secrets match\n"); } exit: /* free the key structs */ @@ -349,7 +349,7 @@ int wh_DemoClient_CryptoCurve25519Import(whClientContext* clientContext) /* open Bob's key pair file and read it into a local buffer */ ret = keyFd = open(keyPairFileBob, O_RDONLY, 0); if (ret < 0) { - printf("Failed to open %s %d\n", keyPairFileBob, ret); + WOLFHSM_CFG_PRINTF("Failed to open %s %d\n", keyPairFileBob, ret); goto exit; } ret = keySz = read(keyFd, keyBuf, sizeof(keyBuf)); @@ -364,19 +364,19 @@ int wh_DemoClient_CryptoCurve25519Import(whClientContext* clientContext) (uint8_t*)keyLabel, strlen(keyLabel), keyBuf, keySz, &keyIdBob); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } /* initialize the wolfCrypt struct to use the cached key */ ret = wc_curve25519_init_ex(bobKey, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_curve25519_init_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_init_ex %d\n", ret); goto exit; } ret = wh_Client_Curve25519SetKeyId(bobKey, keyIdBob); if (ret != 0) { - printf("Failed to wh_Client_Curve25519SetKeyId %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_Curve25519SetKeyId %d\n", ret); goto exit; } @@ -384,12 +384,12 @@ int wh_DemoClient_CryptoCurve25519Import(whClientContext* clientContext) /* open Alice's key pair file and read it into a local buffer */ ret = keyFd = open(keyPairFileAlice, O_RDONLY, 0); if (ret < 0) { - printf("Failed to open %s %d\n", keyPairFileAlice, ret); + WOLFHSM_CFG_PRINTF("Failed to open %s %d\n", keyPairFileAlice, ret); goto exit; } ret = keySz = read(keyFd, keyBuf, sizeof(keyBuf)); if (ret < 0) { - printf("Failed to read %s %d\n", keyPairFileAlice, ret); + WOLFHSM_CFG_PRINTF("Failed to read %s %d\n", keyPairFileAlice, ret); close(keyFd); goto exit; } @@ -400,19 +400,19 @@ int wh_DemoClient_CryptoCurve25519Import(whClientContext* clientContext) (uint8_t*)keyLabel, strlen(keyLabel), keyBuf, keySz, &keyIdAlice); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } /* Initialize the wolfCrypt struct to use the cached key */ ret = wc_curve25519_init_ex(aliceKey, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_curve25519_init_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_init_ex %d\n", ret); goto exit; } ret = wh_Client_Curve25519SetKeyId(aliceKey, keyIdAlice); if (ret != 0) { - printf("Failed to wh_Client_Curve25519SetKeyId %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_Curve25519SetKeyId %d\n", ret); goto exit; } @@ -421,7 +421,7 @@ int wh_DemoClient_CryptoCurve25519Import(whClientContext* clientContext) ret = wc_curve25519_shared_secret(bobKey, aliceKey, sharedOne, (word32*)&outLen); if (ret != 0) { - printf("Failed to wc_curve25519_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_shared_secret %d\n", ret); goto exit; } @@ -430,18 +430,18 @@ int wh_DemoClient_CryptoCurve25519Import(whClientContext* clientContext) ret = wc_curve25519_shared_secret(aliceKey, bobKey, sharedTwo, (word32*)&outLen); if (ret != 0) { - printf("Failed to wc_curve25519_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_curve25519_shared_secret %d\n", ret); goto exit; } /* Compare the shared secrets, they should match */ if (memcmp(sharedOne, sharedTwo, outLen) != 0) { - printf("CURVE25519 import: shared secrets don't match\n"); + WOLFHSM_CFG_PRINTF("CURVE25519 import: shared secrets don't match\n"); ret = -1; goto exit; } else { - printf("CURVE25519 import: shared secrets match\n"); + WOLFHSM_CFG_PRINTF("CURVE25519 import: shared secrets match\n"); } exit: @@ -452,7 +452,7 @@ int wh_DemoClient_CryptoCurve25519Import(whClientContext* clientContext) if (keyIdBob != WH_KEYID_ERASED) { int evictRet = wh_Client_KeyEvict(clientContext, keyIdBob); if (evictRet != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); if (ret == 0) { ret = evictRet; } @@ -461,7 +461,7 @@ int wh_DemoClient_CryptoCurve25519Import(whClientContext* clientContext) if (keyIdAlice != WH_KEYID_ERASED) { int evictRet = wh_Client_KeyEvict(clientContext, keyIdAlice); if (evictRet != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); if (ret == 0) { ret = evictRet; } @@ -502,19 +502,19 @@ int wh_DemoClient_CryptoEcc(whClientContext* clientContext) /* Initialize the rng to make the ecc keys */ ret = wc_InitRng_ex(rng, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitRng_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRng_ex %d\n", ret); goto exit; } /* Initialize the local wolfCrypt structs */ ret = wc_ecc_init_ex(aliceKey, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_ecc_init_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_init_ex %d\n", ret); goto exit; } ret = wc_ecc_init_ex(bobKey, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_ecc_init_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_init_ex %d\n", ret); goto exit; } @@ -522,12 +522,12 @@ int wh_DemoClient_CryptoEcc(whClientContext* clientContext) * back to the client to store locally in the ecc_key structs */ ret = wc_ecc_make_key(rng, 32, aliceKey); if (ret != 0) { - printf("Failed to wc_ecc_make_key %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_make_key %d\n", ret); goto exit; } ret = wc_ecc_make_key(rng, 32, bobKey); if (ret != 0) { - printf("Failed to wc_ecc_make_key %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_make_key %d\n", ret); goto exit; } @@ -536,25 +536,25 @@ int wh_DemoClient_CryptoEcc(whClientContext* clientContext) ret = wc_ecc_shared_secret(aliceKey, bobKey, (byte*)sharedOne, (word32*)&outLen); if (ret != 0) { - printf("Failed to wc_ecc_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_shared_secret %d\n", ret); goto exit; } ret = wc_ecc_shared_secret(bobKey, aliceKey, (byte*)sharedTwo, (word32*)&outLen); if (ret != 0) { - printf("Failed to wc_ecc_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_shared_secret %d\n", ret); goto exit; } /* Compare the shared secrets, they should match */ if (memcmp(sharedOne, sharedTwo, outLen) != 0) { - printf("ECC shared secrets don't match\n"); + WOLFHSM_CFG_PRINTF("ECC shared secrets don't match\n"); ret = -1; goto exit; } else { - printf("ECC shared secrets match\n"); + WOLFHSM_CFG_PRINTF("ECC shared secrets match\n"); } /* Sign the plaintext using the private component of Alice's key */ @@ -562,7 +562,7 @@ int wh_DemoClient_CryptoEcc(whClientContext* clientContext) ret = wc_ecc_sign_hash(message, sizeof(message), (void*)signature, (word32*)&outLen, rng, aliceKey); if (ret != 0) { - printf("Failed to wc_ecc_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_shared_secret %d\n", ret); goto exit; } @@ -573,14 +573,14 @@ int wh_DemoClient_CryptoEcc(whClientContext* clientContext) ret = wc_ecc_verify_hash((void*)signature, outLen, (void*)message, sizeof(message), &res, aliceKey); if (ret != 0) { - printf("Failed to wc_ecc_verify_hash %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_verify_hash %d\n", ret); goto exit; } if (res == 1) - printf("ECC sign/verify successful\n"); + WOLFHSM_CFG_PRINTF("ECC sign/verify successful\n"); else { - printf("ECC sign/verify failure\n"); + WOLFHSM_CFG_PRINTF("ECC sign/verify failure\n"); ret = -1; goto exit; } @@ -632,20 +632,20 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) /* Initialize the rng for signature signing */ ret = wc_InitRng_ex(rng, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitRng_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRng_ex %d\n", ret); goto exit; } /* Open Alice's keypair file and read it into a local buffer */ ret = keyFd = open(keyFileAlice, O_RDONLY, 0); if (ret < 0) { - printf("Failed to open %s %d\n", keyFileAlice, ret); + WOLFHSM_CFG_PRINTF("Failed to open %s %d\n", keyFileAlice, ret); goto exit; } /* Read the first private key to local buffer */ ret = keySz = read(keyFd, keyBuf, sizeof(keyBuf)); if (ret < 0) { - printf("Failed to read %s %d\n", keyFileAlice, ret); + WOLFHSM_CFG_PRINTF("Failed to read %s %d\n", keyFileAlice, ret); close(keyFd); goto exit; } @@ -658,7 +658,7 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) WH_NVM_FLAGS_USAGE_VERIFY, (uint8_t*)keyLabel, strlen(keyLabel), keyBuf, keySz, &keyIdAlice); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } @@ -668,18 +668,18 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) * key */ ret = wc_ecc_init_ex(aliceKey, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_ecc_init_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_init_ex %d\n", ret); goto exit; } ret = wh_Client_EccSetKeyId(aliceKey, keyIdAlice); if (ret != 0) { - printf("Failed to wh_Client_EccSetKeyId %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_EccSetKeyId %d\n", ret); goto exit; } /* Configure the local struct to expect the correct curve */ ret = wc_ecc_set_curve(aliceKey, 32, -1); if (ret != 0) { - printf("Failed to wc_ecc_set_curve %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_set_curve %d\n", ret); goto exit; } @@ -689,12 +689,12 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) /* Open Bob's keypair file and read it into a local buffer */ ret = keyFd = open(keyFileBob, O_RDONLY, 0); if (ret < 0) { - printf("Failed to open %s %d\n", keyFileBob, ret); + WOLFHSM_CFG_PRINTF("Failed to open %s %d\n", keyFileBob, ret); goto exit; } ret = keySz = read(keyFd, keyBuf, sizeof(keyBuf)); if (ret < 0) { - printf("Failed to read %s %d\n", keyFileBob, ret); + WOLFHSM_CFG_PRINTF("Failed to read %s %d\n", keyFileBob, ret); close(keyFd); goto exit; } @@ -706,7 +706,7 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) WH_NVM_FLAGS_USAGE_VERIFY, (uint8_t*)keyLabel, strlen(keyLabel), keyBuf, keySz, &keyIdBob); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } @@ -714,18 +714,18 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) * key */ ret = wc_ecc_init_ex(bobKey, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_ecc_init_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_init_ex %d\n", ret); goto exit; } ret = wh_Client_EccSetKeyId(bobKey, keyIdBob); if (ret != 0) { - printf("Failed to wh_Client_EccSetKeyId %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_EccSetKeyId %d\n", ret); goto exit; } /* Configure the local struct to expect the correct curve */ ret = wc_ecc_set_curve(bobKey, 32, -1); if (ret != 0) { - printf("Failed to wc_ecc_set_curve %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_set_curve %d\n", ret); goto exit; } @@ -734,7 +734,7 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) ret = wc_ecc_shared_secret(aliceKey, bobKey, (byte*)sharedOne, (word32*)&outLen); if (ret != 0) { - printf("Failed to wc_ecc_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_shared_secret %d\n", ret); goto exit; } @@ -743,18 +743,18 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) ret = wc_ecc_shared_secret(bobKey, aliceKey, (byte*)sharedTwo, (word32*)&outLen); if (ret != 0) { - printf("Failed to wc_ecc_shared_secret %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_shared_secret %d\n", ret); goto exit; } /* Compare the shared secrets, they should match */ if (memcmp(sharedOne, sharedTwo, outLen) != 0) { - printf("ECC shared secrets don't match with imported keys\n"); + WOLFHSM_CFG_PRINTF("ECC shared secrets don't match with imported keys\n"); ret = -1; goto exit; } else { - printf("ECC shared secrets match with imported keys\n"); + WOLFHSM_CFG_PRINTF("ECC shared secrets match with imported keys\n"); } /* Sign the plaintext with Alice's private key */ @@ -762,7 +762,7 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) ret = wc_ecc_sign_hash(message, sizeof(message), (void*)signature, (word32*)&sigLen, rng, aliceKey); if (ret != 0) { - printf("Failed to wc_ecc_sign_hash %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_sign_hash %d\n", ret); goto exit; } @@ -773,14 +773,14 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) ret = wc_ecc_verify_hash((void*)signature, sigLen, (void*)message, sizeof(message), &res, aliceKey); if (ret != 0) { - printf("Failed to wc_ecc_verify_hash %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_ecc_verify_hash %d\n", ret); goto exit; } if (res == 1) - printf("ECC sign/verify successful with imported keys\n"); + WOLFHSM_CFG_PRINTF("ECC sign/verify successful with imported keys\n"); else { - printf("ECC sign/verify failure with imported keys\n"); + WOLFHSM_CFG_PRINTF("ECC sign/verify failure with imported keys\n"); ret = -1; goto exit; } @@ -795,7 +795,7 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) if (keyIdBob != WH_KEYID_ERASED) { int evictRet = wh_Client_KeyEvict(clientContext, keyIdBob); if (evictRet != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); if (ret == 0) { ret = evictRet; } @@ -804,7 +804,7 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext) if (keyIdAlice != WH_KEYID_ERASED) { int evictRet = wh_Client_KeyEvict(clientContext, keyIdAlice); if (evictRet != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); if (ret == 0) { ret = evictRet; } @@ -835,20 +835,20 @@ int wh_DemoClient_CryptoAesCbc(whClientContext* clientContext) /* Initialize the aes struct */ ret = wc_AesInit(aes, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_AesInit %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesInit %d\n", ret); } else { /* set the key on the client side */ ret = wc_AesSetKey(aes, key, sizeof(key), NULL, AES_ENCRYPTION); if (ret != 0) { - printf("Failed to wc_AesSetKey %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesSetKey %d\n", ret); } if (ret == 0) { /* encrypt the plaintext */ ret = wc_AesCbcEncrypt(aes, cipherText, plainText, sizeof(plainText)); if (ret != 0) { - printf("Failed to wc_AesCbcEncrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesCbcEncrypt %d\n", ret); } } @@ -856,7 +856,7 @@ int wh_DemoClient_CryptoAesCbc(whClientContext* clientContext) /* Reset the IV so we can decrypt */ ret = wc_AesSetIV(aes, NULL); if (ret != 0) { - printf("Failed to wc_AesSetIV %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesSetIV %d\n", ret); } } @@ -865,18 +865,18 @@ int wh_DemoClient_CryptoAesCbc(whClientContext* clientContext) ret = wc_AesCbcDecrypt(aes, finalText, cipherText, sizeof(plainText)); if (ret != 0) { - printf("Failed to wc_AesCbcDecrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesCbcDecrypt %d\n", ret); } } if (ret == 0) { /* compare final and plain */ if (memcmp(plainText, finalText, sizeof(plainText)) != 0) { - printf("AES CBC doesn't match after decryption\n"); + WOLFHSM_CFG_PRINTF("AES CBC doesn't match after decryption\n"); ret = -1; } else { - printf("AES CBC matches after decryption\n"); + WOLFHSM_CFG_PRINTF("AES CBC matches after decryption\n"); } } @@ -906,7 +906,7 @@ int wh_DemoClient_CryptoAesCbcImport(whClientContext* clientContext) /* Initialize the aes struct */ ret = wc_AesInit(aes, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_AesInit %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesInit %d\n", ret); goto exit; } @@ -915,7 +915,7 @@ int wh_DemoClient_CryptoAesCbcImport(whClientContext* clientContext) clientContext, WH_NVM_FLAGS_USAGE_ENCRYPT | WH_NVM_FLAGS_USAGE_DECRYPT, (uint8_t*)keyLabel, sizeof(keyLabel), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } @@ -924,42 +924,42 @@ int wh_DemoClient_CryptoAesCbcImport(whClientContext* clientContext) /* set the keyId on the struct */ ret = wh_Client_AesSetKeyId(aes, keyId); if (ret != 0) { - printf("Failed to wh_Client_SetKeyIdAes %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_SetKeyIdAes %d\n", ret); goto exit; } /* encrypt the plaintext */ ret = wc_AesCbcEncrypt(aes, cipherText, plainText, sizeof(plainText)); if (ret != 0) { - printf("Failed to wc_AesCbcEncrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesCbcEncrypt %d\n", ret); goto exit; } /* Reset the IV so we can decrypt */ ret = wc_AesSetIV(aes, NULL); if (ret != 0) { - printf("Failed to wc_AesSetIV %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesSetIV %d\n", ret); } /* decrypt the ciphertext */ ret = wc_AesCbcDecrypt(aes, finalText, cipherText, sizeof(plainText)); if (ret != 0) { - printf("Failed to wc_AesCbcDecrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesCbcDecrypt %d\n", ret); goto exit; } /* compare final and plain */ if (memcmp(plainText, finalText, sizeof(plainText)) != 0) { - printf("AES CBC doesn't match after decryption with imported key\n"); + WOLFHSM_CFG_PRINTF("AES CBC doesn't match after decryption with imported key\n"); ret = -1; goto exit; } - printf("AES CBC matches after decryption with imported key\n"); + WOLFHSM_CFG_PRINTF("AES CBC matches after decryption with imported key\n"); exit: if (needEvict) { int evictRet = wh_Client_KeyEvict(clientContext, keyId); if (evictRet != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); if (ret == 0) { ret = evictRet; } @@ -992,14 +992,14 @@ int wh_DemoClient_CryptoAesGcm(whClientContext* clientContext) /* initialize the aes struct */ ret = wc_AesInit(aes, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_AesInit %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesInit %d\n", ret); goto exit; } /* set the key and iv on the client side */ ret = wc_AesSetKey(aes, key, sizeof(key), iv, AES_ENCRYPTION); if (ret != 0) { - printf("Failed to wc_AesSetKey %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesSetKey %d\n", ret); goto exit; } @@ -1008,7 +1008,7 @@ int wh_DemoClient_CryptoAesGcm(whClientContext* clientContext) sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (ret != 0) { - printf("Failed to wc_AesGcmEncrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesGcmEncrypt %d\n", ret); goto exit; } @@ -1017,17 +1017,17 @@ int wh_DemoClient_CryptoAesGcm(whClientContext* clientContext) sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (ret != 0) { - printf("Failed to wc_AesGcmDecrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesGcmDecrypt %d\n", ret); goto exit; } /* compare the finaltext to the plaintext */ if (memcmp(plainText, finalText, sizeof(plainText)) != 0) { - printf("AES GCM doesn't match after decryption\n"); + WOLFHSM_CFG_PRINTF("AES GCM doesn't match after decryption\n"); ret = -1; goto exit; } - printf("AES GCM matches after decryption\n"); + WOLFHSM_CFG_PRINTF("AES GCM matches after decryption\n"); exit: return ret; } @@ -1055,7 +1055,7 @@ int wh_DemoClient_CryptoAesGcmImport(whClientContext* clientContext) /* initialize the aes struct */ ret = wc_AesInit(aes, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_AesInit %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesInit %d\n", ret); goto exit; } @@ -1064,7 +1064,7 @@ int wh_DemoClient_CryptoAesGcmImport(whClientContext* clientContext) clientContext, WH_NVM_FLAGS_USAGE_ENCRYPT | WH_NVM_FLAGS_USAGE_DECRYPT, (uint8_t*)keyLabel, sizeof(keyLabel), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } @@ -1073,14 +1073,14 @@ int wh_DemoClient_CryptoAesGcmImport(whClientContext* clientContext) /* set the keyId on the struct */ ret = wh_Client_AesSetKeyId(aes, keyId); if (ret != 0) { - printf("Failed to wh_Client_SetKeyIdAes %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_SetKeyIdAes %d\n", ret); goto exit; } /* set the iv */ ret = wc_AesSetIV(aes, iv); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } @@ -1089,7 +1089,7 @@ int wh_DemoClient_CryptoAesGcmImport(whClientContext* clientContext) sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (ret != 0) { - printf("Failed to wc_AesGcmEncrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesGcmEncrypt %d\n", ret); goto exit; } @@ -1098,24 +1098,24 @@ int wh_DemoClient_CryptoAesGcmImport(whClientContext* clientContext) sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (ret != 0) { - printf("Failed to wc_AesGcmDecrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesGcmDecrypt %d\n", ret); goto exit; } /* compare plaintext and finaltext */ if (memcmp(plainText, finalText, sizeof(plainText)) != 0) { - printf("AES GCM doesn't match after decryption with imported keys\n"); + WOLFHSM_CFG_PRINTF("AES GCM doesn't match after decryption with imported keys\n"); ret = -1; goto exit; } - printf("AES GCM matches after decryption with imported keys\n"); + WOLFHSM_CFG_PRINTF("AES GCM matches after decryption with imported keys\n"); exit: wc_AesFree(aes); if (needEvict) { /* evict the key from the cache */ int evictRet = wh_Client_KeyEvict(clientContext, keyId); if (evictRet != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); if (ret == 0) { ret = evictRet; } @@ -1146,14 +1146,14 @@ int wh_DemoClient_CryptoCmac(whClientContext* clientContext) ret = wc_InitCmac_ex(cmac, key, sizeof(key), WC_CMAC_AES, NULL, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitCmac_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitCmac_ex %d\n", ret); goto exit; } /* hash the message */ ret = wc_CmacUpdate(cmac, (byte*)message, strlen(message)); if (ret != 0) { - printf("Failed to wc_CmacUpdate %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_CmacUpdate %d\n", ret); goto exit; } @@ -1161,7 +1161,7 @@ int wh_DemoClient_CryptoCmac(whClientContext* clientContext) outLen = sizeof(tag); ret = wc_CmacFinal(cmac, tag, &outLen); if (ret != 0) { - printf("Failed to wc_CmacFinal %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_CmacFinal %d\n", ret); goto exit; } @@ -1170,11 +1170,11 @@ int wh_DemoClient_CryptoCmac(whClientContext* clientContext) wc_AesCmacVerify_ex(cmac, tag, sizeof(tag), (byte*)message, strlen(message), key, sizeof(key), NULL, WH_DEV_ID); if (ret != 0) { - printf("CMAC hash and verify failed %d\n", ret); + WOLFHSM_CFG_PRINTF("CMAC hash and verify failed %d\n", ret); goto exit; } - printf("CMAC hash and verify succeeded\n"); + WOLFHSM_CFG_PRINTF("CMAC hash and verify succeeded\n"); exit: (void)wc_CmacFree(cmac); return ret; @@ -1199,7 +1199,7 @@ int wh_DemoClient_CryptoCmacImport(whClientContext* clientContext) /* initialize the cmac struct */ ret = wc_InitCmac_ex(cmac, NULL, 0, WC_CMAC_AES, NULL, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitCmac_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitCmac_ex %d\n", ret); goto exit; } @@ -1208,21 +1208,21 @@ int wh_DemoClient_CryptoCmacImport(whClientContext* clientContext) clientContext, WH_NVM_FLAGS_USAGE_SIGN | WH_NVM_FLAGS_USAGE_VERIFY, (uint8_t*)keyLabel, sizeof(keyLabel), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } /* set the keyId on the struct */ ret = wh_Client_CmacSetKeyId(cmac, keyId); if (ret != 0) { - printf("Failed to wh_Client_SetKeyIdAes %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_SetKeyIdAes %d\n", ret); goto exit; } /* hash the message */ ret = wc_CmacUpdate(cmac, (byte*)message, sizeof(message)); if (ret != 0) { - printf("Failed to wc_CmacUpdate %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_CmacUpdate %d\n", ret); goto exit; } @@ -1230,7 +1230,7 @@ int wh_DemoClient_CryptoCmacImport(whClientContext* clientContext) outLen = sizeof(tag); ret = wc_CmacFinal(cmac, tag, &outLen); if (ret != 0) { - printf("Failed to wc_CmacFinal %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_CmacFinal %d\n", ret); goto exit; } @@ -1241,7 +1241,7 @@ int wh_DemoClient_CryptoCmacImport(whClientContext* clientContext) /* initialize the cmac struct */ ret = wc_InitCmac_ex(cmac, NULL, 0, WC_CMAC_AES, NULL, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitCmac_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitCmac_ex %d\n", ret); goto exit; } @@ -1251,14 +1251,14 @@ int wh_DemoClient_CryptoCmacImport(whClientContext* clientContext) clientContext, WH_NVM_FLAGS_USAGE_SIGN | WH_NVM_FLAGS_USAGE_VERIFY, (uint8_t*)keyLabel, sizeof(keyLabel), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } /* set the keyId on the struct */ ret = wh_Client_CmacSetKeyId(cmac, keyId); if (ret != 0) { - printf("Failed to wh_Client_SetKeyIdAes %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_SetKeyIdAes %d\n", ret); goto exit; } @@ -1268,11 +1268,11 @@ int wh_DemoClient_CryptoCmacImport(whClientContext* clientContext) ret = wc_AesCmacVerify_ex(cmac, tag, sizeof(tag), (byte*)message, sizeof(message), NULL, 0, NULL, WH_DEV_ID); if (ret != 0) { - printf("CMAC hash and verify failed with imported key %d\n", ret); + WOLFHSM_CFG_PRINTF("CMAC hash and verify failed with imported key %d\n", ret); goto exit; } - printf("CMAC hash and verify succeeded with imported key\n"); + WOLFHSM_CFG_PRINTF("CMAC hash and verify succeeded with imported key\n"); exit: (void)wc_CmacFree(cmac); return ret; @@ -1297,7 +1297,7 @@ int wh_DemoClient_CryptoCmacOneshotImport(whClientContext* clientContext) /* initialize the cmac struct */ ret = wc_InitCmac_ex(cmac, NULL, 0, WC_CMAC_AES, NULL, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitCmac_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitCmac_ex %d\n", ret); goto exit; } @@ -1306,14 +1306,14 @@ int wh_DemoClient_CryptoCmacOneshotImport(whClientContext* clientContext) clientContext, WH_NVM_FLAGS_USAGE_SIGN | WH_NVM_FLAGS_USAGE_VERIFY, (uint8_t*)keyLabel, sizeof(keyLabel), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } /* set the keyId on the struct */ ret = wh_Client_CmacSetKeyId(cmac, keyId); if (ret != 0) { - printf("Failed to wh_Client_SetKeyIdAes %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_SetKeyIdAes %d\n", ret); goto exit; } @@ -1324,7 +1324,7 @@ int wh_DemoClient_CryptoCmacOneshotImport(whClientContext* clientContext) ret = wc_AesCmacGenerate_ex(cmac, tag, &outLen, (byte*)message, sizeof(message), NULL, 0, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wh_Client_AesCmacGenerate %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_AesCmacGenerate %d\n", ret); goto exit; } @@ -1335,7 +1335,7 @@ int wh_DemoClient_CryptoCmacOneshotImport(whClientContext* clientContext) /* initialize the cmac struct */ ret = wc_InitCmac_ex(cmac, NULL, 0, WC_CMAC_AES, NULL, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitCmac_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitCmac_ex %d\n", ret); goto exit; } @@ -1345,14 +1345,14 @@ int wh_DemoClient_CryptoCmacOneshotImport(whClientContext* clientContext) clientContext, WH_NVM_FLAGS_USAGE_SIGN | WH_NVM_FLAGS_USAGE_VERIFY, (uint8_t*)keyLabel, sizeof(keyLabel), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); goto exit; } /* set the keyId on the struct */ ret = wh_Client_CmacSetKeyId(cmac, keyId); if (ret != 0) { - printf("Failed to wh_Client_SetKeyIdAes %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_SetKeyIdAes %d\n", ret); goto exit; } @@ -1362,12 +1362,12 @@ int wh_DemoClient_CryptoCmacOneshotImport(whClientContext* clientContext) ret = wc_AesCmacVerify_ex(cmac, tag, sizeof(tag), (byte*)message, sizeof(message), NULL, 0, NULL, WH_DEV_ID); if (ret != 0) { - printf("CMAC hash and verify oneshot failed with imported key %d\n", + WOLFHSM_CFG_PRINTF("CMAC hash and verify oneshot failed with imported key %d\n", ret); goto exit; } - printf("CMAC hash and verify oneshot succeeded with imported key\n"); + WOLFHSM_CFG_PRINTF("CMAC hash and verify oneshot succeeded with imported key\n"); exit: (void)wc_CmacFree(cmac); return ret; @@ -1403,7 +1403,7 @@ int wh_DemoClient_CryptoHkdfExport(whClientContext* clientContext) ret = wc_HKDF_ex(WC_SHA256, ikm, sizeof(ikm), salt, sizeof(salt), info, sizeof(info), okm, (word32)sizeof(okm), NULL, devId); if (ret != 0) { - printf("Failed to wc_HKDF_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_HKDF_ex %d\n", ret); } /* At this point 'okm' holds the derived key material. @@ -1445,7 +1445,7 @@ int wh_DemoClient_CryptoHkdfCache(whClientContext* clientContext) salt, (uint32_t)sizeof(salt), info, (uint32_t)sizeof(info), &keyId, flags, (const uint8_t*)label, (uint32_t)strlen(label), outSz); if (ret != WH_ERROR_OK) { - printf("Failed to wh_Client_HkdfMakeCacheKey %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_HkdfMakeCacheKey %d\n", ret); return ret; } @@ -1455,7 +1455,7 @@ int wh_DemoClient_CryptoHkdfCache(whClientContext* clientContext) /* Optionally evict the key from the cache once we are done using it */ ret = wh_Client_KeyEvict(clientContext, keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", ret); } return ret; @@ -1486,7 +1486,7 @@ int wh_DemoClient_CryptoHkdfCacheInputKey(whClientContext* clientContext) (uint8_t*)keyLabel, (uint32_t)strlen(keyLabel), ikm, (uint32_t)sizeof(ikm), &keyIdIn); if (ret != WH_ERROR_OK) { - printf("Failed to wh_Client_KeyCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyCache %d\n", ret); return ret; } @@ -1502,7 +1502,7 @@ int wh_DemoClient_CryptoHkdfCacheInputKey(whClientContext* clientContext) (uint32_t)sizeof(salt), info, (uint32_t)sizeof(info), &keyIdOut, WH_NVM_FLAGS_NONE, NULL, 0, (uint32_t)sizeof(okm)); if (ret != WH_ERROR_OK) { - printf("Failed to wh_Client_HkdfMakeCacheKey with cached input %d\n", + WOLFHSM_CFG_PRINTF("Failed to wh_Client_HkdfMakeCacheKey with cached input %d\n", ret); (void)wh_Client_KeyEvict(clientContext, keyIdIn); return ret; @@ -1563,7 +1563,7 @@ int wh_DemoClient_CryptoCmacKdfExport(whClientContext* clientContext) (word32)sizeof(demoCmacKdfFixedInfo), derived, (word32)sizeof(derived), NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_KDA_KDF_twostep_cmac %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_KDA_KDF_twostep_cmac %d\n", ret); } /* The key has now been derived and is stored in the 'derived' array */ @@ -1591,7 +1591,7 @@ int wh_DemoClient_CryptoCmacKdfCache(whClientContext* clientContext) (const uint8_t*)label, (uint32_t)strlen(label), WH_DEMO_CMAC_KDF_OUT_SZ); if (ret != WH_ERROR_OK) { - printf("Failed to wh_Client_CmacKdfMakeCacheKey %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_CmacKdfMakeCacheKey %d\n", ret); return ret; } @@ -1601,7 +1601,7 @@ int wh_DemoClient_CryptoCmacKdfCache(whClientContext* clientContext) /* Example: evict the key from cache once we are done with it */ ret = wh_Client_KeyEvict(clientContext, keyId); if (ret != 0) { - printf("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); } return ret; @@ -1628,7 +1628,7 @@ int wh_DemoClient_CryptoCmacKdfCacheInputs(whClientContext* clientContext) demoCmacKdfSalt, (uint32_t)sizeof(demoCmacKdfSalt), &saltKeyId); if (ret != WH_ERROR_OK) { - printf("Failed to cache CMAC KDF salt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to cache CMAC KDF salt %d\n", ret); return ret; } @@ -1638,7 +1638,7 @@ int wh_DemoClient_CryptoCmacKdfCacheInputs(whClientContext* clientContext) demoCmacKdfZ, (uint32_t)sizeof(demoCmacKdfZ), &zKeyId); if (ret != WH_ERROR_OK) { - printf("Failed to cache CMAC KDF Z input %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to cache CMAC KDF Z input %d\n", ret); /* Optionally evict the salt key if not needed anymore */ (void)wh_Client_KeyEvict(clientContext, saltKeyId); return ret; @@ -1658,7 +1658,7 @@ int wh_DemoClient_CryptoCmacKdfCacheInputs(whClientContext* clientContext) WH_DEMO_CMAC_KDF_OUT_SZ); if (ret != WH_ERROR_OK) { - printf("Failed to CMAC KDF with cached inputs %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to CMAC KDF with cached inputs %d\n", ret); } diff --git a/examples/demo/client/wh_demo_client_keystore.c b/examples/demo/client/wh_demo_client_keystore.c index 523d0f08..e8936b48 100644 --- a/examples/demo/client/wh_demo_client_keystore.c +++ b/examples/demo/client/wh_demo_client_keystore.c @@ -27,10 +27,10 @@ int wh_DemoClient_KeystoreBasic(whClientContext* clientContext) ret = wh_Client_KeyCache(clientContext, 0, label, sizeof(label), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to cache key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to cache key: %d\n", ret); return ret; } - printf("Key cached with ID: %d\n", keyId); + WOLFHSM_CFG_PRINTF("Key cached with ID: %d\n", keyId); /* Now that the key is cached (stored in RAM on the HSM), the key can be * used for any crypto or other keystore operation using the keyId. Note @@ -43,10 +43,10 @@ int wh_DemoClient_KeystoreBasic(whClientContext* clientContext) * to this keyId will fail with an error */ ret = wh_Client_KeyEvict(clientContext, keyId); if (ret != 0) { - printf("Failed to evict key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to evict key: %d\n", ret); return ret; } - printf("Key %d evicted\n", keyId); + WOLFHSM_CFG_PRINTF("Key %d evicted\n", keyId); return WH_ERROR_OK; } @@ -66,10 +66,10 @@ int wh_DemoClient_KeystoreCommitKey(whClientContext* clientContext) ret = wh_Client_KeyCache(clientContext, 0, label, sizeof(label), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to cache key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to cache key: %d\n", ret); return ret; } - printf("Key cached with ID: %d\n", keyId); + WOLFHSM_CFG_PRINTF("Key cached with ID: %d\n", keyId); /* Now that the key is cached (stored in RAM on the HSM), the key can be * used for any crypto or other keystore operation using the keyId. Note @@ -80,10 +80,10 @@ int wh_DemoClient_KeystoreCommitKey(whClientContext* clientContext) /* (Optionally) commit the key to non-volatile storage */ ret = wh_Client_KeyCommit(clientContext, keyId); if (ret != 0) { - printf("Failed to commit key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to commit key: %d\n", ret); return ret; } - printf("Key committed with ID: %d\n", keyId); + WOLFHSM_CFG_PRINTF("Key committed with ID: %d\n", keyId); /* Now that the key is committed to NVM, the keyId will persist and can be * used at any time, including across server restarts. Note that @@ -95,10 +95,10 @@ int wh_DemoClient_KeystoreCommitKey(whClientContext* clientContext) * remains in NVM and the keyId can still be used */ ret = wh_Client_KeyEvict(clientContext, keyId); if (ret != 0) { - printf("Failed to evict key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to evict key: %d\n", ret); return ret; } - printf("Key evicted with ID: %d\n", keyId); + WOLFHSM_CFG_PRINTF("Key evicted with ID: %d\n", keyId); /* We can still do work with the evicted key, and after using it, it will be * repopulated in the cache */ @@ -107,7 +107,7 @@ int wh_DemoClient_KeystoreCommitKey(whClientContext* clientContext) * usable */ ret = wh_Client_KeyErase(clientContext, keyId); if (ret != 0) { - printf("Failed to erase key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to erase key: %d\n", ret); return ret; } @@ -116,7 +116,7 @@ int wh_DemoClient_KeystoreCommitKey(whClientContext* clientContext) ret = wh_Client_KeyExport(clientContext, keyId, exportLabel, sizeof(exportLabel), exportKey, &exportKeySz); if (ret != WH_ERROR_NOTFOUND) { - printf("Key should not be found: instead got %d\n", ret); + WOLFHSM_CFG_PRINTF("Key should not be found: instead got %d\n", ret); return ret; } @@ -143,10 +143,10 @@ int wh_DemoClient_KeystoreAes(whClientContext* clientContext) clientContext, WH_NVM_FLAGS_USAGE_ENCRYPT | WH_NVM_FLAGS_USAGE_DECRYPT, label, sizeof(label), key, sizeof(key), &keyId); if (ret != 0) { - printf("Failed to cache key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to cache key: %d\n", ret); return ret; } - printf("Key cached with ID: %d\n", keyId); + WOLFHSM_CFG_PRINTF("Key cached with ID: %d\n", keyId); /* Now that the key is cached (stored in RAM on the HSM), the key can be * used for any crypto or other keystore operation using the keyId. Note @@ -157,10 +157,10 @@ int wh_DemoClient_KeystoreAes(whClientContext* clientContext) /* (Optionally) commit the key to non-volatile storage */ ret = wh_Client_KeyCommit(clientContext, keyId); if (ret != 0) { - printf("Failed to commit key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to commit key: %d\n", ret); return ret; } - printf("Key committed with ID: %d\n", keyId); + WOLFHSM_CFG_PRINTF("Key committed with ID: %d\n", keyId); /* Now that the key is committed to NVM, the keyId will persist and can be * used at any time, including across server restarts */ @@ -168,102 +168,102 @@ int wh_DemoClient_KeystoreAes(whClientContext* clientContext) /* Initialize AES context to use wolfHSM offload */ ret = wc_AesInit(&aes, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to initialize AES: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to initialize AES: %d\n", ret); return ret; } /* set AES context to use the cached key */ ret = wh_Client_AesSetKeyId(&aes, keyId); if (ret != 0) { - printf("Failed to set key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to set key: %d\n", ret); return ret; } /* Set the IV */ ret = wc_AesSetIV(&aes, iv); if (ret != 0) { - printf("Failed to set IV: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to set IV: %d\n", ret); return ret; } /* Encrypt the plaintext on the HSM */ ret = wc_AesCbcEncrypt(&aes, cipherText, plainText, sizeof(plainText)); if (ret != 0) { - printf("Failed to encrypt: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to encrypt: %d\n", ret); return ret; } - printf("Encryption successful\n"); + WOLFHSM_CFG_PRINTF("Encryption successful\n"); /* Re-set the IV, as the CBC operation will overwrite it */ ret = wc_AesSetIV(&aes, iv); if (ret != 0) { - printf("Failed to set IV: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to set IV: %d\n", ret); return ret; } /* Decrypt the ciphertext */ ret = wc_AesCbcDecrypt(&aes, decryptedText, cipherText, sizeof(cipherText)); if (ret != 0) { - printf("Failed to decrypt: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to decrypt: %d\n", ret); return ret; } - printf("Decryption successful\n"); + WOLFHSM_CFG_PRINTF("Decryption successful\n"); /* Verify the decrypted text matches the original plaintext */ if (memcmp(plainText, decryptedText, sizeof(plainText)) == 0) { - printf("Decryption matches original plaintext\n"); + WOLFHSM_CFG_PRINTF("Decryption matches original plaintext\n"); } else { - printf("Decryption does not match original plaintext\n"); + WOLFHSM_CFG_PRINTF("Decryption does not match original plaintext\n"); return -1; } /* Evict the key from the HSM */ ret = wh_Client_KeyEvict(clientContext, keyId); if (ret != 0) { - printf("Failed to evict key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to evict key: %d\n", ret); return ret; } - printf("Key evicted with ID: %d\n", keyId); + WOLFHSM_CFG_PRINTF("Key evicted with ID: %d\n", keyId); /* Though the key is evicted, we can still use it for crypto operations, * usage will just require the server to load the key from NVM. The key will * be restored in the cache after using it */ ret = wc_AesInit(&aes, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to initialize AES: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to initialize AES: %d\n", ret); return ret; } ret = wh_Client_AesSetKeyId(&aes, keyId); if (ret != 0) { - printf("Failed to set key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to set key: %d\n", ret); return ret; } ret = wc_AesSetIV(&aes, iv); if (ret != 0) { - printf("Failed to set IV: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to set IV: %d\n", ret); return ret; } ret = wc_AesCbcEncrypt(&aes, cipherText, plainText, sizeof(plainText)); if (ret != 0) { - printf("Failed to encrypt: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to encrypt: %d\n", ret); return ret; } ret = wc_AesSetIV(&aes, iv); if (ret != 0) { - printf("Failed to set IV: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to set IV: %d\n", ret); return ret; } ret = wc_AesCbcDecrypt(&aes, decryptedText, cipherText, sizeof(cipherText)); if (ret != 0) { - printf("Failed to decrypt: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to decrypt: %d\n", ret); return ret; } if (memcmp(plainText, decryptedText, sizeof(plainText)) == 0) { - printf("Decryption matches original plaintext\n"); + WOLFHSM_CFG_PRINTF("Decryption matches original plaintext\n"); } else { - printf("Decryption does not match original plaintext\n"); + WOLFHSM_CFG_PRINTF("Decryption does not match original plaintext\n"); return -1; } @@ -271,7 +271,7 @@ int wh_DemoClient_KeystoreAes(whClientContext* clientContext) * usable */ ret = wh_Client_KeyErase(clientContext, keyId); if (ret != 0) { - printf("Failed to erase key: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to erase key: %d\n", ret); return ret; } @@ -279,7 +279,7 @@ int wh_DemoClient_KeystoreAes(whClientContext* clientContext) (void)wh_Client_AesSetKeyId(&aes, keyId); ret = wc_AesCbcEncrypt(&aes, cipherText, plainText, sizeof(plainText)); if (ret != WH_ERROR_NOTFOUND) { - printf("Key should not be found: instead got %d\n", ret); + WOLFHSM_CFG_PRINTF("Key should not be found: instead got %d\n", ret); return ret; } diff --git a/examples/demo/client/wh_demo_client_keywrap.c b/examples/demo/client/wh_demo_client_keywrap.c index 04ca899d..1f404e72 100644 --- a/examples/demo/client/wh_demo_client_keywrap.c +++ b/examples/demo/client/wh_demo_client_keywrap.c @@ -109,7 +109,7 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) * and the KEK would be provisioned on the server prior to runtime */ ret = _InitServerKek(client); if (ret != WH_ERROR_OK) { - printf("Failed to _InitServerKek %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to _InitServerKek %d\n", ret); return ret; } @@ -118,14 +118,14 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) /* Initialize the RNG so we can generate an AES GCM key to wrap */ ret = wc_InitRng_ex(rng, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_InitRng_ex %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRng_ex %d\n", ret); goto cleanup_kek; } /* Now we generate the AES GCM key using the RNG */ ret = wc_RNG_GenerateBlock(rng, key, sizeof(key)); if (ret != 0) { - printf("Failed to wc_RNG_GenerateBlock for key data %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_RNG_GenerateBlock for key data %d\n", ret); goto cleanup_rng; } @@ -135,7 +135,7 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) key, sizeof(key), &metadata, wrappedKey, sizeof(wrappedKey)); if (ret != 0) { - printf("Failed to wh_Client_KeyWrap %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyWrap %d\n", ret); goto cleanup_rng; } @@ -152,14 +152,14 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) WH_DEMO_KEYWRAP_KEKID, wrappedKey, sizeof(wrappedKey), &wrappedKeyId); if (ret != 0) { - printf("Failed to wh_Client_KeyUnwrapAndCache %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyUnwrapAndCache %d\n", ret); goto cleanup_rng; } /* Initialize AES context */ ret = wc_AesInit(aes, NULL, WH_DEV_ID); if (ret != 0) { - printf("Failed to wc_AesInit %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesInit %d\n", ret); goto cleanup_cached_key; } @@ -168,7 +168,7 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) ret = wh_Client_AesSetKeyId(aes, WH_CLIENT_KEYID_MAKE_WRAPPED(wrappedKeyId)); if (ret != 0) { - printf("Failed to wh_Client_AesSetKeyId %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_AesSetKeyId %d\n", ret); goto cleanup_aes; } @@ -176,7 +176,7 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) * do */ ret = wc_RNG_GenerateBlock(rng, iv, sizeof(iv)); if (ret != 0) { - printf("Failed to wc_RNG_GenerateBlock for AES-GCM key %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_RNG_GenerateBlock for AES-GCM key %d\n", ret); goto cleanup_aes; } @@ -185,7 +185,7 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) ret = wc_AesGcmEncrypt(aes, ciphertext, plaintext, sizeof(plaintext), iv, sizeof(iv), tag, sizeof(tag), aad, sizeof(aad)); if (ret != 0) { - printf("Failed to wc_AesGcmEncrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesGcmEncrypt %d\n", ret); goto cleanup_aes; } @@ -198,14 +198,14 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) aad, sizeof(aad)); /* authIn (AAD), authInSz */ if (ret != 0) { ret = WH_ERROR_ABORTED; - printf("Failed to wc_AesGcmDecrypt %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wc_AesGcmDecrypt %d\n", ret); goto cleanup_aes; } /* Check if the decrypted data matches an expected value */ if (memcmp(decrypted, plaintext, sizeof(decrypted)) != 0) { ret = WH_ERROR_ABORTED; - printf("Decrypted value does not match expected value\n"); + WOLFHSM_CFG_PRINTF("Decrypted value does not match expected value\n"); goto cleanup_aes; } @@ -217,21 +217,21 @@ int wh_DemoClient_AesGcmKeyWrap(whClientContext* client) sizeof(wrappedKey), &exportedMetadata, exportedKey, sizeof(exportedKey)); if (ret != 0) { - printf("Failed to wh_Client_KeyUnwrapAndExport %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyUnwrapAndCache %d\n", ret); goto cleanup_aes; } /* Compare the exported key to the client key we requested to wrap */ if (memcmp(key, exportedKey, sizeof(key)) != 0) { ret = WH_ERROR_ABORTED; - printf("AES GCM wrap/unwrap key failed to match\n"); + WOLFHSM_CFG_PRINTF("AES GCM wrap/unwrap key failed to match\n"); goto cleanup_aes; } /* Compare the exported metadata to the metadata we requested to wrap */ if (memcmp(&metadata, &exportedMetadata, sizeof(metadata)) != 0) { ret = WH_ERROR_ABORTED; - printf("AES GCM wrap/unwrap metadata failed to match\n"); + WOLFHSM_CFG_PRINTF("AES GCM wrap/unwrap metadata failed to match\n"); goto cleanup_aes; } @@ -262,7 +262,7 @@ int wh_DemoClient_KeyWrap(whClientContext* client) ret = wh_DemoClient_AesGcmKeyWrap(client); if (ret != WH_ERROR_OK) { - printf("Failed to wh_DemoClient_AesGcmKeyWrap %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_DemoClient_AesGcmKeyWrap %d\n", ret); return ret; } diff --git a/examples/demo/client/wh_demo_client_nvm.c b/examples/demo/client/wh_demo_client_nvm.c index 760b584c..f2f3b634 100644 --- a/examples/demo/client/wh_demo_client_nvm.c +++ b/examples/demo/client/wh_demo_client_nvm.c @@ -35,18 +35,18 @@ int wh_DemoClient_Nvm(whClientContext* clientContext) whNvmSize readLen; if (clientContext == NULL) { - printf("Client context is NULL\n"); + WOLFHSM_CFG_PRINTF("Client context is NULL\n"); return WH_ERROR_BADARGS; } /* Initialize NVM */ rc = wh_Client_NvmInit(clientContext, &serverRc, NULL, NULL); if (rc != 0 || serverRc != 0) { - printf("NVM Init failed with error code: %d, server error code: %d\n", + WOLFHSM_CFG_PRINTF("NVM Init failed with error code: %d, server error code: %d\n", rc, serverRc); return (rc != 0) ? rc : serverRc; } - printf("NVM Initialized successfully\n"); + WOLFHSM_CFG_PRINTF("NVM Initialized successfully\n"); /* Add multiple objects, reading back each one and comparing the data * against what we wrote */ @@ -57,33 +57,33 @@ int wh_DemoClient_Nvm(whClientContext* clientContext) clientContext, objectIds[i], WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_NONE, sizeof(labels[i]), labels[i], dataLen, data[i], &serverRc); if (rc != 0 || serverRc != 0) { - printf("Add Object %d failed with error code: %d, server error " + WOLFHSM_CFG_PRINTF("Add Object %d failed with error code: %d, server error " "code: %d\n", objectIds[i], rc, serverRc); return (rc != 0) ? rc : serverRc; } - printf("Object %d added successfully\n", objectIds[i]); + WOLFHSM_CFG_PRINTF("Object %d added successfully\n", objectIds[i]); /* Read the object data */ rc = wh_Client_NvmRead(clientContext, objectIds[i], 0, dataLen, &serverRc, &readLen, readData); if (rc != 0 || serverRc != 0) { - printf("Read Object %d failed with error code: %d, server error " + WOLFHSM_CFG_PRINTF("Read Object %d failed with error code: %d, server error " "code: %d\n", objectIds[i], rc, serverRc); return (rc != 0) ? rc : serverRc; } - printf("Object %d read successfully: Data=%s\n", objectIds[i], + WOLFHSM_CFG_PRINTF("Object %d read successfully: Data=%s\n", objectIds[i], readData); /* Ensure data we read matches data we wrote */ if (memcmp(data[i], readData, dataLen) != 0) { - printf("Readback check failed for Object %d: Data read does not " + WOLFHSM_CFG_PRINTF("Readback check failed for Object %d: Data read does not " "match data written\n", objectIds[i]); return WH_ERROR_ABORTED; } - printf("Readback check passed for Object %d: Data read matches data " + WOLFHSM_CFG_PRINTF("Readback check passed for Object %d: Data read matches data " "written\n", objectIds[i]); } @@ -93,55 +93,55 @@ int wh_DemoClient_Nvm(whClientContext* clientContext) wh_Client_NvmGetAvailable(clientContext, &serverRc, &availSize, &availObjects, &reclaimSize, &reclaimObjects); if (rc != 0 || serverRc != 0) { - printf("Get Available Objects failed with error code: %d, server error " + WOLFHSM_CFG_PRINTF("Get Available Objects failed with error code: %d, server error " "code: %d\n", rc, serverRc); return (rc != 0) ? rc : serverRc; } - printf("Available Objects retrieved successfully: Available Size=%d, " + WOLFHSM_CFG_PRINTF("Available Objects retrieved successfully: Available Size=%d, " "Available Objects=%d, Reclaim Size=%d, Reclaim Objects=%d\n", availSize, availObjects, reclaimSize, reclaimObjects); /* Delete one object */ rc = wh_Client_NvmDestroyObjects(clientContext, 1, objectIds, &serverRc); if (rc != 0 || serverRc != 0) { - printf("Delete Objects failed with error code: %d, server error code: " + WOLFHSM_CFG_PRINTF("Delete Objects failed with error code: %d, server error code: " "%d\n", rc, serverRc); return (rc != 0) ? rc : serverRc; } - printf("Objects deleted successfully\n"); + WOLFHSM_CFG_PRINTF("Objects deleted successfully\n"); /* Delete multiple objects */ rc = wh_Client_NvmDestroyObjects(clientContext, NUM_OBJECTS - 1, &objectIds[1], &serverRc); if (rc != 0 || serverRc != 0) { - printf("Delete Objects failed with error code: %d, server error code: " + WOLFHSM_CFG_PRINTF("Delete Objects failed with error code: %d, server error code: " "%d\n", rc, serverRc); return (rc != 0) ? rc : serverRc; } - printf("Objects deleted successfully\n"); + WOLFHSM_CFG_PRINTF("Objects deleted successfully\n"); /* Reclaim space */ rc = wh_Client_NvmDestroyObjects(clientContext, 0, NULL, &serverRc); if (rc != 0 || serverRc != 0) { - printf("Reclaim Objects failed with error code: %d, server error code: " + WOLFHSM_CFG_PRINTF("Reclaim Objects failed with error code: %d, server error code: " "%d\n", rc, serverRc); return (rc != 0) ? rc : serverRc; } - printf("Reclaimed space successfully\n"); + WOLFHSM_CFG_PRINTF("Reclaimed space successfully\n"); /* Cleanup NVM */ rc = wh_Client_NvmCleanup(clientContext, &serverRc); if (rc != 0 || serverRc != 0) { - printf( + WOLFHSM_CFG_PRINTF( "NVM Cleanup failed with error code: %d, server error code: %d\n", rc, serverRc); return (rc != 0) ? rc : serverRc; } - printf("NVM Cleaned up successfully\n"); + WOLFHSM_CFG_PRINTF("NVM Cleaned up successfully\n"); return 0; } diff --git a/examples/demo/client/wh_demo_client_secboot.c b/examples/demo/client/wh_demo_client_secboot.c index 506d6c46..69276874 100644 --- a/examples/demo/client/wh_demo_client_secboot.c +++ b/examples/demo/client/wh_demo_client_secboot.c @@ -66,15 +66,15 @@ static int _showNvm(whClientContext* clientContext) whNvmId id = 0; whNvmId count = 0; - printf("NVM Contents:\n"); + WOLFHSM_CFG_PRINTF("NVM Contents:\n"); do { ret = wh_Client_NvmList(clientContext, access, flags, id, NULL, &count, &id); if (ret != WH_ERROR_OK) { - printf("wh_Client_NvmList failed with ret:%d\n", ret); + WOLFHSM_CFG_PRINTF("wh_Client_NvmList failed with ret:%d\n", ret); break; } - printf("NVM List: count=%u, id=%u\n", (unsigned int)count, + WOLFHSM_CFG_PRINTF("NVM List: count=%u, id=%u\n", (unsigned int)count, (unsigned int)id); if (count > 0) { @@ -84,16 +84,16 @@ static int _showNvm(whClientContext* clientContext) wh_Client_NvmGetMetadata(clientContext, id, NULL, NULL, NULL, NULL, &data_len, sizeof(label), label); if (ret != WH_ERROR_OK) { - printf("wh_Client_NvmGetMetadata failed with ret:%d\n", ret); + WOLFHSM_CFG_PRINTF("wh_Client_NvmGetMetadata failed with ret:%d\n", ret); break; } - printf("NVM Object ID %u has label '%-*s' and size:%u\n", + WOLFHSM_CFG_PRINTF("NVM Object ID %u has label '%-*s' and size:%u\n", (unsigned int)id, (int)sizeof(label), label, (unsigned int)data_len); } } while (count > 0); - printf("End of NVM Contents\n"); + WOLFHSM_CFG_PRINTF("End of NVM Contents\n"); return ret; } @@ -128,7 +128,7 @@ static int _sha256File(const char* file_to_measure, uint8_t* hash) close(fd); if (ptr != (void*)-1) { - printf("Generating SHA256 of %s over %u bytes at %p\n", + WOLFHSM_CFG_PRINTF("Generating SHA256 of %s over %u bytes at %p\n", file_to_measure, (unsigned int)size, ptr); wc_Sha256 sha256[1]; ret = wc_InitSha256_ex(sha256, NULL, WH_DEV_ID); @@ -205,22 +205,22 @@ int wh_DemoClient_SecBoot_Provision(whClientContext* clientContext) ret = wh_Client_CommInit(clientContext, &client_id, &server_id); if (ret == WH_ERROR_OK) { - printf("Provision client connected to server id %u with client id %u\n", + WOLFHSM_CFG_PRINTF("Provision client connected to server id %u with client id %u\n", server_id, client_id); _showNvm(clientContext); - printf("Server generating and committing keypair...\n"); + WOLFHSM_CFG_PRINTF("Server generating and committing keypair...\n"); ret = _provisionMakeCommitKey(clientContext); if (ret == WH_ERROR_OK) { uint8_t hash[WC_SHA256_DIGEST_SIZE] = {0}; - printf("Measuring image %s...\n", file_to_measure); + WOLFHSM_CFG_PRINTF("Measuring image %s...\n", file_to_measure); ret = _sha256File(file_to_measure, hash); if (ret == WH_ERROR_OK) { uint8_t sig[ECC_MAX_SIG_SIZE] = {0}; uint16_t siglen = sizeof(sig); - printf("Signing hash...\n"); + WOLFHSM_CFG_PRINTF("Signing hash...\n"); ret = _signHash(hash, sizeof(hash), sig, &siglen); if (ret == WH_ERROR_OK) { int32_t rc = 0; @@ -228,19 +228,19 @@ int wh_DemoClient_SecBoot_Provision(whClientContext* clientContext) memcpy(sigLabel, sig_nvmLabel, sizeof(sig_nvmLabel)); wh_Utils_Hexdump("Signature:\n", sig, siglen); - printf("Storing the signature in NVM as nvmId %u\n", + WOLFHSM_CFG_PRINTF("Storing the signature in NVM as nvmId %u\n", sig_nvmId); ret = wh_Client_NvmAddObject( clientContext, sig_nvmId, WH_NVM_ACCESS_NONE, WH_NVM_FLAGS_NONE, sizeof(sig_nvmLabel), sigLabel, siglen, sig, &rc); - printf("Stored signature with ret:%d and rc:%d\n", ret, rc); + WOLFHSM_CFG_PRINTF("Stored signature with ret:%d and rc:%d\n", ret, rc); } } _showNvm(clientContext); } } - printf("Provision Client completed with ret:%d\n", ret); + WOLFHSM_CFG_PRINTF("Provision Client completed with ret:%d\n", ret); return ret; } @@ -253,10 +253,10 @@ int wh_DemoClient_SecBoot_Boot(whClientContext* clientContext) if (clientContext == NULL) { return WH_ERROR_BADARGS; } - printf("SecBoot Client starting...\n"); + WOLFHSM_CFG_PRINTF("SecBoot Client starting...\n"); ret = wh_Client_CommInit(clientContext, &client_id, &server_id); if (ret == WH_ERROR_OK) { - printf("SecBoot Client connected to server id %u with client id %u\n", + WOLFHSM_CFG_PRINTF("SecBoot Client connected to server id %u with client id %u\n", server_id, client_id); _showNvm(clientContext); @@ -264,19 +264,19 @@ int wh_DemoClient_SecBoot_Boot(whClientContext* clientContext) uint8_t sig[ECC_MAX_SIG_SIZE] = {0}; whNvmSize siglen = 0; int32_t rc = 0; - printf("SecBoot Client loading signature from NVM as nvmId %u\n", + WOLFHSM_CFG_PRINTF("SecBoot Client loading signature from NVM as nvmId %u\n", sig_nvmId); ret = wh_Client_NvmGetMetadata(clientContext, sig_nvmId, &rc, NULL, NULL, NULL, &siglen, 0, NULL); if (ret != WH_ERROR_OK) { - printf("wh_Client_NvmGetMetadata failed with ret:%d\n", ret); + WOLFHSM_CFG_PRINTF("wh_Client_NvmGetMetadata failed with ret:%d\n", ret); return ret; } - printf("SecBoot got siglen %d with ret:%d rc:%d\n", siglen, ret, rc); + WOLFHSM_CFG_PRINTF("SecBoot got siglen %d with ret:%d rc:%d\n", siglen, ret, rc); ret = wh_Client_NvmRead(clientContext, sig_nvmId, 0, siglen, &rc, NULL, sig); if (ret != WH_ERROR_OK || rc != 0) { - printf("Read Object %d failed with error code: %d, server error " + WOLFHSM_CFG_PRINTF("Read Object %d failed with error code: %d, server error " "code: %d\n", sig_nvmId, ret, rc); return (ret != WH_ERROR_OK) ? ret : rc; @@ -285,22 +285,22 @@ int wh_DemoClient_SecBoot_Boot(whClientContext* clientContext) uint8_t hash[WC_SHA256_DIGEST_SIZE] = {0}; - printf("Measuring image %s...\n", file_to_measure); + WOLFHSM_CFG_PRINTF("Measuring image %s...\n", file_to_measure); ret = _sha256File(file_to_measure, hash); if (ret == WH_ERROR_OK) { - printf("SecBoot Client Verifying signature using keyId %u\n", prov_keyId); + WOLFHSM_CFG_PRINTF("SecBoot Client Verifying signature using keyId %u\n", prov_keyId); ret = _verifyHash(hash, sizeof(hash), sig, siglen, &rc); - printf("ecc_verify:%d rc:%d\n", ret, rc); + WOLFHSM_CFG_PRINTF("ecc_verify:%d rc:%d\n", ret, rc); if ((ret == 0) && (rc == 1)) { - printf("SecBoot Client signature verified successfully!!\n"); + WOLFHSM_CFG_PRINTF("SecBoot Client signature verified successfully!!\n"); } else { - printf("SecBoot Client failed with ret:%d and rc:%d\n", ret, rc); + WOLFHSM_CFG_PRINTF("SecBoot Client failed with ret:%d and rc:%d\n", ret, rc); } } } - printf("SecBoot Client completed with ret:%d\n", ret); + WOLFHSM_CFG_PRINTF("SecBoot Client completed with ret:%d\n", ret); return ret; } @@ -315,22 +315,22 @@ int wh_DemoClient_SecBoot_Zeroize(whClientContext* clientContext) } ret = wh_Client_CommInit(clientContext, &client_id, &server_id); - printf("Connected to server id %u with client id %u: %d\n", + WOLFHSM_CFG_PRINTF("Connected to server id %u with client id %u: %d\n", server_id, client_id, ret); if (ret == WH_ERROR_OK) { int rc = 0; _showNvm(clientContext); ret = wh_Client_KeyErase(clientContext, prov_keyId); - printf("Zeroize Client erased keyId:%u ret:%d\n", prov_keyId, ret); + WOLFHSM_CFG_PRINTF("Zeroize Client erased keyId:%u ret:%d\n", prov_keyId, ret); ret = wh_Client_NvmDestroyObjects(clientContext, 1, &sig_nvmId, &rc); - printf("Zeroize Client destroyed NVM object:%u ret:%d with rc:%d\n", + WOLFHSM_CFG_PRINTF("Zeroize Client destroyed NVM object:%u ret:%d with rc:%d\n", sig_nvmId, ret, rc); _showNvm(clientContext); } - printf("SecBoot Zeroize Client completed with ret:%d\n", ret); + WOLFHSM_CFG_PRINTF("SecBoot Zeroize Client completed with ret:%d\n", ret); return ret; } diff --git a/examples/posix/wh_posix_client/Makefile b/examples/posix/wh_posix_client/Makefile index 904a2698..1b862518 100644 --- a/examples/posix/wh_posix_client/Makefile +++ b/examples/posix/wh_posix_client/Makefile @@ -73,6 +73,16 @@ ifeq ($(DEBUG),1) DBGFLAGS = -ggdb -g3 CFLAGS += $(DBGFLAGS) LDFLAGS += $(DBGFLAGS) + DEF += -DWOLFHSM_CFG_DEBUG +endif + +# Check if DEBUG_VERBOSE is set to 1 and enable verbose WOLFHSM debug output +# Note: DEBUG_VERBOSE implies DEBUG +ifeq ($(DEBUG_VERBOSE),1) + DBGFLAGS = -ggdb -g3 + CFLAGS += $(DBGFLAGS) + LDFLAGS += $(DBGFLAGS) + DEF += -DWOLFHSM_CFG_DEBUG -DWOLFHSM_CFG_DEBUG_VERBOSE endif # Add address sanitizer option diff --git a/examples/posix/wh_posix_client/user_settings.h b/examples/posix/wh_posix_client/user_settings.h index e18ac2f2..d25542bc 100644 --- a/examples/posix/wh_posix_client/user_settings.h +++ b/examples/posix/wh_posix_client/user_settings.h @@ -8,8 +8,8 @@ #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 /* Optional if debugging cryptocb's */ #if 0 -#define DEBUG_CRYPTOCB -#define DEBUG_CRYPTOCB_VERBOSE +#define WOLFHSM_CFG_DEBUG +#define WOLFHSM_CFG_DEBUG_VERBOSE #endif /* Key DER export/import support */ diff --git a/examples/posix/wh_posix_client/wh_posix_client.c b/examples/posix/wh_posix_client/wh_posix_client.c index 1c9d8f99..6b4e4882 100644 --- a/examples/posix/wh_posix_client/wh_posix_client.c +++ b/examples/posix/wh_posix_client/wh_posix_client.c @@ -72,18 +72,18 @@ static int wh_ClientTask(void* cf, const char* type, int test) if (ret == 0) { ret = wh_Client_CommInit(client, NULL, NULL); if (ret != 0) { - printf("Failed to initialize client communication\n"); + WOLFHSM_CFG_PRINTF("Failed to initialize client communication\n"); return -1; } } if (strcmp(type, "dma") == 0) { #ifdef WOLFSSL_STATIC_MEMORY - printf("Setting up DMA heap with static memory buckets\n"); + WOLFHSM_CFG_PRINTF("Setting up DMA heap with static memory buckets\n"); ret = wh_PosixClient_ExampleSetupDmaMemory(client, config); if (ret != 0) { - printf("Failed to setup DMA heap\n"); + WOLFHSM_CFG_PRINTF("Failed to setup DMA heap\n"); return -1; } #else @@ -91,9 +91,9 @@ static int wh_ClientTask(void* cf, const char* type, int test) #endif } - printf("Client connecting to server...\n"); + WOLFHSM_CFG_PRINTF("Client connecting to server...\n"); if (ret == 0 && test) { - printf("Running client demos...\n"); + WOLFHSM_CFG_PRINTF("Running client demos...\n"); return wh_DemoClient_All(client); } @@ -109,14 +109,14 @@ static int wh_ClientTask(void* cf, const char* type, int test) ret = wh_Client_EchoRequest(client, tx_req_len, tx_req); if (ret != WH_ERROR_NOTREADY) { if (ret != 0) { - printf("wh_Client_EchoRequest failed with ret=%d\n", ret); + WOLFHSM_CFG_PRINTF("wh_Client_EchoRequest failed with ret=%d\n", ret); } } _sleepMs(ONE_MS); } while (ret == WH_ERROR_NOTREADY); if (ret != 0) { - printf("Client had failure. Exiting\n"); + WOLFHSM_CFG_PRINTF("Client had failure. Exiting\n"); break; } @@ -129,7 +129,7 @@ static int wh_ClientTask(void* cf, const char* type, int test) } while (ret == WH_ERROR_NOTREADY); if (ret != 0) { - printf("Client had failure. Exiting\n"); + WOLFHSM_CFG_PRINTF("Client had failure. Exiting\n"); break; } } @@ -152,15 +152,15 @@ static int wh_ClientTask(void* cf, const char* type, int test) (void)wh_Client_CommClose(client); (void)wh_Client_Cleanup(client); - printf("Client disconnected\n"); + WOLFHSM_CFG_PRINTF("Client disconnected\n"); return ret; } void Usage(const char* exeName) { - printf("Usage: %s --type --test\n", exeName); - printf("Example: %s --type tcp\n", exeName); - printf("type: tcp (default), shm\n"); + WOLFHSM_CFG_PRINTF("Usage: %s --type --test\n", exeName); + WOLFHSM_CFG_PRINTF("Example: %s --type tcp\n", exeName); + WOLFHSM_CFG_PRINTF("type: tcp (default), shm\n"); } int main(int argc, char** argv) @@ -174,11 +174,11 @@ int main(int argc, char** argv) (void)argv; memset(c_conf, 0, sizeof(whClientConfig)); - printf("Example wolfHSM POSIX client "); + WOLFHSM_CFG_PRINTF("Example wolfHSM POSIX client "); #ifndef WOLFHSM_CFG_NO_CRYPTO - printf("built with wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); + WOLFHSM_CFG_PRINTF("built with wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); #else - printf("built with WOLFHSM_CFG_NO_CRYPTO\n"); + WOLFHSM_CFG_PRINTF("built with WOLFHSM_CFG_NO_CRYPTO\n"); #endif /* Parse command-line arguments */ @@ -190,28 +190,28 @@ int main(int argc, char** argv) test = 1; } else { - printf("Invalid argument: %s\n", argv[i]); + WOLFHSM_CFG_PRINTF("Invalid argument: %s\n", argv[i]); Usage(argv[0]); return -1; } } if (strcmp(type, "tcp") == 0) { - printf("Using TCP transport\n"); + WOLFHSM_CFG_PRINTF("Using TCP transport\n"); wh_PosixClient_ExampleTcpConfig(c_conf); } else if (strcmp(type, "shm") == 0) { - printf("Using shared memory transport\n"); + WOLFHSM_CFG_PRINTF("Using shared memory transport\n"); wh_PosixClient_ExampleShmConfig(c_conf); } #ifdef WOLFSSL_STATIC_MEMORY else if (strcmp(type, "dma") == 0) { - printf("Using DMA with shared memory transport\n"); + WOLFHSM_CFG_PRINTF("Using DMA with shared memory transport\n"); wh_PosixClient_ExampleShmDmaConfig(c_conf); } #endif else { - printf("Invalid client type: %s\n", type); + WOLFHSM_CFG_PRINTF("Invalid client type: %s\n", type); Usage(argv[0]); return -1; } diff --git a/examples/posix/wh_posix_client/wh_posix_client_cfg.c b/examples/posix/wh_posix_client/wh_posix_client_cfg.c index bd594214..4e01eb9d 100644 --- a/examples/posix/wh_posix_client/wh_posix_client_cfg.c +++ b/examples/posix/wh_posix_client/wh_posix_client_cfg.c @@ -54,20 +54,20 @@ int wh_PosixClient_ExampleSetupDmaMemory(void* ctx, void* conf) shmCtx = (posixTransportShmContext*)c_conf->comm->transport_context; ret = posixTransportShm_GetDma(shmCtx, &dma, &dmaSz); if (ret != 0) { - printf("Failed to get DMA\n"); + WOLFHSM_CFG_PRINTF("Failed to get DMA\n"); return -1; } ret = wc_LoadStaticMemory_ex(&hint, WH_POSIX_STATIC_MEM_LIST_SIZE, sizeList, distList, dma, dmaSz, 0, 0); if (ret != 0) { - printf("Failed to load static memory\n"); + WOLFHSM_CFG_PRINTF("Failed to load static memory\n"); return -1; } ret = posixTransportShm_SetDmaHeap(shmCtx, (void*)hint); if (ret != 0) { - printf("Failed to set heap\n"); + WOLFHSM_CFG_PRINTF("Failed to set heap\n"); return -1; } diff --git a/examples/posix/wh_posix_server/Makefile b/examples/posix/wh_posix_server/Makefile index b9f7ad1d..bee381a3 100644 --- a/examples/posix/wh_posix_server/Makefile +++ b/examples/posix/wh_posix_server/Makefile @@ -64,6 +64,16 @@ ifeq ($(DEBUG),1) DBGFLAGS = -ggdb -g3 CFLAGS += $(DBGFLAGS) LDFLAGS += $(DBGFLAGS) + DEF += -DWOLFHSM_CFG_DEBUG +endif + +# Check if DEBUG_VERBOSE is set to 1 and enable verbose WOLFHSM debug output +# Note: DEBUG_VERBOSE implies DEBUG +ifeq ($(DEBUG_VERBOSE),1) + DBGFLAGS = -ggdb -g3 + CFLAGS += $(DBGFLAGS) + LDFLAGS += $(DBGFLAGS) + DEF += -DWOLFHSM_CFG_DEBUG -DWOLFHSM_CFG_DEBUG_VERBOSE endif # Add address sanitizer option diff --git a/examples/posix/wh_posix_server/user_settings.h b/examples/posix/wh_posix_server/user_settings.h index 3241ee99..a21b90de 100644 --- a/examples/posix/wh_posix_server/user_settings.h +++ b/examples/posix/wh_posix_server/user_settings.h @@ -35,8 +35,8 @@ extern "C" { /* #define WC_NO_ASYNC_THREADING */ /* -#define DEBUG_CRYPTOCB -#define DEBUG_CRYPTOCB_VERBOSE +#define WOLFHSM_CFG_DEBUG +#define WOLFHSM_CFG_DEBUG_VERBOSE */ /** wolfHSM required settings for wolfCrypt */ diff --git a/examples/posix/wh_posix_server/wh_posix_server.c b/examples/posix/wh_posix_server/wh_posix_server.c index dc810fcd..54b6bd0c 100644 --- a/examples/posix/wh_posix_server/wh_posix_server.c +++ b/examples/posix/wh_posix_server/wh_posix_server.c @@ -69,21 +69,21 @@ static int loadAndStoreKeys(whServerContext* server, whKeyId* outKeyId, /* open the key file */ ret = keyFd = open(keyFilePath, O_RDONLY, 0); if (ret < 0) { - printf("Failed to open %s %d\n", keyFilePath, ret); + WOLFHSM_CFG_PRINTF("Failed to open %s %d\n", keyFilePath, ret); return ret; } /* read the key to local buffer */ ret = keySz = read(keyFd, keyBuf, sizeof(keyBuf)); if (ret < 0) { - printf("Failed to read %s %d\n", keyFilePath, ret); + WOLFHSM_CFG_PRINTF("Failed to read %s %d\n", keyFilePath, ret); close(keyFd); return ret; } ret = 0; close(keyFd); - printf( + WOLFHSM_CFG_PRINTF( "Loading key from %s (size=%d) with keyId=0x%02X and clientId=0x%01X\n", keyFilePath, keySz, keyId, clientId); @@ -97,9 +97,9 @@ static int loadAndStoreKeys(whServerContext* server, whKeyId* outKeyId, /* Get HSM assigned keyId if not set */ if (keyId == WH_KEYID_ERASED) { ret = wh_Server_KeystoreGetUniqueId(server, &meta.id); - printf("got unique ID = 0x%02X\n", meta.id & WH_KEYID_MASK); + WOLFHSM_CFG_PRINTF("got unique ID = 0x%02X\n", meta.id & WH_KEYID_MASK); } - printf( + WOLFHSM_CFG_PRINTF( "key NVM ID = 0x%04X\n\ttype=0x%01X\n\tuser=0x%01X\n\tkeyId=0x%02X\n", meta.id, WH_KEYID_TYPE(meta.id), WH_KEYID_USER(meta.id), WH_KEYID_ID(meta.id)); @@ -107,12 +107,12 @@ static int loadAndStoreKeys(whServerContext* server, whKeyId* outKeyId, if (ret == 0) { ret = wh_Server_KeystoreCacheKey(server, &meta, keyBuf); if (ret != 0) { - printf("Failed to wh_Server_KeystoreCacheKey, ret=%d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Server_KeystoreCacheKey, ret=%d\n", ret); return ret; } } else { - printf("Failed to wh_Server_KeystoreGetUniqueId, ret=%d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Server_KeystoreGetUniqueId, ret=%d\n", ret); return ret; } @@ -148,14 +148,14 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, ret = loadAndStoreKeys(server, &loadedKeyId, keyFilePath, keyId, clientId); if (ret != 0) { - printf("server failed to load key, ret=%d\n", ret); + WOLFHSM_CFG_PRINTF("server failed to load key, ret=%d\n", ret); (void)wh_Server_Cleanup(server); return ret; } } if (ret == 0) { - printf("Waiting for connection...\n"); + WOLFHSM_CFG_PRINTF("Waiting for connection...\n"); if (strcmp(type, "shm") == 0 || strcmp(type, "dma") == 0) { /* Shared memory assumes connected once memory is setup */ wh_Server_SetConnected(server, WH_COMM_CONNECTED); @@ -167,7 +167,7 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, _sleepMs(ONE_MS); } else if (ret != WH_ERROR_OK) { - printf("Failed to wh_Server_HandleRequestMessage: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to wh_Server_HandleRequestMessage: %d\n", ret); break; } else { @@ -177,12 +177,12 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, if (get_conn_result == WH_ERROR_OK) { if (current_state == WH_COMM_CONNECTED && last_state == WH_COMM_DISCONNECTED) { - printf("Server connected\n"); + WOLFHSM_CFG_PRINTF("Server connected\n"); last_state = WH_COMM_CONNECTED; } else if (current_state == WH_COMM_DISCONNECTED && last_state == WH_COMM_CONNECTED) { - printf("Server disconnected\n"); + WOLFHSM_CFG_PRINTF("Server disconnected\n"); last_state = WH_COMM_DISCONNECTED; /* POSIX TCP transport requires server to be @@ -193,7 +193,7 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, /* Reinitialize the server */ ret = wh_Server_Init(server, config); if (ret != 0) { - printf("Failed to reinitialize server: %d\n", ret); + WOLFHSM_CFG_PRINTF("Failed to reinitialize server: %d\n", ret); break; } @@ -210,7 +210,7 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, loadAndStoreKeys(server, &loadedKeyId, keyFilePath, keyId, clientId); if (ret != 0) { - printf("server failed to load key, ret=%d\n", + WOLFHSM_CFG_PRINTF("server failed to load key, ret=%d\n", ret); break; } @@ -218,7 +218,7 @@ static int wh_ServerTask(void* cf, const char* keyFilePath, int keyId, } } else { - printf("Failed to get connection state: %d\n", + WOLFHSM_CFG_PRINTF("Failed to get connection state: %d\n", get_conn_result); } } @@ -236,7 +236,7 @@ static int _hardwareCryptoCb(int devId, struct wc_CryptoInfo* info, void* ctx) int ret = CRYPTOCB_UNAVAILABLE; switch (info->algo_type) { case WC_ALGO_TYPE_RNG: { - /*printf("Hardware Crypto Callback: RNG operation requested\n");*/ + /*WOLFHSM_CFG_PRINTF("Hardware Crypto Callback: RNG operation requested\n");*/ /* Extract info parameters */ uint8_t* out = info->rng.out; uint32_t size = info->rng.sz; @@ -257,7 +257,7 @@ static int _hardwareCryptoCb(int devId, struct wc_CryptoInfo* info, void* ctx) break; } default: - /*printf("Hardware Crypto Callback: Unsupported algorithm type\n"); + /*WOLFHSM_CFG_PRINTF("Hardware Crypto Callback: Unsupported algorithm type\n"); */ ret = CRYPTOCB_UNAVAILABLE; } @@ -266,13 +266,13 @@ static int _hardwareCryptoCb(int devId, struct wc_CryptoInfo* info, void* ctx) #endif static void Usage(const char* exeName) { - printf("Usage: %s --key --id --client " + WOLFHSM_CFG_PRINTF("Usage: %s --key --id --client " "--nvminit --type \n", exeName); - printf("Example: %s --key key.bin --id 123 --client 456 " + WOLFHSM_CFG_PRINTF("Example: %s --key key.bin --id 123 --client 456 " "--nvminit nvm_init.txt --type tcp\n", exeName); - printf("type: tcp (default), shm, dma\n"); + WOLFHSM_CFG_PRINTF("type: tcp (default), shm, dma\n"); } @@ -286,11 +286,11 @@ int main(int argc, char** argv) uint8_t memory[WH_POSIX_FLASH_RAM_SIZE] = {0}; whServerConfig s_conf[1]; - printf("Example wolfHSM POSIX server "); + WOLFHSM_CFG_PRINTF("Example wolfHSM POSIX server "); #ifndef WOLFHSM_CFG_NO_CRYPTO - printf("built with wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); + WOLFHSM_CFG_PRINTF("built with wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); #else - printf("built with WOLFHSM_CFG_NO_CRYPTO\n"); + WOLFHSM_CFG_PRINTF("built with WOLFHSM_CFG_NO_CRYPTO\n"); #endif /* Parse command-line arguments */ @@ -311,7 +311,7 @@ int main(int argc, char** argv) type = argv[++i]; } else { - printf("Invalid argument: %s\n", argv[i]); + WOLFHSM_CFG_PRINTF("Invalid argument: %s\n", argv[i]); Usage(argv[0]); return -1; } @@ -320,35 +320,35 @@ int main(int argc, char** argv) /* Server configuration/context */ memset(s_conf, 0, sizeof(whServerConfig)); if (strcmp(type, "tcp") == 0) { - printf("Using TCP transport\n"); + WOLFHSM_CFG_PRINTF("Using TCP transport\n"); wh_PosixServer_ExampleTcpConfig(s_conf); } else if (strcmp(type, "shm") == 0) { - printf("Using shared memory transport\n"); + WOLFHSM_CFG_PRINTF("Using shared memory transport\n"); wh_PosixServer_ExampleShmConfig(s_conf); } #ifdef WOLFSSL_STATIC_MEMORY else if (strcmp(type, "dma") == 0) { - printf("Using DMA with shared memory transport\n"); + WOLFHSM_CFG_PRINTF("Using DMA with shared memory transport\n"); wh_PosixServer_ExampleShmDmaConfig(s_conf); } #endif else { - printf("Invalid server type: %s\n", type); + WOLFHSM_CFG_PRINTF("Invalid server type: %s\n", type); return -1; } /* RamSim Flash state and configuration */ rc = wh_PosixServer_ExampleRamSimConfig(s_conf, memory); if (rc != WH_ERROR_OK) { - printf("Failed to initialize RAMSim: %d\n", rc); + WOLFHSM_CFG_PRINTF("Failed to initialize RAMSim: %d\n", rc); return rc; } /* NVM Flash Configuration using RamSim HAL Flash */ rc = wh_PosixServer_ExampleNvmConfig(s_conf, nvmInitFilePath); if (rc != WH_ERROR_OK) { - printf("Failed to initialize NVM: %d\n", rc); + WOLFHSM_CFG_PRINTF("Failed to initialize NVM: %d\n", rc); return rc; } #if !defined(WOLFHSM_CFG_NO_CRYPTO) @@ -390,28 +390,28 @@ int main(int argc, char** argv) /* Context 5: Set default server crypto to use cryptocb */ crypto->devId = HW_DEV_ID; - printf("Context 5: Setting up default server crypto with devId=%d\n", + WOLFHSM_CFG_PRINTF("Context 5: Setting up default server crypto with devId=%d\n", crypto->devId); rc = wc_InitRng_ex(crypto->rng, NULL, crypto->devId); if (rc != 0) { - printf("Failed to wc_InitRng_ex: %d\n", rc); + WOLFHSM_CFG_PRINTF("Failed to wc_InitRng_ex: %d\n", rc); return rc; } rc = wh_ServerTask(s_conf, keyFilePath, keyId, clientId); if (rc != WH_ERROR_OK) { - printf("Server task failed: %d\n", rc); + WOLFHSM_CFG_PRINTF("Server task failed: %d\n", rc); return rc; } rc = wc_FreeRng(crypto->rng); if (rc != 0) { - printf("Failed to wc_FreeRng: %d\n", rc); + WOLFHSM_CFG_PRINTF("Failed to wc_FreeRng: %d\n", rc); return rc; } rc = wolfCrypt_Cleanup(); if (rc != 0) { - printf("Failed to wolfCrypt_Cleanup: %d\n", rc); + WOLFHSM_CFG_PRINTF("Failed to wolfCrypt_Cleanup: %d\n", rc); return rc; } #else @@ -420,7 +420,7 @@ int main(int argc, char** argv) (void)clientId; rc = wh_ServerTask(s_conf, keyFilePath, keyId, clientId); if (rc != WH_ERROR_OK) { - printf("Server task failed: %d\n", rc); + WOLFHSM_CFG_PRINTF("Server task failed: %d\n", rc); return rc; } #endif diff --git a/examples/posix/wh_posix_server/wh_posix_server_cfg.c b/examples/posix/wh_posix_server/wh_posix_server_cfg.c index e39690d6..5f194e82 100644 --- a/examples/posix/wh_posix_server/wh_posix_server_cfg.c +++ b/examples/posix/wh_posix_server/wh_posix_server_cfg.c @@ -169,7 +169,7 @@ static Entry* createEntry(uint8_t clientId, uint16_t id, uint16_t access, { Entry* newEntry = (Entry*)malloc(sizeof(Entry)); if (!newEntry) { - fprintf(stderr, "Memory allocation error\n"); + WOLFHSM_CFG_PRINTF("Memory allocation error\n"); exit(EXIT_FAILURE); } newEntry->clientId = clientId; @@ -278,8 +278,7 @@ static void parseNvmInitFile(const char* filePath) /* Parse client ID for key entries */ token = strtok(line + 3, " "); if (!token || !parseInteger(token, MAX_CLIENT_ID, &clientId)) { - fprintf(stderr, - "Error on line %d: Malformed key entry - invalid " + WOLFHSM_CFG_PRINTF("Error on line %d: Malformed key entry - invalid " "clientId\n", lineNumber); fclose(file); @@ -289,9 +288,7 @@ static void parseNvmInitFile(const char* filePath) /* Parse key ID for key entries */ token = strtok(NULL, " "); if (!token || !parseInteger(token, MAX_KEY_ID, &id)) { - fprintf( - stderr, - "Error on line %d: Malformed key entry - invalid keyId\n", + WOLFHSM_CFG_PRINTF("Error on line %d: Malformed key entry - invalid keyId\n", lineNumber); fclose(file); exit(EXIT_FAILURE); @@ -301,9 +298,7 @@ static void parseNvmInitFile(const char* filePath) /* Parse object ID for object entries */ token = strtok(line + 3, " "); if (!token || !parseInteger(token, MAX_KEY_ID, &id)) { - fprintf( - stderr, - "Error on line %d: Malformed object entry - invalid id\n", + WOLFHSM_CFG_PRINTF("Error on line %d: Malformed object entry - invalid id\n", lineNumber); fclose(file); exit(EXIT_FAILURE); @@ -311,8 +306,7 @@ static void parseNvmInitFile(const char* filePath) } else { /* Report error for unknown entry types */ - fprintf(stderr, - "Error on line %d: Malformed line or unknown entry type\n", + WOLFHSM_CFG_PRINTF("Error on line %d: Malformed line or unknown entry type\n", lineNumber); fclose(file); exit(EXIT_FAILURE); @@ -321,8 +315,7 @@ static void parseNvmInitFile(const char* filePath) /* Parse access field */ token = strtok(NULL, " "); if (!token || !parseInteger(token, UINT16_MAX, &access)) { - fprintf(stderr, - "Error on line %d: Malformed entry - invalid access\n", + WOLFHSM_CFG_PRINTF("Error on line %d: Malformed entry - invalid access\n", lineNumber); fclose(file); exit(EXIT_FAILURE); @@ -331,8 +324,7 @@ static void parseNvmInitFile(const char* filePath) /* Parse flags */ token = strtok(NULL, " "); if (!token || !parseInteger(token, UINT16_MAX, &flags)) { - fprintf(stderr, - "Error on line %d: Malformed entry - invalid flags\n", + WOLFHSM_CFG_PRINTF("Error on line %d: Malformed entry - invalid flags\n", lineNumber); fclose(file); exit(EXIT_FAILURE); @@ -341,8 +333,7 @@ static void parseNvmInitFile(const char* filePath) /* Parse the label (enclosed in quotes) */ token = strtok(NULL, "\""); if (!token) { - fprintf(stderr, - "Error on line %d: Malformed entry - missing or incorrect " + WOLFHSM_CFG_PRINTF("Error on line %d: Malformed entry - missing or incorrect " "label format\n", lineNumber); fclose(file); @@ -353,8 +344,7 @@ static void parseNvmInitFile(const char* filePath) /* Parse the file path */ token = strtok(NULL, " "); if (!token || sscanf(token, "%s", filePath) != 1) { - fprintf(stderr, - "Error on line %d: Malformed entry - missing file path\n", + WOLFHSM_CFG_PRINTF("Error on line %d: Malformed entry - missing file path\n", lineNumber); fclose(file); exit(EXIT_FAILURE); @@ -373,7 +363,7 @@ static void processEntry(Entry* entry, int isKey, whNvmContext* nvmContext) { FILE* file = fopen(entry->filePath, "rb"); if (file == NULL) { - fprintf(stderr, "Error processing entry: Unable to open file %s\n", + WOLFHSM_CFG_PRINTF("Error processing entry: Unable to open file %s\n", entry->filePath); return; } @@ -386,7 +376,7 @@ static void processEntry(Entry* entry, int isKey, whNvmContext* nvmContext) /* Allocate memory for the file data */ uint8_t* buffer = (uint8_t*)malloc(fileSize); if (buffer == NULL) { - fprintf(stderr, "Error: Memory allocation failed for file %s\n", + WOLFHSM_CFG_PRINTF("Error: Memory allocation failed for file %s\n", entry->filePath); fclose(file); return; @@ -397,7 +387,7 @@ static void processEntry(Entry* entry, int isKey, whNvmContext* nvmContext) fclose(file); if (bytesRead != (size_t)fileSize) { - fprintf(stderr, "Error: Failed to read entire file %s\n", + WOLFHSM_CFG_PRINTF("Error: Failed to read entire file %s\n", entry->filePath); free(buffer); return; @@ -408,7 +398,7 @@ static void processEntry(Entry* entry, int isKey, whNvmContext* nvmContext) if (isKey) { /* Keys have special ID format */ meta.id = WH_MAKE_KEYID(WH_KEYTYPE_CRYPTO, entry->clientId, entry->id); - printf("Processing Key Entry - ClientID: 0x%X, KeyID: 0x%X, Meta ID: " + WOLFHSM_CFG_PRINTF("Processing Key Entry - ClientID: 0x%X, KeyID: 0x%X, Meta ID: " "0x%X, " "Access: 0x%X, Flags: 0x%X, Label: %s, File: %s, Size: %ld\n", entry->clientId, entry->id, meta.id, entry->access, entry->flags, @@ -416,7 +406,7 @@ static void processEntry(Entry* entry, int isKey, whNvmContext* nvmContext) } else { meta.id = entry->id; - printf("Processing Object Entry - ID: 0x%X, Access: 0x%X, Flags: 0x%X, " + WOLFHSM_CFG_PRINTF("Processing Object Entry - ID: 0x%X, Access: 0x%X, Flags: 0x%X, " "Label: %s, File: %s, Size: %ld\n", entry->id, entry->access, entry->flags, entry->label, entry->filePath, fileSize); @@ -428,7 +418,7 @@ static void processEntry(Entry* entry, int isKey, whNvmContext* nvmContext) int rc = wh_Nvm_AddObject(nvmContext, &meta, fileSize, buffer); if (rc != 0) { - fprintf(stderr, "Error: Failed to add entry ID %u to NVM, ret = %d\n", + WOLFHSM_CFG_PRINTF("Error: Failed to add entry ID %u to NVM, ret = %d\n", meta.id, rc); } @@ -504,19 +494,19 @@ int wh_PosixServer_ExampleNvmConfig(void* conf, const char* nvmInitFilePath) s_conf->nvm = nvm; rc = wh_Nvm_Init(nvm, &n_conf); if (rc != 0) { - printf("Failed to initialize NVM: %d\n", rc); + WOLFHSM_CFG_PRINTF("Failed to initialize NVM: %d\n", rc); return rc; } /* Initialize NVM with contents from the NVM init file if provided */ if (nvmInitFilePath != NULL) { - printf("Initializing NVM with contents from %s\n", nvmInitFilePath); + WOLFHSM_CFG_PRINTF("Initializing NVM with contents from %s\n", nvmInitFilePath); rc = initializeNvm(nvm, nvmInitFilePath); if (rc != 0) { - printf("Failed to initialize NVM from file: %d\n", rc); + WOLFHSM_CFG_PRINTF("Failed to initialize NVM from file: %d\n", rc); return rc; } - printf("NVM initialization completed successfully\n"); + WOLFHSM_CFG_PRINTF("NVM initialization completed successfully\n"); } return WH_ERROR_OK; diff --git a/src/wh_client.c b/src/wh_client.c index 929350a6..7a258111 100644 --- a/src/wh_client.c +++ b/src/wh_client.c @@ -822,10 +822,8 @@ int wh_Client_KeyCache(whClientContext* c, uint32_t flags, uint8_t* label, } while (ret == WH_ERROR_NOTREADY); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s label:%.*s key_id:%x ret:%d \n", __func__, labelSz, + WH_DEBUG_CLIENT_VERBOSE("label:%.*s key_id:%x ret:%d \n", labelSz, label, *keyId, ret); -#endif return ret; } @@ -880,9 +878,7 @@ int wh_Client_KeyEvict(whClientContext* c, uint16_t keyId) } while (ret == WH_ERROR_NOTREADY); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("client %s key_id:%x ret:%d \n", __func__, keyId, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("key_id:%x ret:%d \n", keyId, ret); return ret; } diff --git a/src/wh_client_crypto.c b/src/wh_client_crypto.c index 457701c0..5b61db3e 100644 --- a/src/wh_client_crypto.c +++ b/src/wh_client_crypto.c @@ -224,12 +224,10 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size) uint32_t chunk_size = (size < client_max_data) ? size : client_max_data; req->sz = chunk_size; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] RNG: size:%u reqsz:%u remaining:%u\n", + WH_DEBUG_CLIENT_VERBOSE("RNG: size:%u reqsz:%u remaining:%u\n", (unsigned int)chunk_size, (unsigned int)req_len, (unsigned int)size); - printf("[client] RNG: req:%p\n", req); -#endif + WH_DEBUG_CLIENT_VERBOSE("RNG: req:%p\n", req); /* Send request and get response */ ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); @@ -252,12 +250,10 @@ int wh_Client_RngGenerate(whClientContext* ctx, uint8_t* out, uint32_t size) out += res->sz; } size -= res->sz; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] out size:%u remaining:%u\n", + WH_DEBUG_CLIENT_VERBOSE("out size:%u remaining:%u\n", (unsigned int)res->sz, (unsigned int)size); - wh_Utils_Hexdump("[client] res_out: \n", out - res->sz, + WH_DEBUG_VERBOSE_HEXDUMP("[client] res_out: \n", out - res->sz, res->sz); -#endif } else { /* Server returned more than we can handle - error */ @@ -380,11 +376,9 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, uint32_t req_len = sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req) + len + key_len + iv_len + (AES_BLOCK_SIZE * 2); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s: enc:%d keylen:%d ivsz:%d insz:%d reqsz:%u " + WH_DEBUG_CLIENT_VERBOSE("enc:%d keylen:%d ivsz:%d insz:%d reqsz:%u " "left:%d\n", - __func__, enc, key_len, iv_len, len, req_len, left); -#endif + enc, key_len, iv_len, len, req_len, left); if (req_len > WOLFHSM_CFG_COMM_DATA_LEN) { return WH_ERROR_BADARGS; } @@ -409,16 +403,11 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, memcpy(req_tmp, tmp, AES_BLOCK_SIZE); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] in: \n", req_in, len); - wh_Utils_Hexdump("[client] key: \n", req_key, key_len); - wh_Utils_Hexdump("[client] iv: \n", req_iv, iv_len); - wh_Utils_Hexdump("[client] tmp: \n", req_tmp, AES_BLOCK_SIZE); -#endif - /* write request */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] in: \n", req_in, len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] key: \n", req_key, key_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] tmp: \n", req_tmp, AES_BLOCK_SIZE); + WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); /* read response */ if (ret == WH_ERROR_OK) { @@ -437,12 +426,10 @@ int wh_Client_AesCtr(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, uint8_t* res_reg = res_out + res->sz; uint8_t* res_tmp = res_reg + AES_BLOCK_SIZE; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] out size:%d res_len:%d\n", res->sz, res_len); - wh_Utils_Hexdump("[client] res_out: \n", res_out, res->sz); - wh_Utils_Hexdump("[client] res_tmp: \n", res_tmp, + WH_DEBUG_CLIENT_VERBOSE("out size:%d res_len:%d\n", res->sz, res_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] res_out: \n", res_out, res->sz); + WH_DEBUG_VERBOSE_HEXDUMP("[client] res_tmp: \n", res_tmp, AES_BLOCK_SIZE); -#endif /* copy the response res_out */ memcpy(out, res_out, res->sz); if (enc != 0) { @@ -505,12 +492,10 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, sizeof(*req) + len + key_len + iv_len; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s: enc:%d keylen:%d ivsz:%d insz:%d reqsz:%u " + WH_DEBUG_CLIENT_VERBOSE("enc:%d keylen:%d ivsz:%d insz:%d reqsz:%u " "blocks:%u \n", - __func__, enc, (int)key_len, (int)iv_len, (int)len, + enc, (int)key_len, (int)iv_len, (int)len, (unsigned int)req_len, (unsigned int)blocks); -#endif if (req_len > WOLFHSM_CFG_COMM_DATA_LEN) { return WH_ERROR_BADARGS; @@ -531,16 +516,10 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, memcpy(req_iv, iv, iv_len); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] in: \n", req_in, len); - wh_Utils_Hexdump("[client] key: \n", req_key, key_len); - wh_Utils_Hexdump("[client] iv: \n", req_iv, iv_len); -#endif - - /* write request */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] in: \n", req_in, len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] key: \n", req_key, key_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); /* read response */ if (ret == WH_ERROR_OK) { @@ -555,11 +534,9 @@ int wh_Client_AesEcb(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, if (ret == WH_ERROR_OK) { /* Response packet */ uint8_t* res_out = (uint8_t*)(res + 1); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] out size:%d res_len:%d\n", (int)res->sz, + WH_DEBUG_CLIENT_VERBOSE("out size:%d res_len:%d\n", (int)res->sz, (int)res_len); - wh_Utils_Hexdump("[client] res_out: \n", out, res->sz); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] res_out: \n", out, res->sz); /* copy the response res_out */ memcpy(out, res_out, res->sz); } @@ -616,13 +593,11 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, sizeof(*req) + len + key_len + iv_len; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s: enc:%d keylen:%d ivsz:%d insz:%d reqsz:%u " + WH_DEBUG_CLIENT_VERBOSE("enc:%d keylen:%d ivsz:%d insz:%d reqsz:%u " "blocks:%u lastoffset:%u\n", - __func__, enc, (int)key_len, (int)iv_len, (int)len, + enc, (int)key_len, (int)iv_len, (int)len, (unsigned int)req_len, (unsigned int)blocks, (unsigned int)last_offset); -#endif if (req_len > WOLFHSM_CFG_COMM_DATA_LEN) { return WH_ERROR_BADARGS; @@ -650,16 +625,10 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, memcpy(iv, in + last_offset, iv_len); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] in: \n", req_in, len); - wh_Utils_Hexdump("[client] key: \n", req_key, key_len); - wh_Utils_Hexdump("[client] iv: \n", req_iv, iv_len); -#endif - - /* write request */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] req packet: \n", (uint8_t*)req, req_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] in: \n", req_in, len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] key: \n", req_key, key_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] req packet: \n", (uint8_t*)req, req_len); ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); /* read response */ if (ret == WH_ERROR_OK) { @@ -674,11 +643,9 @@ int wh_Client_AesCbc(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, if (ret == WH_ERROR_OK) { /* Response packet */ uint8_t* res_out = (uint8_t*)(res + 1); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] out size:%d res_len:%d\n", (int)res->sz, + WH_DEBUG_CLIENT_VERBOSE("out size:%d res_len:%d\n", (int)res->sz, (int)res_len); - wh_Utils_Hexdump("[client] res_out: \n", out, res->sz); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] res_out: \n", out, res->sz); /* copy the response res_out */ memcpy(out, res_out, res->sz); if (enc != 0) { @@ -739,14 +706,12 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, sizeof(*req) + len + key_len + iv_len + authin_len + ((enc == 0) ? tag_len : 0); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] AESGCM: enc:%d keylen:%d ivsz:%d insz:%d authinsz:%d " + WH_DEBUG_CLIENT_VERBOSE("AESGCM: enc:%d keylen:%d ivsz:%d insz:%d authinsz:%d " "authtagsz:%d reqsz:%u\n", enc, (int)key_len, (int)iv_len, (int)len, (int)authin_len, (int)tag_len, (unsigned int)req_len); - printf("[client] AESGCM: req:%p in:%p key:%p iv:%p authin:%p tag:%p\n", req, + WH_DEBUG_CLIENT_VERBOSE("AESGCM: req:%p in:%p key:%p iv:%p authin:%p tag:%p\n", req, req_in, req_key, req_iv, req_authin, req_tag); -#endif if (req_len > WOLFHSM_CFG_COMM_DATA_LEN) { return WH_ERROR_BADARGS; } @@ -773,25 +738,18 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, memcpy(req_authin, authin, authin_len); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] in: \n", req_in, len); - wh_Utils_Hexdump("[client] key: \n", req_key, key_len); - wh_Utils_Hexdump("[client] iv: \n", req_iv, iv_len); - wh_Utils_Hexdump("[client] authin: \n", req_authin, authin_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] in: \n", req_in, len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] key: \n", req_key, key_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] iv: \n", req_iv, iv_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] authin: \n", req_authin, authin_len); /* set auth tag by direction */ if (enc == 0 && dec_tag != NULL && tag_len > 0) { memcpy(req_tag, dec_tag, tag_len); -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] dec tag: \n", req_tag, tag_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] dec tag: \n", req_tag, tag_len); } - /* write request */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] AESGCM req packet: \n", dataPtr, req_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] AESGCM req packet: \n", dataPtr, req_len); /* Send request and receive response */ ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); @@ -815,15 +773,13 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, /* The auth tag follows after the output data */ uint8_t* res_tag = res_out + res->sz; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] out size:%d datasz:%d tag_len:%d\n", + WH_DEBUG_CLIENT_VERBOSE("out size:%d datasz:%d tag_len:%d\n", (int)res->sz, (int)res_len, (int)res->authTagSz); - wh_Utils_Hexdump("[client] res_out: \n", res_out, res->sz); + WH_DEBUG_VERBOSE_HEXDUMP("[client] res_out: \n", res_out, res->sz); if (enc != 0 && res->authTagSz > 0) { - wh_Utils_Hexdump("[client] res_tag: \n", res_tag, + WH_DEBUG_VERBOSE_HEXDUMP("[client] res_tag: \n", res_tag, res->authTagSz); } -#endif /* copy the response result if present */ if (out != NULL && res->sz == len) { memcpy(out, res_out, res->sz); @@ -833,12 +789,10 @@ int wh_Client_AesGcm(whClientContext* ctx, Aes* aes, int enc, const uint8_t* in, if (enc != 0 && enc_tag != NULL && res->authTagSz > 0 && res->authTagSz <= tag_len) { memcpy(enc_tag, res_tag, res->authTagSz); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] res tag_len:%d exp tag_len:%u", + WH_DEBUG_CLIENT_VERBOSE("res tag_len:%d exp tag_len:%u", (int)res->authTagSz, (unsigned int)tag_len); - wh_Utils_Hexdump("[client] enc authtag: ", enc_tag, + WH_DEBUG_VERBOSE_HEXDUMP("[client] enc authtag: ", enc_tag, res->authTagSz); -#endif } } } @@ -979,9 +933,7 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc, if (ret == WH_ERROR_OK) { req->authTag.addr = authTagAddr; } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] dec tag: \n", dec_tag, tag_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] dec tag: \n", dec_tag, tag_len); } else if (enc == 1 && enc_tag != NULL && tag_len > 0) { /* Encryption: set up auth tag buffer to receive generated tag */ @@ -992,16 +944,12 @@ int wh_Client_AesGcmDma(whClientContext* ctx, Aes* aes, int enc, if (ret == WH_ERROR_OK) { req->authTag.addr = authTagAddr; } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] enc tag buffer: \n", enc_tag, tag_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] enc tag buffer: \n", enc_tag, tag_len); } /* Send request and receive response */ reqLen = sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req); -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] AESGCM DMA req packet: \n", dataPtr, reqLen); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] AESGCM DMA req packet: \n", dataPtr, reqLen); if (ret == WH_ERROR_OK) { ret = wh_Client_SendRequest(ctx, group, action, reqLen, dataPtr); } @@ -1108,12 +1056,10 @@ int wh_Client_EccImportKey(whClientContext* ctx, ecc_key* key, ret = wh_Crypto_EccSerializeKeyDer(key, sizeof(buffer), buffer, &buffer_len); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s serialize ret:%d, key:%p, max_size:%u, buffer:%p, " + WH_DEBUG_CLIENT_VERBOSE("serialize ret:%d, key:%p, max_size:%u, buffer:%p, " "outlen:%u\n", - __func__, ret, key, (unsigned int)sizeof(buffer), buffer, + ret, key, (unsigned int)sizeof(buffer), buffer, buffer_len); -#endif if (ret == WH_ERROR_OK) { /* Cache the key and get the keyID */ ret = wh_Client_KeyCache(ctx, flags, label, label_len, buffer, @@ -1123,10 +1069,8 @@ int wh_Client_EccImportKey(whClientContext* ctx, ecc_key* key, } } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s label:%.*s ret:%d keyid:%u\n", __func__, label_len, + WH_DEBUG_CLIENT_VERBOSE("label:%.*s ret:%d keyid:%u\n", label_len, label, ret, key_id); -#endif return ret; } @@ -1150,10 +1094,8 @@ int wh_Client_EccExportKey(whClientContext* ctx, whKeyId keyId, ecc_key* key, ret = wh_Crypto_EccDeserializeKeyDer(buffer, buffer_len, key); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s keyid:%x key:%p ret:%d label:%.*s\n", __func__, keyId, + WH_DEBUG_CLIENT_VERBOSE("keyid:%x key:%p ret:%d label:%.*s\n", keyId, key, ret, (int)label_len, label); -#endif return ret; } @@ -1210,10 +1152,8 @@ static int _EccMakeKey(whClientContext* ctx, int size, int curveId, ret = wh_Client_SendRequest(ctx, group, action, req_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s Req sent:size:%u, ret:%d\n", __func__, + WH_DEBUG_CLIENT_VERBOSE("Req sent:size:%u, ret:%d\n", (unsigned int)req->sz, ret); -#endif if (ret == WH_ERROR_OK) { /* Response Message */ uint16_t res_len; @@ -1227,11 +1167,9 @@ static int _EccMakeKey(whClientContext* ctx, int size, int curveId, * rc */ ret = _getCryptoResponse(dataPtr, WC_PK_TYPE_EC_KEYGEN, (uint8_t**)&res); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s Res recv:keyid:%u, len:%u, ret:%d\n", - __func__, (unsigned int)res->keyId, + WH_DEBUG_CLIENT_VERBOSE("Res recv:keyid:%u, len:%u, ret:%d\n", + (unsigned int)res->keyId, (unsigned int)res->len, ret); -#endif /* wolfCrypt allows positive error codes on success in some * scenarios */ if (ret >= 0) { @@ -1254,10 +1192,8 @@ static int _EccMakeKey(whClientContext* ctx, int size, int curveId, /* Response has the exported key */ ret = wh_Crypto_EccDeserializeKeyDer( key_der, der_size, key); -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] KeyGen export:", + WH_DEBUG_VERBOSE_HEXDUMP("[client] KeyGen export:", key_der, der_size); -#endif } } } @@ -1374,11 +1310,9 @@ int wh_Client_EccSharedSecret(whClientContext* ctx, ecc_key* priv_key, /* Send Request */ ret = wh_Client_SendRequest(ctx, group, action, req_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s req sent. priv:%u pub:%u\n", __func__, + WH_DEBUG_CLIENT_VERBOSE("req sent. priv:%u pub:%u\n", (unsigned int)req->privateKeyId, (unsigned int)req->publicKeyId); -#endif if (ret == WH_ERROR_OK) { /* Server will evict. Reset our flags */ pub_evict = prv_evict = 0; @@ -1391,9 +1325,7 @@ int wh_Client_EccSharedSecret(whClientContext* ctx, ecc_key* priv_key, ret = wh_Client_RecvResponse(ctx, &group, &action, &res_len, (uint8_t*)dataPtr); } while (ret == WH_ERROR_NOTREADY); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s resp packet recv. ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("resp packet recv. ret:%d\n", ret); if (ret == WH_ERROR_OK) { /* Get response structure pointer, validates generic header * rc */ @@ -1410,9 +1342,7 @@ int wh_Client_EccSharedSecret(whClientContext* ctx, ecc_key* priv_key, if (out != NULL) { memcpy(out, res_out, res->sz); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] Eccdh:", res_out, res->sz); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[client] Eccdh:", res_out, res->sz); } } } @@ -1429,9 +1359,7 @@ int wh_Client_EccSharedSecret(whClientContext* ctx, ecc_key* priv_key, if (prv_evict != 0) { (void)wh_Client_KeyEvict(ctx, prv_key_id); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("ret:%d\n", ret); return ret; } @@ -1448,10 +1376,8 @@ int wh_Client_EccSign(whClientContext* ctx, ecc_key* key, const uint8_t* hash, whKeyId key_id; int evict = 0; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ctx:%p key:%p, in:%p in_len:%u, out:%p inout_len:%p\n", - __func__, ctx, key, hash, (unsigned)hash_len, sig, inout_sig_len); -#endif + WH_DEBUG_CLIENT_VERBOSE("ctx:%p key:%p, in:%p in_len:%u, out:%p inout_len:%p\n", + ctx, key, hash, (unsigned)hash_len, sig, inout_sig_len); if ((ctx == NULL) || (key == NULL) || ((hash == NULL) && (hash_len > 0)) || ((sig != NULL) && (inout_sig_len == NULL))) { @@ -1460,10 +1386,8 @@ int wh_Client_EccSign(whClientContext* ctx, ecc_key* key, const uint8_t* hash, key_id = WH_DEVCTX_TO_KEYID(key->devCtx); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s keyid:%x, in_len:%u, inout_len:%p\n", __func__, key_id, + WH_DEBUG_CLIENT_VERBOSE("keyid:%x, in_len:%u, inout_len:%p\n", key_id, hash_len, inout_sig_len); -#endif /* Import key if necessary */ if (WH_KEYID_ISERASED(key_id)) { @@ -1513,16 +1437,14 @@ int wh_Client_EccSign(whClientContext* ctx, ecc_key* key, const uint8_t* hash, memcpy(req_hash, hash, hash_len); } /* Dump the request and hash for debugging */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] EccSign: key_id=%x, hash_len=%u, options=%u\n", + WH_DEBUG_CLIENT_VERBOSE("EccSign: key_id=%x, hash_len=%u, options=%u\n", key_id, (unsigned)hash_len, (unsigned)options); - wh_Utils_Hexdump("[client] EccSign req:", (uint8_t*)req, + WH_DEBUG_VERBOSE_HEXDUMP("[client] EccSign req:", (uint8_t*)req, sizeof(*req)); if ((hash != NULL) && (hash_len > 0)) { - wh_Utils_Hexdump("[client] EccSign hash:", (uint8_t*)hash, + WH_DEBUG_VERBOSE_HEXDUMP("[client] EccSign hash:", (uint8_t*)hash, hash_len); } -#endif /* Send Request */ ret = wh_Client_SendRequest(ctx, group, action, req_len, @@ -1560,10 +1482,8 @@ int wh_Client_EccSign(whClientContext* ctx, ecc_key* key, const uint8_t* hash, if ((sig != NULL) && (sig_len > 0)) { memcpy(sig, res_sig, sig_len); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] EccSign:", res_sig, + WH_DEBUG_VERBOSE_HEXDUMP("[client] EccSign:", res_sig, sig_len); -#endif } } } @@ -1578,9 +1498,7 @@ int wh_Client_EccSign(whClientContext* ctx, ecc_key* key, const uint8_t* hash, if (evict != 0) { (void)wh_Client_KeyEvict(ctx, key_id); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("ret:%d\n", ret); return ret; } @@ -1599,11 +1517,9 @@ int wh_Client_EccVerify(whClientContext* ctx, ecc_key* key, const uint8_t* sig, int export_pub_key = 0; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ctx:%p key:%p, sig:%p sig_len:%u, hash:%p hash_len:%u " + WH_DEBUG_CLIENT_VERBOSE("ctx:%p key:%p, sig:%p sig_len:%u, hash:%p hash_len:%u " "out_res:%p\n", - __func__, ctx, key, sig, sig_len, hash, hash_len, out_res); -#endif + ctx, key, sig, sig_len, hash, hash_len, out_res); if ((ctx == NULL) || (key == NULL) || ((sig == NULL) && (sig_len > 0)) || ((hash == NULL) && (hash_len > 0))) { @@ -1672,19 +1588,17 @@ int wh_Client_EccVerify(whClientContext* ctx, ecc_key* key, const uint8_t* sig, memcpy(req_hash, hash, hash_len); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] EccVerify req: key_id=%x, sig_len=%u, " + WH_DEBUG_CLIENT_VERBOSE("EccVerify req: key_id=%x, sig_len=%u, " "hash_len=%u, options=%u\n", key_id, (unsigned int)sig_len, (unsigned int)hash_len, (unsigned int)options); - wh_Utils_Hexdump("[client] EccVerify req:", (uint8_t*)req, req_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] EccVerify req:", (uint8_t*)req, req_len); if ((sig != NULL) && (sig_len > 0)) { - wh_Utils_Hexdump("[client] EccVerify sig:", sig, sig_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] EccVerify sig:", sig, sig_len); } if ((hash != NULL) && (hash_len > 0)) { - wh_Utils_Hexdump("[client] EccVerify hash:", hash, hash_len); + WH_DEBUG_VERBOSE_HEXDUMP("[client] EccVerify hash:", hash, hash_len); } -#endif /* write request */ ret = wh_Client_SendRequest(ctx, group, action, req_len, @@ -1731,9 +1645,7 @@ int wh_Client_EccVerify(whClientContext* ctx, ecc_key* key, const uint8_t* sig, if (evict != 0) { (void)wh_Client_KeyEvict(ctx, key_id); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("ret:%d\n", ret); return ret; } @@ -1841,10 +1753,8 @@ int wh_Client_Curve25519ImportKey(whClientContext* ctx, curve25519_key* key, if (inout_keyId != NULL) { *inout_keyId = key_id; } -#if defined(DEBUG_CRYPTOCB) && defined(DEBUG_CRYPTOCB_VERBOSE) - printf("[client] importKey: cached keyid=%u\n", key_id); - wh_Utils_Hexdump("[client] importKey: key=", buffer, buffer_len); -#endif + WH_DEBUG_CLIENT_VERBOSE("importKey: cached keyid=%u\n", key_id); + WH_DEBUG_VERBOSE_HEXDUMP("[client] importKey: key=", buffer, buffer_len); } return ret; } @@ -1921,10 +1831,8 @@ static int _Curve25519MakeKey(whClientContext* ctx, uint16_t size, ret = wh_Client_SendRequest(ctx, group, action, data_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Curve25519 KeyGen Req sent:size:%u, ret:%d\n", + WH_DEBUG_CLIENT_VERBOSE("Curve25519 KeyGen Req sent:size:%u, ret:%d\n", (unsigned int)req->sz, ret); -#endif if (ret == 0) { do { ret = wh_Client_RecvResponse(ctx, &group, &action, &data_len, @@ -1939,11 +1847,9 @@ static int _Curve25519MakeKey(whClientContext* ctx, uint16_t size, (uint8_t**)&res); /* wolfCrypt allows positive error codes on success in some scenarios */ if (ret >= 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Curve25519 KeyGen Res recv:keyid:%u, len:%u, " + WH_DEBUG_CLIENT_VERBOSE("Curve25519 KeyGen Res recv:keyid:%u, len:%u, " "ret:%d\n", (unsigned int)res->keyId, (unsigned int)res->len, ret); -#endif /* Key is cached on server or is ephemeral */ key_id = (whKeyId)(res->keyId); @@ -1963,10 +1869,8 @@ static int _Curve25519MakeKey(whClientContext* ctx, uint16_t size, /* Response has the exported key */ ret = wh_Crypto_Curve25519DeserializeKey(key_der, der_size, key); -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] KeyGen export:", key_der, + WH_DEBUG_VERBOSE_HEXDUMP("[client] KeyGen export:", key_der, der_size); -#endif } } } @@ -2079,11 +1983,9 @@ int wh_Client_Curve25519SharedSecret(whClientContext* ctx, /* Send Request */ ret = wh_Client_SendRequest(ctx, group, action, req_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s req sent. priv:%u pub:%u\n", __func__, + WH_DEBUG_CLIENT_VERBOSE("req sent. priv:%u pub:%u\n", (unsigned int)req->privateKeyId, (unsigned int)req->publicKeyId); -#endif if (ret == WH_ERROR_OK) { whMessageCrypto_Curve25519Response* res = NULL; uint16_t res_len; @@ -2095,10 +1997,8 @@ int wh_Client_Curve25519SharedSecret(whClientContext* ctx, ret = wh_Client_RecvResponse(ctx, &group, &action, &res_len, (uint8_t*)dataPtr); } while (ret == WH_ERROR_NOTREADY); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s resp packet recv. ret:%d ret:%d\n", - __func__, ret, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("resp packet recv. ret:%d\n", + ret); if (ret == WH_ERROR_OK) { /* Get response structure pointer, validates generic header * rc */ @@ -2113,10 +2013,8 @@ int wh_Client_Curve25519SharedSecret(whClientContext* ctx, if (out != NULL) { uint8_t* res_out = (uint8_t*)(res + 1); memcpy(out, res_out, res->sz); -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[client] X25519:", res_out, + WH_DEBUG_VERBOSE_HEXDUMP("[client] X25519:", res_out, res->sz); -#endif } } } @@ -2134,9 +2032,7 @@ int wh_Client_Curve25519SharedSecret(whClientContext* ctx, if (prv_evict != 0) { (void)wh_Client_KeyEvict(ctx, prv_key_id); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("ret:%d\n", ret); return ret; } #endif /* HAVE_CURVE25519 */ @@ -2277,10 +2173,8 @@ static int _RsaMakeKey(whClientContext* ctx, uint32_t size, uint32_t e, /* Send Request */ ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("RSA KeyGen Req sent:size:%u, e:%u, ret:%d\n", + WH_DEBUG_CLIENT_VERBOSE("RSA KeyGen Req sent:size:%u, e:%u, ret:%d\n", (unsigned int)req->size, (unsigned int)req->e, ret); -#endif if (ret == 0) { uint16_t res_len = 0; do { @@ -2288,10 +2182,8 @@ static int _RsaMakeKey(whClientContext* ctx, uint32_t size, uint32_t e, wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("RSA KeyGen Res recv: ret:%d, res_len: %u\n", ret, + WH_DEBUG_CLIENT_VERBOSE("RSA KeyGen Res recv: ret:%d, res_len: %u\n", ret, (unsigned int)res_len); -#endif if (ret == WH_ERROR_OK) { /* Get response structure pointer, validates generic header rc */ @@ -2316,10 +2208,8 @@ static int _RsaMakeKey(whClientContext* ctx, uint32_t size, uint32_t e, /* Set the rsa key_id. Should be ERASED if EPHEMERAL */ wh_Client_RsaSetKeyId(rsa, key_id); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s Set key_id:%x with flags:%x\n", __func__, + WH_DEBUG_CLIENT_VERBOSE("Set key_id:%x with flags:%x\n", key_id, flags); -#endif if (flags & WH_NVM_FLAGS_EPHEMERAL) { /* Response has the exported key */ ret = @@ -2367,12 +2257,10 @@ int wh_Client_RsaFunction(whClientContext* ctx, RsaKey* key, int rsa_type, whKeyId key_id; int evict = 0; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ctx:%p key:%p, rsa_type:%d in:%p in_len:%u, out:%p " + WH_DEBUG_CLIENT_VERBOSE("ctx:%p key:%p, rsa_type:%d in:%p in_len:%u, out:%p " "inout_out_len:%p\n", - __func__, ctx, key, rsa_type, in, (unsigned)in_len, out, + ctx, key, rsa_type, in, (unsigned)in_len, out, inout_out_len); -#endif if ((ctx == NULL) || (key == NULL) || ((in == NULL) && (in_len > 0)) || ((out != NULL) && (inout_out_len == NULL))) { @@ -2381,9 +2269,7 @@ int wh_Client_RsaFunction(whClientContext* ctx, RsaKey* key, int rsa_type, key_id = WH_DEVCTX_TO_KEYID(key->devCtx); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s key_id:%x\n", __func__, key_id); -#endif + WH_DEBUG_CLIENT_VERBOSE("key_id:%x\n", key_id); /* Import key if necessary */ if (WH_KEYID_ISERASED(key_id)) { @@ -2494,9 +2380,7 @@ int wh_Client_RsaFunction(whClientContext* ctx, RsaKey* key, int rsa_type, if (evict != 0) { (void)wh_Client_KeyEvict(ctx, key_id); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("ret:%d\n", ret); return ret; } @@ -2508,10 +2392,8 @@ int wh_Client_RsaGetSize(whClientContext* ctx, const RsaKey* key, int* out_size) whKeyId key_id; int evict = 0; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ctx:%p key:%p, out_size:%p \n", __func__, ctx, key, + WH_DEBUG_CLIENT_VERBOSE("ctx:%p key:%p, out_size:%p \n", ctx, key, out_size); -#endif if ((ctx == NULL) || (key == NULL) || (out_size == NULL)) { return WH_ERROR_BADARGS; @@ -2525,9 +2407,7 @@ int wh_Client_RsaGetSize(whClientContext* ctx, const RsaKey* key, int* out_size) uint8_t keyLabel[] = "TempRsaGetSize"; whNvmFlags flags = WH_NVM_FLAGS_NONE; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s Importing temp key\n", __func__); -#endif + WH_DEBUG_CLIENT_VERBOSE("Importing temp key\n"); ret = wh_Client_RsaImportKey(ctx, key, &key_id, flags, sizeof(keyLabel), keyLabel); if (ret == WH_ERROR_OK) { @@ -2597,14 +2477,10 @@ int wh_Client_RsaGetSize(whClientContext* ctx, const RsaKey* key, int* out_size) } /* Evict the key manually on error */ if (evict != 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s Evicting temp key %x\n", __func__, key_id); -#endif + WH_DEBUG_CLIENT_VERBOSE("Evicting temp key %x\n", key_id); (void)wh_Client_KeyEvict(ctx, key_id); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("ret:%d\n", ret); return ret; } @@ -2693,13 +2569,11 @@ static int _HkdfMakeKey(whClientContext* ctx, int hashType, whKeyId keyIdIn, /* Send Request */ ret = wh_Client_SendRequest(ctx, group, action, req_len, dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("HKDF Req sent: hashType:%d inKeySz:%u saltSz:%u infoSz:%u outSz:%u " + WH_DEBUG_CLIENT_VERBOSE("HKDF Req sent: hashType:%d inKeySz:%u saltSz:%u infoSz:%u outSz:%u " "ret:%d\n", (int)req->hashType, (unsigned int)req->inKeySz, (unsigned int)req->saltSz, (unsigned int)req->infoSz, (unsigned int)req->outSz, ret); -#endif if (ret == 0) { uint16_t res_len = 0; @@ -2708,10 +2582,8 @@ static int _HkdfMakeKey(whClientContext* ctx, int hashType, whKeyId keyIdIn, wh_Client_RecvResponse(ctx, &group, &action, &res_len, dataPtr); } while (ret == WH_ERROR_NOTREADY); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("HKDF Res recv: ret:%d, res_len: %u\n", ret, + WH_DEBUG_CLIENT_VERBOSE("HKDF Res recv: ret:%d, res_len: %u\n", ret, (unsigned int)res_len); -#endif if (ret == WH_ERROR_OK) { /* Get response structure pointer, validates generic header rc */ @@ -2734,10 +2606,8 @@ static int _HkdfMakeKey(whClientContext* ctx, int hashType, whKeyId keyIdIn, uint8_t* hkdf_out = (uint8_t*)(res + 1); memcpy(out, hkdf_out, res->outSz); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s Set key_id:%x with flags:%x outSz:%u\n", - __func__, key_id, flags, (unsigned int)res->outSz); -#endif + WH_DEBUG_CLIENT_VERBOSE("Set key_id:%x with flags:%x outSz:%u\n", + key_id, flags, (unsigned int)res->outSz); } else { /* Server returned more than we can handle - error */ @@ -2953,7 +2823,6 @@ int wh_Client_AesGetKeyId(Aes* key, whNvmId* outId) *outId = WH_DEVCTX_TO_KEYID(key->devCtx); return WH_ERROR_OK; } -#endif #ifdef WOLFSSL_CMAC int wh_Client_CmacSetKeyId(Cmac* key, whNvmId keyId) @@ -2996,8 +2865,7 @@ int wh_Client_Cmac(whClientContext* ctx, Cmac* cmac, CmacType type, return WH_ERROR_OK; } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] cmac key:%p key_len:%d in:%p in_len:%d out:%p out_len:%d " + WH_DEBUG_CLIENT_VERBOSE("cmac key:%p key_len:%d in:%p in_len:%d out:%p out_len:%d " "keyId:%x\n", key, (int)keyLen, in, (int)inLen, outMac, (int)mac_len, key_id); #endif @@ -3071,9 +2939,7 @@ int wh_Client_Cmac(whClientContext* ctx, Cmac* cmac, CmacType type, if (ret >= 0) { /* read keyId and res_out */ if (key != NULL) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] got keyid %x\n", res->keyId); -#endif + WH_DEBUG_CLIENT_VERBOSE("got keyid %x\n", res->keyId); cmac->devCtx = WH_KEYID_TO_DEVCTX(res->keyId); } if (outMac != NULL) { @@ -3344,19 +3210,17 @@ static int _xferSha256BlockAndUpdateDigest(whClientContext* ctx, ret = wh_Client_SendRequest(ctx, group, WC_ALGO_TYPE_HASH, req_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] send SHA256 Req:\n"); - wh_Utils_Hexdump("[client] inBlock: ", req->inBlock, WC_SHA256_BLOCK_SIZE); + WH_DEBUG_CLIENT_VERBOSE("send SHA256 Req:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[client] inBlock: ", req->inBlock, WC_SHA256_BLOCK_SIZE); if (req->resumeState.hiLen != 0 || req->resumeState.loLen != 0) { - wh_Utils_Hexdump(" [client] resumeHash: ", req->resumeState.hash, + WH_DEBUG_VERBOSE_HEXDUMP(" [client] resumeHash: ", req->resumeState.hash, (isLastBlock) ? req->lastBlockLen : WC_SHA256_BLOCK_SIZE); - printf(" [client] hiLen: %u, loLen: %u\n", + WH_DEBUG_CLIENT_VERBOSE(" hiLen: %u, loLen: %u\n", (unsigned int)req->resumeState.hiLen, (unsigned int)req->resumeState.loLen); } - printf(" [client] ret = %d\n", ret); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ + WH_DEBUG_CLIENT_VERBOSE(" ret = %d\n", ret); if (ret == 0) { do { @@ -3369,20 +3233,16 @@ static int _xferSha256BlockAndUpdateDigest(whClientContext* ctx, ret = _getCryptoResponse(dataPtr, WC_HASH_TYPE_SHA256, (uint8_t**)&res); /* wolfCrypt allows positive error codes on success in some scenarios */ if (ret >= 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Client SHA256 Res recv: ret=%d", ret); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ + WH_DEBUG_CLIENT_VERBOSE("Client SHA256 Res recv: ret=%d", ret); /* Store the received intermediate hash in the sha256 * context and indicate the field is now valid and * should be passed back and forth to the server */ memcpy(sha256->digest, res->hash, WC_SHA256_DIGEST_SIZE); sha256->hiLen = res->hiLen; sha256->loLen = res->loLen; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Client SHA256 Res recv:\n"); - wh_Utils_Hexdump("[client] hash: ", (uint8_t*)sha256->digest, + WH_DEBUG_CLIENT_VERBOSE("Client SHA256 Res recv:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[client] hash: ", (uint8_t*)sha256->digest, WC_SHA256_DIGEST_SIZE); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ } } @@ -3510,10 +3370,8 @@ int wh_Client_Sha256Dma(whClientContext* ctx, wc_Sha256* sha, const uint8_t* in, /* Caller invoked SHA Update: * wc_CryptoCb_Sha256Hash(sha256, data, len, NULL) */ if ((ret == WH_ERROR_OK) && (in != NULL)) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] SHA256 DMA UPDATE: inAddr=%p, inSz=%u\n", in, + WH_DEBUG_CLIENT_VERBOSE("SHA256 DMA UPDATE: inAddr=%p, inSz=%u\n", in, (unsigned int)inLen); -#endif ret = wh_Client_SendRequest( ctx, group, WC_ALGO_TYPE_HASH, @@ -3542,9 +3400,7 @@ int wh_Client_Sha256Dma(whClientContext* ctx, wc_Sha256* sha, const uint8_t* in, if ((ret == WH_ERROR_OK) && (out != NULL)) { /* Packet will have been trashed, so re-populate all fields */ req->finalize = 1; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] SHA256 DMA FINAL: outAddr=%p\n", out); -#endif + WH_DEBUG_CLIENT_VERBOSE("SHA256 DMA FINAL: outAddr=%p\n", out); /* send the request to the server */ ret = wh_Client_SendRequest( ctx, group, WC_ALGO_TYPE_HASH, @@ -3641,18 +3497,16 @@ static int _xferSha224BlockAndUpdateDigest(whClientContext* ctx, ret = wh_Client_SendRequest(ctx, group, WC_ALGO_TYPE_HASH, req_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] send SHA224 Req:\n"); - wh_Utils_Hexdump("[client] inBlock: ", req->inBlock, WC_SHA224_BLOCK_SIZE); + WH_DEBUG_CLIENT_VERBOSE("send SHA224 Req:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[client] inBlock: ", req->inBlock, WC_SHA224_BLOCK_SIZE); if (req->resumeState.hiLen != 0 || req->resumeState.loLen != 0) { - wh_Utils_Hexdump(" [client] resumeHash: ", req->resumeState.hash, + WH_DEBUG_VERBOSE_HEXDUMP(" [client] resumeHash: ", req->resumeState.hash, (isLastBlock) ? req->lastBlockLen : WC_SHA224_BLOCK_SIZE); - printf(" [client] hiLen: %u, loLen: %u\n", req->resumeState.hiLen, + WH_DEBUG_CLIENT_VERBOSE(" hiLen: %u, loLen: %u\n", req->resumeState.hiLen, req->resumeState.loLen); } - printf(" [client] ret = %d\n", ret); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ + WH_DEBUG_CLIENT_VERBOSE(" ret = %d\n", ret); if (ret == 0) { do { @@ -3665,9 +3519,7 @@ static int _xferSha224BlockAndUpdateDigest(whClientContext* ctx, ret = _getCryptoResponse(dataPtr, WC_HASH_TYPE_SHA224, (uint8_t**)&res); /* wolfCrypt allows positive error codes on success in some scenarios */ if (ret >= 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Client SHA224 Res recv: ret=%d", ret); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ + WH_DEBUG_CLIENT_VERBOSE("Client SHA224 Res recv: ret=%d", ret); /* Store the received intermediate hash in the sha224 * context and indicate the field is now valid and * should be passed back and forth to the server. @@ -3678,11 +3530,9 @@ static int _xferSha224BlockAndUpdateDigest(whClientContext* ctx, memcpy(sha224->digest, res->hash, WC_SHA256_DIGEST_SIZE); sha224->hiLen = res->hiLen; sha224->loLen = res->loLen; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Client SHA224 Res recv:\n"); - wh_Utils_Hexdump("[client] hash: ", (uint8_t*)sha224->digest, + WH_DEBUG_CLIENT_VERBOSE("Client SHA224 Res recv:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[client] hash: ", (uint8_t*)sha224->digest, WC_SHA224_DIGEST_SIZE); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ } } @@ -3806,11 +3656,8 @@ int wh_Client_Sha224Dma(whClientContext* ctx, wc_Sha224* sha, const uint8_t* in, * wc_CryptoCb_Sha224Hash(sha224, data, len, NULL) */ if (in != NULL && ret == WH_ERROR_OK) { req->finalize = 0; - -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] SHA224 DMA UPDATE: inAddr=%p, inSz=%u\n", in, + WH_DEBUG_CLIENT_VERBOSE("SHA224 DMA UPDATE: inAddr=%p, inSz=%u\n", in, (unsigned int)inLen); -#endif ret = wh_Client_SendRequest( ctx, group, WC_ALGO_TYPE_HASH, sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req), @@ -3839,9 +3686,7 @@ int wh_Client_Sha224Dma(whClientContext* ctx, wc_Sha224* sha, const uint8_t* in, /* Packet will have been trashed, so re-populate all fields */ req->finalize = 1; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] SHA224 DMA FINAL: outAddr=%p\n", out); -#endif + WH_DEBUG_CLIENT_VERBOSE("SHA224 DMA FINAL: outAddr=%p\n", out); /* send the request to the server */ ret = wh_Client_SendRequest( ctx, group, WC_ALGO_TYPE_HASH, @@ -3933,18 +3778,16 @@ static int _xferSha384BlockAndUpdateDigest(whClientContext* ctx, ret = wh_Client_SendRequest(ctx, group, WC_ALGO_TYPE_HASH, req_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] send SHA384 Req:\n"); - wh_Utils_Hexdump("[client] inBlock: ", req->inBlock, WC_SHA384_BLOCK_SIZE); + WH_DEBUG_CLIENT_VERBOSE("send SHA384 Req:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[client] inBlock: ", req->inBlock, WC_SHA384_BLOCK_SIZE); if (req->resumeState.hiLen != 0 || req->resumeState.loLen != 0) { - wh_Utils_Hexdump(" [client] resumeHash: ", req->resumeState.hash, + WH_DEBUG_VERBOSE_HEXDUMP(" [client] resumeHash: ", req->resumeState.hash, (isLastBlock) ? req->lastBlockLen : WC_SHA384_BLOCK_SIZE); - printf(" [client] hiLen: %u, loLen: %u\n", req->resumeState.hiLen, + WH_DEBUG_CLIENT_VERBOSE(" hiLen: %u, loLen: %u\n", req->resumeState.hiLen, req->resumeState.loLen); } - printf(" [client] ret = %d\n", ret); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ + WH_DEBUG_CLIENT_VERBOSE(" ret = %d\n", ret); if (ret == 0) { do { @@ -3957,9 +3800,7 @@ static int _xferSha384BlockAndUpdateDigest(whClientContext* ctx, ret = _getCryptoResponse(dataPtr, WC_HASH_TYPE_SHA384, (uint8_t**)&res); /* wolfCrypt allows positive error codes on success in some scenarios */ if (ret >= 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Client SHA384 Res recv: ret=%d", ret); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ + WH_DEBUG_CLIENT_VERBOSE("Client SHA384 Res recv: ret=%d", ret); /* Store the received intermediate hash in the sha384 * context and indicate the field is now valid and * should be passed back and forth to the server @@ -3970,11 +3811,9 @@ static int _xferSha384BlockAndUpdateDigest(whClientContext* ctx, memcpy(sha384->digest, res->hash, WC_SHA512_DIGEST_SIZE); sha384->hiLen = res->hiLen; sha384->loLen = res->loLen; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Client SHA384 Res recv:\n"); - wh_Utils_Hexdump("[client] hash: ", (uint8_t*)sha384->digest, + WH_DEBUG_CLIENT_VERBOSE("Client SHA384 Res recv:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[client] hash: ", (uint8_t*)sha384->digest, WC_SHA384_DIGEST_SIZE); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ } } @@ -4097,11 +3936,9 @@ int wh_Client_Sha384Dma(whClientContext* ctx, wc_Sha384* sha, const uint8_t* in, /* Caller invoked SHA Update: * wc_CryptoCb_Sha384Hash(sha384, data, len, NULL) */ if (in != NULL && ret == WH_ERROR_OK) { - req->finalize = 0; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] SHA384 DMA UPDATE: inAddr=%p, inSz=%u\n", in, + req->finalize = 0; + WH_DEBUG_CLIENT_VERBOSE("SHA384 DMA UPDATE: inAddr=%p, inSz=%u\n", in, (unsigned int)inLen); -#endif ret = wh_Client_SendRequest( ctx, group, WC_ALGO_TYPE_HASH, sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req), @@ -4130,9 +3967,7 @@ int wh_Client_Sha384Dma(whClientContext* ctx, wc_Sha384* sha, const uint8_t* in, /* Packet will have been trashed, so re-populate all fields */ req->finalize = 1; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] SHA384 DMA FINAL: outAddr=%p\n", out); -#endif + WH_DEBUG_CLIENT_VERBOSE("SHA384 DMA FINAL: outAddr=%p\n", out); /* send the request to the server */ ret = wh_Client_SendRequest( ctx, group, WC_ALGO_TYPE_HASH, @@ -4225,18 +4060,16 @@ static int _xferSha512BlockAndUpdateDigest(whClientContext* ctx, ret = wh_Client_SendRequest(ctx, group, WC_ALGO_TYPE_HASH, req_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] send SHA512 Req:\n"); - wh_Utils_Hexdump("[client] inBlock: ", req->inBlock, WC_SHA512_BLOCK_SIZE); + WH_DEBUG_CLIENT_VERBOSE("send SHA512 Req:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[client] inBlock: ", req->inBlock, WC_SHA512_BLOCK_SIZE); if (req->resumeState.hiLen != 0 || req->resumeState.loLen != 0) { - wh_Utils_Hexdump(" [client] resumeHash: ", req->resumeState.hash, + WH_DEBUG_VERBOSE_HEXDUMP(" [client] resumeHash: ", req->resumeState.hash, (isLastBlock) ? req->lastBlockLen : WC_SHA512_BLOCK_SIZE); - printf(" [client] hiLen: %u, loLen: %u\n", req->resumeState.hiLen, + WH_DEBUG_CLIENT_VERBOSE(" hiLen: %u, loLen: %u\n", req->resumeState.hiLen, req->resumeState.loLen); } - printf(" [client] ret = %d\n", ret); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ + WH_DEBUG_CLIENT_VERBOSE(" ret = %d\n", ret); if (ret == 0) { do { @@ -4249,21 +4082,17 @@ static int _xferSha512BlockAndUpdateDigest(whClientContext* ctx, ret = _getCryptoResponse(dataPtr, WC_HASH_TYPE_SHA512, (uint8_t**)&res); /* wolfCrypt allows positive error codes on success in some scenarios */ if (ret >= 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Client SHA512 Res recv: ret=%d", ret); - printf("[client] hashType: %d\n", sha512->hashType); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ + WH_DEBUG_CLIENT_VERBOSE("Client SHA512 Res recv: ret=%d", ret); + WH_DEBUG_CLIENT_VERBOSE("hashType: %d\n", sha512->hashType); /* Store the received intermediate hash in the sha512 * context and indicate the field is now valid and * should be passed back and forth to the server */ memcpy(sha512->digest, res->hash, WC_SHA512_DIGEST_SIZE); sha512->hiLen = res->hiLen; sha512->loLen = res->loLen; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] Client SHA512 Res recv:\n"); - wh_Utils_Hexdump("[client] hash: ", (uint8_t*)sha512->digest, + WH_DEBUG_CLIENT_VERBOSE("Client SHA512 Res recv:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[client] hash: ", (uint8_t*)sha512->digest, WC_SHA512_DIGEST_SIZE); -#endif /* DEBUG_CRYPTOCB_VERBOSE */ } } @@ -4401,11 +4230,8 @@ int wh_Client_Sha512Dma(whClientContext* ctx, wc_Sha512* sha, const uint8_t* in, * wc_CryptoCb_Sha512Hash(sha512, data, len, NULL) */ if (in != NULL && ret == WH_ERROR_OK) { req->finalize = 0; - -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] SHA512 DMA UPDATE: inAddr=%p, inSz=%u\n", in, + WH_DEBUG_CLIENT_VERBOSE("SHA512 DMA UPDATE: inAddr=%p, inSz=%u\n", in, (unsigned int)inLen); -#endif ret = wh_Client_SendRequest( ctx, group, WC_ALGO_TYPE_HASH, sizeof(whMessageCrypto_GenericRequestHeader) + sizeof(*req), @@ -4434,9 +4260,7 @@ int wh_Client_Sha512Dma(whClientContext* ctx, wc_Sha512* sha, const uint8_t* in, /* Packet will have been trashed, so re-populate all fields */ req->finalize = 1; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] SHA512 DMA FINAL: outAddr=%p\n", out); -#endif + WH_DEBUG_CLIENT_VERBOSE("SHA512 DMA FINAL: outAddr=%p\n", out); /* send the request to the server */ ret = wh_Client_SendRequest( ctx, group, WC_ALGO_TYPE_HASH, @@ -4521,12 +4345,10 @@ int wh_Client_MlDsaImportKey(whClientContext* ctx, MlDsaKey* key, ret = wh_Crypto_MlDsaSerializeKeyDer(key, sizeof(buffer), buffer, &buffer_len); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s serialize ret:%d, key:%p, max_size:%u, buffer:%p, " + WH_DEBUG_CLIENT_VERBOSE("serialize ret:%d, key:%p, max_size:%u, buffer:%p, " "outlen:%u\n", - __func__, ret, key, (unsigned int)sizeof(buffer), buffer, + ret, key, (unsigned int)sizeof(buffer), buffer, buffer_len); -#endif if (ret == WH_ERROR_OK) { /* Cache the key and get the keyID */ ret = wh_Client_KeyCache(ctx, flags, label, label_len, buffer, @@ -4536,10 +4358,8 @@ int wh_Client_MlDsaImportKey(whClientContext* ctx, MlDsaKey* key, } } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s label:%.*s ret:%d keyid:%u\n", __func__, label_len, + WH_DEBUG_CLIENT_VERBOSE("label:%.*s ret:%d keyid:%u\n", label_len, label, ret, key_id); -#endif return ret; } @@ -4563,10 +4383,8 @@ int wh_Client_MlDsaExportKey(whClientContext* ctx, whKeyId keyId, MlDsaKey* key, ret = wh_Crypto_MlDsaDeserializeKeyDer(buffer, buffer_len, key); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s keyid:%x key:%p ret:%d label:%.*s\n", __func__, keyId, + WH_DEBUG_CLIENT_VERBOSE("keyid:%x key:%p ret:%d label:%.*s\n", keyId, key, ret, (int)label_len, label); -#endif return ret; } @@ -4623,10 +4441,8 @@ static int _MlDsaMakeKey(whClientContext* ctx, int size, int level, ret = wh_Client_SendRequest(ctx, group, action, req_len, (uint8_t*)dataPtr); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s Req sent:size:%u, ret:%d\n", __func__, + WH_DEBUG_CLIENT_VERBOSE("Req sent:size:%u, ret:%d\n", (unsigned int)req->sz, ret); -#endif if (ret == 0) { uint16_t res_len; do { @@ -4642,12 +4458,10 @@ static int _MlDsaMakeKey(whClientContext* ctx, int size, int level, /* wolfCrypt allows positive error codes on success in some * scenarios */ if (ret >= 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf( - "[client] %s Res recv:keyid:%u, len:%u, ret:%d\n", - __func__, (unsigned int)res->keyId, + WH_DEBUG_CLIENT_VERBOSE( + "Res recv:keyid:%u, len:%u, ret:%d\n", + (unsigned int)res->keyId, (unsigned int)res->len, ret); -#endif /* Key is cached on server or is ephemeral */ key_id = (whKeyId)(res->keyId); @@ -4667,11 +4481,9 @@ static int _MlDsaMakeKey(whClientContext* ctx, int size, int level, /* Response has the exported key */ ret = wh_Crypto_MlDsaDeserializeKeyDer( key_der, der_size, key); -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump( + WH_DEBUG_VERBOSE_HEXDUMP( "[client] ML-DSA KeyGen export:", key_der, der_size); -#endif } } } @@ -4721,10 +4533,8 @@ int wh_Client_MlDsaSign(whClientContext* ctx, const byte* in, word32 in_len, whKeyId key_id; int evict = 0; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ctx:%p key:%p, in:%p in_len:%u, out:%p inout_len:%p\n", - __func__, ctx, key, in, (unsigned)in_len, out, inout_len); -#endif + WH_DEBUG_CLIENT_VERBOSE("ctx:%p key:%p, in:%p in_len:%u, out:%p inout_len:%p\n", + ctx, key, in, (unsigned)in_len, out, inout_len); if ((ctx == NULL) || (key == NULL) || ((in == NULL) && (in_len > 0)) || (out == NULL) || (inout_len == NULL)) { @@ -4733,10 +4543,8 @@ int wh_Client_MlDsaSign(whClientContext* ctx, const byte* in, word32 in_len, key_id = WH_DEVCTX_TO_KEYID(key->devCtx); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s keyid:%x, in_len:%u, inout_len:%p\n", __func__, key_id, + WH_DEBUG_CLIENT_VERBOSE("keyid:%x, in_len:%u, inout_len:%p\n", key_id, in_len, inout_len); -#endif /* Import key if necessary */ if (WH_KEYID_ISERASED(key_id)) { @@ -4836,9 +4644,7 @@ int wh_Client_MlDsaSign(whClientContext* ctx, const byte* in, word32 in_len, if (evict != 0) { (void)wh_Client_KeyEvict(ctx, key_id); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("ret:%d\n", ret); return ret; } @@ -4856,11 +4662,9 @@ int wh_Client_MlDsaVerify(whClientContext* ctx, const byte* sig, word32 sig_len, int evict = 0; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ctx:%p key:%p, sig:%p sig_len:%u, msg:%p msg_len:%u " + WH_DEBUG_CLIENT_VERBOSE("ctx:%p key:%p, sig:%p sig_len:%u, msg:%p msg_len:%u " "out_res:%p\n", - __func__, ctx, key, sig, sig_len, msg, msg_len, out_res); -#endif + ctx, key, sig, sig_len, msg, msg_len, out_res); if ((ctx == NULL) || (key == NULL) || ((sig == NULL) && (sig_len > 0)) || ((msg == NULL) && (msg_len > 0))) { @@ -4963,9 +4767,7 @@ int wh_Client_MlDsaVerify(whClientContext* ctx, const byte* sig, word32 sig_len, if (evict != 0) { (void)wh_Client_KeyEvict(ctx, key_id); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s ret:%d\n", __func__, ret); -#endif + WH_DEBUG_CLIENT_VERBOSE("ret:%d\n", ret); return ret; } @@ -5200,10 +5002,8 @@ int wh_Client_MlDsaSignDma(whClientContext* ctx, const byte* in, word32 in_len, } } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[client] %s keyid:%x, in_len:%u, inout_len:%p\n", __func__, key_id, + WH_DEBUG_CLIENT_VERBOSE("keyid:%x, in_len:%u, inout_len:%p\n", key_id, in_len, out_len); -#endif if (ret == WH_ERROR_OK) { /* Request Message */ diff --git a/src/wh_client_cryptocb.c b/src/wh_client_cryptocb.c index c4169ba1..cd1deb8e 100644 --- a/src/wh_client_cryptocb.c +++ b/src/wh_client_cryptocb.c @@ -76,11 +76,10 @@ int wh_Client_CryptoCb(int devId, wc_CryptoInfo* info, void* inCtx) return BAD_FUNC_ARG; } -#ifdef DEBUG_CRYPTOCB - printf("[client] %s info:%p algo_type:%d\n", __func__, info, + WH_DEBUG_CLIENT("info:%p algo_type:%d\n", info, (info!=NULL)?info->algo_type:-1); - wc_CryptoCb_InfoString(info); -#endif + WH_DEBUG_CLIENT_VERBOSE("CryptoCb info details: info=%p algo_type=%d", info, + (info!=NULL)?info->algo_type:-1); /* Based on the info type, process the request */ switch (info->algo_type) { @@ -527,13 +526,11 @@ int wh_Client_CryptoCb(int devId, wc_CryptoInfo* info, void* inCtx) ret = BAD_FUNC_ARG; } -#ifdef DEBUG_CRYPTOCB if (ret == CRYPTOCB_UNAVAILABLE) { - printf("[client] %s X not implemented: algo->type:%d\n", __func__, info->algo_type); + WH_DEBUG_CLIENT("X not implemented: algo->type:%d\n", info->algo_type); } else { - printf("[client] %s - ret:%d algo->type:%d\n", __func__, ret, info->algo_type); + WH_DEBUG_CLIENT("ret:%d algo->type:%d\n", ret, info->algo_type); } -#endif /* DEBUG_CRYPTOCB */ return ret; } @@ -733,10 +730,9 @@ int wh_Client_CryptoCbDma(int devId, wc_CryptoInfo* info, void* inCtx) return BAD_FUNC_ARG; } -#ifdef DEBUG_CRYPTOCB - printf("[client] %s ", __func__); - wc_CryptoCb_InfoString(info); -#endif + WH_DEBUG_CLIENT("CryptoCb invoked\n"); + WH_DEBUG_CLIENT_VERBOSE("CryptoCbDma info details: info=%p algo_type=%d", info, + (info!=NULL)?info->algo_type:-1); /* Based on the info type, process the request */ switch (info->algo_type) @@ -894,13 +890,11 @@ int wh_Client_CryptoCbDma(int devId, wc_CryptoInfo* info, void* inCtx) break; } -#ifdef DEBUG_CRYPTOCB if (ret == CRYPTOCB_UNAVAILABLE) { - printf("[client] %s X not implemented: algo->type:%d\n", __func__, info->algo_type); + WH_DEBUG_CLIENT("X not implemented: algo->type:%d\n", info->algo_type); } else { - printf("[client] %s - ret:%d algo->type:%d\n", __func__, ret, info->algo_type); + WH_DEBUG_CLIENT("ret:%d algo->type:%d\n", ret, info->algo_type); } -#endif /* DEBUG_CRYPTOCB */ return ret; } #endif /* WOLFHSM_CFG_DMA */ diff --git a/src/wh_server_cert.c b/src/wh_server_cert.c index 79d7b503..64eb1dbd 100644 --- a/src/wh_server_cert.c +++ b/src/wh_server_cert.c @@ -299,9 +299,7 @@ int wh_Server_CertVerify(whServerContext* server, const uint8_t* cert, } } else { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("Failed to load trusted root certificate: %d\n", rc); -#endif + WH_DEBUG_SERVER_VERBOSE("Failed to load trusted root certificate: %d\n", rc); } } diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c index 44877714..71afff0a 100644 --- a/src/wh_server_crypto.c +++ b/src/wh_server_crypto.c @@ -306,10 +306,7 @@ static int _HandleRsaKeyGen(whServerContext* ctx, uint16_t magic, if (ret == 0) { /* make the rsa key with the given params */ ret = wc_MakeRsaKey(rsa, key_size, e, ctx->crypto->rng); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] MakeRsaKey: size:%d, e:%ld, ret:%d\n", key_size, e, - ret); -#endif + WH_DEBUG_SERVER_VERBOSE("MakeRsaKey: size:%d, e:%ld, ret:%d\n", key_size, e, ret); if (ret == 0) { /* Check incoming flags */ @@ -327,10 +324,7 @@ static int _HandleRsaKeyGen(whServerContext* ctx, uint16_t magic, if (WH_KEYID_ISERASED(key_id)) { /* Generate a new id */ ret = wh_Server_KeystoreGetUniqueId(ctx, &key_id); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] RsaKeyGen UniqueId: keyId:%u, ret:%d\n", - key_id, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("RsaKeyGen UniqueId: keyId:%u, ret:%d\n", key_id, ret); if (ret != WH_ERROR_OK) { /* Early return on unique ID generation failure */ wc_FreeRsaKey(rsa); @@ -342,10 +336,7 @@ static int _HandleRsaKeyGen(whServerContext* ctx, uint16_t magic, ret = wh_Server_CacheImportRsaKey(ctx, rsa, key_id, flags, label_size, label); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] RsaKeyGen CacheKeyRsa: keyId:%u, ret:%d\n", - key_id, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("RsaKeyGen CacheKeyRsa: keyId:%u, ret:%d\n", key_id, ret); if (ret == 0) { res.keyId = wh_KeyId_TranslateToClient(key_id); res.len = 0; @@ -395,10 +386,8 @@ static int _HandleRsaFunction( whServerContext* ctx, uint16_t magic, byte* in = (uint8_t*)(cryptoDataIn + sizeof(whMessageCrypto_RsaRequest)); byte* out = (uint8_t*)(cryptoDataOut + sizeof(whMessageCrypto_RsaResponse)); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] HandleRsaFunction opType:%d inLen:%u keyId:%u outLen:%u\n", + WH_DEBUG_SERVER_VERBOSE("HandleRsaFunction opType:%d inLen:%u keyId:%u outLen:%u\n", op_type, in_len, key_id, out_len); -#endif switch (op_type) { case RSA_PUBLIC_ENCRYPT: @@ -409,10 +398,7 @@ static int _HandleRsaFunction( whServerContext* ctx, uint16_t magic, break; default: /* Invalid opType */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] %s Unknown opType:%d\n", - __func__, op_type); -#endif + WH_DEBUG_SERVER_VERBOSE("Unknown opType:%d\n", op_type); return BAD_FUNC_ARG; } @@ -462,17 +448,13 @@ static int _HandleRsaFunction( whServerContext* ctx, uint16_t magic, /* load the key from the keystore */ if (ret == 0) { ret = wh_Server_CacheExportRsaKey(ctx, key_id, rsa); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] CacheExportRsaKey keyid:%u, ret:%d\n", key_id, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("CacheExportRsaKey keyid:%u, ret:%d\n", key_id, ret); if (ret == 0) { /* do the rsa operation */ ret = wc_RsaFunction(in, in_len, out, &out_len, op_type, rsa, ctx->crypto->rng); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] RsaFunction in:%p %u, out:%p, opType:%d, outLen:%d, ret:%d\n", + WH_DEBUG_SERVER_VERBOSE("RsaFunction in:%p %u, out:%p, opType:%d, outLen:%d, ret:%d\n", in, in_len, out, op_type, out_len, ret); -#endif } /* free the key */ wc_FreeRsaKey(rsa); @@ -534,10 +516,8 @@ static int _HandleRsaGetSize(whServerContext* ctx, uint16_t magic, wc_FreeRsaKey(rsa); } if (evict != 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] %s evicting temp key:%x options:%u evict:%u\n", - __func__, key_id, options, evict); -#endif + WH_DEBUG_SERVER_VERBOSE("evicting temp key:%x options:%u evict:%u\n", + key_id, options, evict); /* User requested to evict from cache, even if the call failed */ (void)wh_Server_KeystoreEvictKey(ctx, key_id); } @@ -549,10 +529,8 @@ static int _HandleRsaGetSize(whServerContext* ctx, uint16_t magic, *outSize = sizeof(whMessageCrypto_RsaGetSizeResponse); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] %s keyId:%d, key_size:%d, ret:%d\n", __func__, key_id, + WH_DEBUG_SERVER_VERBOSE("keyId:%d, key_size:%d, ret:%d\n", key_id, key_size, ret); -#endif return ret; } #endif /* !NO_RSA */ @@ -674,10 +652,9 @@ int wh_Server_CacheExportCurve25519Key(whServerContext* server, whKeyId keyId, if (ret == 0) { ret = wh_Crypto_Curve25519DeserializeKey(cacheBuf, cacheMeta->len, key); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] Export25519Key id:%u ret:%d\n", keyId, ret); - wh_Utils_Hexdump("[server] export key:", cacheBuf, cacheMeta->len); -#endif + WH_DEBUG_SERVER_VERBOSE("Export25519Key id:%u ret:%d\n", keyId, ret); + WH_DEBUG_SERVER_VERBOSE("export key:\n"); + WH_DEBUG_VERBOSE_HEXDUMP("[server] export key:", cacheBuf, cacheMeta->len); } return ret; } @@ -712,9 +689,7 @@ int wh_Server_MlDsaKeyCacheImport(whServerContext* ctx, MlDsaKey* key, if (ret == WH_ERROR_OK) { ret = wh_Crypto_MlDsaSerializeKeyDer(key, MAX_MLDSA_DER_SIZE, cacheBuf, &der_size); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] %s keyId:%u, ret:%d\n", __func__, keyId, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("keyId:%u, ret:%d\n", keyId, ret); } if (ret == WH_ERROR_OK) { @@ -746,9 +721,7 @@ int wh_Server_MlDsaKeyCacheExport(whServerContext* ctx, whKeyId keyId, if (ret == WH_ERROR_OK) { ret = wh_Crypto_MlDsaDeserializeKeyDer(cacheBuf, cacheMeta->len, key); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] %s keyId:%u, ret:%d\n", __func__, keyId, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("keyId:%u, ret:%d\n", keyId, ret); } return ret; } @@ -819,10 +792,7 @@ static int _HandleEccKeyGen(whServerContext* ctx, uint16_t magic, if (WH_KEYID_ISERASED(key_id)) { /* Generate a new id */ ret = wh_Server_KeystoreGetUniqueId(ctx, &key_id); -#ifdef DEBUG_CRYPTOCB - printf("[server] %s UniqueId: keyId:%u, ret:%d\n", __func__, - key_id, ret); -#endif + WH_DEBUG_SERVER("UniqueId: keyId:%u, ret:%d\n", key_id, ret); if (ret != WH_ERROR_OK) { /* Early return on unique ID generation failure */ wc_ecc_free(key); @@ -833,10 +803,7 @@ static int _HandleEccKeyGen(whServerContext* ctx, uint16_t magic, ret = wh_Server_EccKeyCacheImport(ctx, key, key_id, flags, label_size, label); } -#ifdef DEBUG_CRYPTOCB - printf("[server] %s CacheImport: keyId:%u, ret:%d\n", __func__, - key_id, ret); -#endif + WH_DEBUG_SERVER("CacheImport: keyId:%u, ret:%d\n", key_id, ret); /* TODO: RSA has the following, should we do the same? */ /* res.keyId = WH_KEYID_ID(key_id); @@ -997,18 +964,13 @@ static int _HandleEccSign(whServerContext* ctx, uint16_t magic, /* load the private key */ ret = wh_Server_EccKeyCacheExport(ctx, key_id, key); if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf( - "[server] EccSign: key_id=%x, in_len=%u, res_len=%u, ret=%d\n", + WH_DEBUG_SERVER_VERBOSE("EccSign: key_id=%x, in_len=%u, res_len=%u, ret=%d\n", key_id, (unsigned)in_len, (unsigned)res_len, ret); - wh_Utils_Hexdump("[server] EccSign in:", in, in_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[server] EccSign in:", in, in_len); /* sign the input */ ret = wc_ecc_sign_hash(in, in_len, res_out, &res_len, ctx->crypto->rng, key); -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[server] EccSign res:", res_out, res_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[server] EccSign res:", res_out, res_len); } wc_ecc_free(key); } @@ -1087,14 +1049,11 @@ static int _HandleEccVerify(whServerContext* ctx, uint16_t magic, /* verify the signature */ ret = wc_ecc_verify_hash(req_sig, sig_len, req_hash, hash_len, &result, key); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] EccVerify: key_id=%x, sig_len=%u, hash_len=%u, " + WH_DEBUG_SERVER_VERBOSE("EccVerify: key_id=%x, sig_len=%u, hash_len=%u, " "result=%d, ret=%d\n", key_id, (unsigned)sig_len, (unsigned)hash_len, result, ret); - - wh_Utils_Hexdump("[server] EccVerify hash:", req_hash, hash_len); - wh_Utils_Hexdump("[server] EccVerify sig:", req_sig, sig_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[server] EccVerify hash:", req_hash, hash_len); + WH_DEBUG_VERBOSE_HEXDUMP("[server] EccVerify sig:", req_sig, sig_len); if ((ret == 0) && (export_pub_key != 0)) { /* Export the public key to the result message*/ @@ -1385,10 +1344,7 @@ static int _HandleHkdf(whServerContext* ctx, uint16_t magic, if (WH_KEYID_ISERASED(key_id)) { /* Generate a new id */ ret = wh_Server_KeystoreGetUniqueId(ctx, &key_id); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] HkdfKeyGen UniqueId: keyId:%u, ret:%d\n", - key_id, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("HkdfKeyGen UniqueId: keyId:%u, ret:%d\n", key_id, ret); if (ret != WH_ERROR_OK) { /* Early return on unique ID generation failure */ return ret; @@ -1399,10 +1355,7 @@ static int _HandleHkdf(whServerContext* ctx, uint16_t magic, ret = wh_Server_HkdfKeyCacheImport(ctx, out, outSz, key_id, flags, label_size, label); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] HkdfKeyGen CacheImport: keyId:%u, ret:%d\n", - key_id, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("HkdfKeyGen CacheImport: keyId:%u, ret:%d\n", key_id, ret); if (ret == WH_ERROR_OK) { res.keyIdOut = wh_KeyId_TranslateToClient(key_id); res.outSz = 0; @@ -1612,10 +1565,8 @@ static int _HandleCurve25519KeyGen(whServerContext* ctx, uint16_t magic, if (WH_KEYID_ISERASED(key_id)) { /* Generate a new id */ ret = wh_Server_KeystoreGetUniqueId(ctx, &key_id); -#ifdef DEBUG_CRYPTOCB - printf("[server] %s UniqueId: keyId:%u, ret:%d\n", __func__, + WH_DEBUG_SERVER("UniqueId: keyId:%u, ret:%d\n", key_id, ret); -#endif if (ret != WH_ERROR_OK) { /* Early return on unique ID generation failure */ wc_curve25519_free(key); @@ -1627,10 +1578,8 @@ static int _HandleCurve25519KeyGen(whServerContext* ctx, uint16_t magic, ret = wh_Server_CacheImportCurve25519Key( ctx, key, key_id, flags, label_size, label); } -#ifdef DEBUG_CRYPTOCB - printf("[server] %s CacheImport: keyId:%u, ret:%d\n", __func__, + WH_DEBUG_SERVER_VERBOSE("CacheImport: keyId:%u, ret:%d\n", key_id, ret); -#endif } } wc_curve25519_free(key); @@ -1787,11 +1736,9 @@ static int _HandleAesCtr(whServerContext* ctx, uint16_t magic, uint8_t* out_tmp = out_reg + AES_BLOCK_SIZE; /* Debug printouts */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCtr] Input data ", in, len); - wh_Utils_Hexdump("[AesCtr] IV ", iv, AES_BLOCK_SIZE); - wh_Utils_Hexdump("[AesCtr] tmp ", tmp, AES_BLOCK_SIZE); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCtr] Input data ", in, len); + WH_DEBUG_VERBOSE_HEXDUMP("[AesCtr] IV ", iv, AES_BLOCK_SIZE); + WH_DEBUG_VERBOSE_HEXDUMP("[AesCtr] tmp ", tmp, AES_BLOCK_SIZE); /* Freshen key and validate usage policy if key is not erased */ if (!WH_KEYID_ISERASED(key_id)) { ret = wh_Server_KeystoreFreshenKey(ctx, key_id, &cachedKey, &keyMeta); @@ -1805,15 +1752,11 @@ static int _HandleAesCtr(whServerContext* ctx, uint16_t magic, /* override the incoming values with cached key */ key = cachedKey; key_len = keyMeta->len; -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCtr] Key from HSM", key, key_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCtr] Key from HSM", key, key_len); } } else { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCtr] Key ", key, key_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCtr] Key ", key, key_len); } if (ret == 0) { /* init key with possible hardware */ @@ -1831,18 +1774,14 @@ static int _HandleAesCtr(whServerContext* ctx, uint16_t magic, if (enc != 0) { ret = wc_AesCtrEncrypt(aes, (byte*)out, (byte*)in, (word32)len); if (ret == 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCtr] Encrypted output", out, len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCtr] Encrypted output", out, len); } } else { /* CTR uses the same function for encrypt and decrypt */ ret = wc_AesCtrEncrypt(aes, (byte*)out, (byte*)in, (word32)len); if (ret == 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCtr] Decrypted output", out, len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCtr] Decrypted output", out, len); } } } @@ -1908,10 +1847,8 @@ static int _HandleAesEcb(whServerContext* ctx, uint16_t magic, (uint8_t*)(cryptoDataOut) + sizeof(whMessageCrypto_AesEcbResponse); /* Debug printouts */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesEcb] Input data", in, len); - wh_Utils_Hexdump("[AesEcb] IV", iv, AES_BLOCK_SIZE); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesEcb] Input data", in, len); + WH_DEBUG_VERBOSE_HEXDUMP("[AesEcb] IV", iv, AES_BLOCK_SIZE); /* Freshen key and validate usage policy if key is not erased */ if (!WH_KEYID_ISERASED(key_id)) { ret = wh_Server_KeystoreFreshenKey(ctx, key_id, &cachedKey, &keyMeta); @@ -1925,15 +1862,11 @@ static int _HandleAesEcb(whServerContext* ctx, uint16_t magic, /* override the incoming values with cached key */ key = cachedKey; key_len = keyMeta->len; -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesEcb] Key from HSM", key, key_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesEcb] Key from HSM", key, key_len); } } else { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesEcb] Key ", key, key_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesEcb] Key ", key, key_len); } if (ret == 0) { /* init key with possible hardware */ @@ -1948,17 +1881,13 @@ static int _HandleAesEcb(whServerContext* ctx, uint16_t magic, if (enc != 0) { ret = wc_AesEcbEncrypt(aes, (byte*)out, (byte*)in, (word32)len); if (ret == 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesEcb] Encrypted output", out, len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesEcb] Encrypted output", out, len); } } else { ret = wc_AesEcbDecrypt(aes, (byte*)out, (byte*)in, (word32)len); if (ret == 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesEcb] Decrypted output", out, len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesEcb] Decrypted output", out, len); } } } @@ -2021,10 +1950,8 @@ static int _HandleAesCbc(whServerContext* ctx, uint16_t magic, const void* crypt (uint8_t*)(cryptoDataOut) + sizeof(whMessageCrypto_AesCbcResponse); /* Debug printouts */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCbc] Input data", in, len); - wh_Utils_Hexdump("[AesCbc] IV", iv, AES_BLOCK_SIZE); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCbc] Input data", in, len); + WH_DEBUG_VERBOSE_HEXDUMP("[AesCbc] IV", iv, AES_BLOCK_SIZE); /* Freshen key and validate usage policy if key is not erased */ if (!WH_KEYID_ISERASED(key_id)) { ret = wh_Server_KeystoreFreshenKey(ctx, key_id, &cachedKey, &keyMeta); @@ -2038,15 +1965,11 @@ static int _HandleAesCbc(whServerContext* ctx, uint16_t magic, const void* crypt /* override the incoming values with cached key */ key = cachedKey; key_len = keyMeta->len; -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCbc] Key from HSM", key, key_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCbc] Key from HSM", key, key_len); } } else { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCbc] Key ", key, key_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCbc] Key ", key, key_len); } if (ret == 0) { /* init key with possible hardware */ @@ -2061,17 +1984,13 @@ static int _HandleAesCbc(whServerContext* ctx, uint16_t magic, const void* crypt if (enc != 0) { ret = wc_AesCbcEncrypt(aes, (byte*)out, (byte*)in, (word32)len); if (ret == 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCbc] Encrypted output", out, len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCbc] Encrypted output", out, len); } } else { ret = wc_AesCbcDecrypt(aes, (byte*)out, (byte*)in, (word32)len); if (ret == 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[AesCbc] Decrypted output", out, len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[AesCbc] Decrypted output", out, len); } } } @@ -2145,23 +2064,19 @@ static int _HandleAesGcm(whServerContext* ctx, uint16_t magic, uint32_t res_len = sizeof(whMessageCrypto_AesGcmResponse) + len + ((enc == 0) ? 0 : tag_len); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] AESGCM: enc:%d keylen:%d ivsz:%d insz:%d authinsz:%d " + WH_DEBUG_SERVER_VERBOSE("AESGCM: enc:%d keylen:%d ivsz:%d insz:%d authinsz:%d " "authtagsz:%d reqsz:%u ressz:%u\n", enc, key_len, iv_len, len, authin_len, tag_len, req_len, res_len); - printf("[server] AESGCM: req:%p in:%p key:%p iv:%p authin:%p tag:%p res:%p " + WH_DEBUG_SERVER_VERBOSE("AESGCM: req:%p in:%p key:%p iv:%p authin:%p tag:%p res:%p " "out:%p out_tag:%p\n", &req, in, key, iv, authin, tag, &res, out, out_tag); - wh_Utils_Hexdump("[server] AESGCM req packet: \n", (uint8_t*)cryptoDataIn, + WH_DEBUG_VERBOSE_HEXDUMP("[server] AESGCM req packet: \n", (uint8_t*)cryptoDataIn, req_len); -#endif /* Freshen key and validate usage policy if key is not erased */ if (!WH_KEYID_ISERASED(key_id)) { ret = wh_Server_KeystoreFreshenKey(ctx, key_id, &cachedKey, &keyMeta); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] AesGcm FreshenKey key_id:%u ret:%d\n", key_id, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("AesGcm FreshenKey key_id:%u ret:%d\n", key_id, ret); if (ret == 0) { /* Validate key usage policy */ ret = wh_Server_KeystoreEnforceKeyUsage( @@ -2181,51 +2096,38 @@ static int _HandleAesGcm(whServerContext* ctx, uint16_t magic, if (ret == 0) { /* load the key */ ret = wc_AesGcmSetKey(aes, (byte*)key, (word32)key_len); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] AesGcmSetKey key_id:%u key_len:%u ret:%d\n", key_id, + WH_DEBUG_SERVER_VERBOSE("AesGcmSetKey key_id:%u key_len:%u ret:%d\n", key_id, key_len, ret); - wh_Utils_Hexdump("[server] key: ", key, key_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[server] key: ", key, key_len); if (ret == 0) { /* do the crypto operation */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf( - "[server] enc:%d len:%d, ivSz:%d authTagSz:%d, authInSz:%d\n", + WH_DEBUG_SERVER_VERBOSE("enc:%d len:%d, ivSz:%d authTagSz:%d, authInSz:%d\n", enc, len, iv_len, tag_len, authin_len); - wh_Utils_Hexdump("[server] in: ", in, len); - wh_Utils_Hexdump("[server] iv: ", iv, iv_len); - wh_Utils_Hexdump("[server] authin: ", authin, authin_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[server] in: ", in, len); + WH_DEBUG_VERBOSE_HEXDUMP("[server] iv: ", iv, iv_len); + WH_DEBUG_VERBOSE_HEXDUMP("[server] authin: ", authin, authin_len); if (enc != 0) { /* For encryption, write tag to the response output tag area */ ret = wc_AesGcmEncrypt(aes, (byte*)out, (byte*)in, (word32)len, (byte*)iv, (word32)iv_len, (byte*)out_tag, (word32)tag_len, (byte*)authin, (word32)authin_len); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] enc ret:%d\n", ret); - wh_Utils_Hexdump("[server] out: \n", out, len); - wh_Utils_Hexdump("[server] enc tag: ", out_tag, tag_len); -#endif + WH_DEBUG_SERVER_VERBOSE("enc ret:%d\n", ret); + WH_DEBUG_VERBOSE_HEXDUMP("[server] out: \n", out, len); + WH_DEBUG_VERBOSE_HEXDUMP("[server] enc tag: ", out_tag, tag_len); } else { /* set authTag as a packet input */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[server] dec tag: ", tag, tag_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[server] dec tag: ", tag, tag_len); ret = wc_AesGcmDecrypt(aes, (byte*)out, (byte*)in, (word32)len, (byte*)iv, (word32)iv_len, (byte*)tag, (word32)tag_len, (byte*)authin, (word32)authin_len); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] dec ret:%d\n", ret); - wh_Utils_Hexdump("[server] out: \n", out, len); -#endif + WH_DEBUG_SERVER_VERBOSE("dec ret:%d\n", ret); + WH_DEBUG_VERBOSE_HEXDUMP("[server] out: \n", out, len); } -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[server] post iv: ", iv, iv_len); - wh_Utils_Hexdump("[server] post authin: ", authin, authin_len); -#endif + WH_DEBUG_VERBOSE_HEXDUMP("[server] post iv: ", iv, iv_len); + WH_DEBUG_VERBOSE_HEXDUMP("[server] post authin: ", authin, authin_len); } wc_AesFree(aes); } @@ -2235,11 +2137,9 @@ static int _HandleAesGcm(whServerContext* ctx, uint16_t magic, res.sz = len; res.authTagSz = (enc == 0) ? 0 : tag_len; *outSize = res_len; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] res out_size:%d\n", *outSize); - wh_Utils_Hexdump("[server] AESGCM res packet: \n", + WH_DEBUG_SERVER_VERBOSE("res out_size:%d\n", *outSize); + WH_DEBUG_VERBOSE_HEXDUMP("[server] AESGCM res packet: \n", (uint8_t*)cryptoDataOut, res_len); -#endif /* Translate response back */ ret = wh_MessageCrypto_TranslateAesGcmResponse( @@ -2468,27 +2368,21 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, /* attempt oneshot if all fields are present */ if (req.inSz != 0 && req.keySz != 0 && req.outSz != 0) { len = req.outSz; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac generate oneshot\n"); -#endif + WH_DEBUG_SERVER_VERBOSE("cmac generate oneshot\n"); ret = wc_AesCmacGenerate_ex(ctx->crypto->algoCtx.cmac, out, &len, in, req.inSz, key, req.keySz, NULL, ctx->crypto->devId); res.outSz = len; } else { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac begin keySz:%d inSz:%d outSz:%d keyId:%x\n", + WH_DEBUG_SERVER_VERBOSE("cmac begin keySz:%d inSz:%d outSz:%d keyId:%x\n", req.keySz, req.inSz, req.outSz, req.keyId); -#endif /* do each operation based on which fields are set */ if (req.keySz != 0) { /* initialize cmac with key and type */ ret = wc_InitCmac_ex(ctx->crypto->algoCtx.cmac, key, req.keySz, req.type, NULL, NULL, ctx->crypto->devId); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac init with key:%p keylen:%d, type:%d ret:%d\n", + WH_DEBUG_SERVER_VERBOSE("cmac init with key:%p keylen:%d, type:%d ret:%d\n", key, req.keySz, req.type, ret); -#endif } else { /* Key is not present, meaning client wants to use AES key from * cache/nvm. In order to support multiple sequential CmacUpdate() @@ -2522,9 +2416,7 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, * overwrite the existing key on exit */ if (len == AES_128_KEY_SIZE || len == AES_192_KEY_SIZE || len == AES_256_KEY_SIZE) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac readkey got key len:%u\n", len); -#endif + WH_DEBUG_SERVER("cmac readkey got key len:%u\n", len); moveToBigCache = 1; memcpy(tmpKey, (uint8_t*)ctx->crypto->algoCtx.cmac, len); @@ -2532,10 +2424,8 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, WC_CMAC_AES, NULL, NULL, ctx->crypto->devId); } else if (len != sizeof(ctx->crypto->algoCtx.cmac)) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac bad readkey len:%u. sizeof(cmac):%lu\n", + WH_DEBUG_SERVER("cmac bad readkey len:%u. sizeof(cmac):%lu\n", len, sizeof(ctx->crypto->algoCtx.cmac)); -#endif ret = BAD_FUNC_ARG; } } @@ -2544,10 +2434,8 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, /* initialize cmac with key and type */ ret = wc_InitCmac_ex(ctx->crypto->algoCtx.cmac, NULL, req.keySz, req.type, NULL, NULL, ctx->crypto->devId); -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac init with NULL type:%d ret:%d\n", + WH_DEBUG_SERVER("cmac init with NULL type:%d ret:%d\n", req.type, ret); -#endif } } /* Handle CMAC update, checking for cancellation */ @@ -2567,9 +2455,7 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, } #endif } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac update done. ret:%d\n", ret); -#endif + WH_DEBUG_SERVER_VERBOSE("cmac update done. ret:%d\n", ret); } /* Check if we should finalize and evict, or cache for future calls @@ -2578,9 +2464,7 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Finalize CMAC operation */ keyId = req.keyId; len = req.outSz; -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac final keyId:%x len:%d\n", keyId, len); -#endif + WH_DEBUG_SERVER_VERBOSE("cmac final keyId:%x len:%d\n", keyId, len); ret = wc_CmacFinal(ctx->crypto->algoCtx.cmac, out, &len); res.outSz = len; res.keyId = WH_KEYID_ERASED; @@ -2647,10 +2531,8 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, res.outSz = 0; } } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac saved state in keyid:%x %x len:%u ret:%d type:%d\n", + WH_DEBUG_SERVER_VERBOSE("cmac saved state in keyid:%x %x len:%u ret:%d type:%d\n", keyId, WH_KEYID_ID(keyId), meta->len, ret, ctx->crypto->algoCtx.cmac->type); -#endif } } } break; @@ -2665,12 +2547,10 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, *outSize = sizeof(res) + res.outSz; } } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] cmac end ret:%d\n", ret); -#endif + WH_DEBUG_SERVER_VERBOSE("cmac end ret:%d\n", ret); return ret; } -#endif +#endif /* WOLFSSL_CMAC */ #ifndef NO_SHA256 static int _HandleSha256(whServerContext* ctx, uint16_t magic, @@ -3062,10 +2942,8 @@ static int _HandleMlDsaKeyGen(whServerContext* ctx, uint16_t magic, if (WH_KEYID_ISERASED(key_id)) { /* Generate a new id */ ret = wh_Server_KeystoreGetUniqueId(ctx, &key_id); -#ifdef DEBUG_CRYPTOCB - printf("[server] %s UniqueId: keyId:%u, ret:%d\n", - __func__, key_id, ret); -#endif + WH_DEBUG_SERVER("UniqueId: keyId:%u, ret:%d\n", + key_id, ret); if (ret != WH_ERROR_OK) { /* Early return on unique ID generation failure */ @@ -3077,10 +2955,8 @@ static int _HandleMlDsaKeyGen(whServerContext* ctx, uint16_t magic, ret = wh_Server_MlDsaKeyCacheImport( ctx, key, key_id, flags, label_size, label); } -#ifdef DEBUG_CRYPTOCB - printf("[server] %s CacheImport: keyId:%u, ret:%d\n", - __func__, key_id, ret); -#endif + WH_DEBUG_SERVER("CacheImport: keyId:%u, ret:%d\n", + key_id, ret); } } } @@ -3382,13 +3258,9 @@ int wh_Server_HandleCryptoRequest(whServerContext* ctx, uint16_t magic, magic, (whMessageCrypto_GenericRequestHeader*)req_packet, &rqstHeader); -#ifdef DEBUG_CRYPTOCB - printf("[server] HandleCryptoRequest. Action:%u\n", action); -#ifdef DEBUG_CRYPTOCB_VERBOSE - wh_Utils_Hexdump("[server] Crypto Request:\n", (const uint8_t*)req_packet, + WH_DEBUG_SERVER_VERBOSE("HandleCryptoRequest. Action:%u\n", action); + WH_DEBUG_VERBOSE_HEXDUMP("[server] Crypto Request:\n", (const uint8_t*)req_packet, req_size); -#endif -#endif switch (action) { case WC_ALGO_TYPE_CIPHER: switch (rqstHeader.algoType) { @@ -3424,9 +3296,7 @@ int wh_Server_HandleCryptoRequest(whServerContext* ctx, uint16_t magic, } break; case WC_ALGO_TYPE_PK: { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] PK type:%d\n", rqstHeader.algoType); -#endif + WH_DEBUG_SERVER_VERBOSE("PK type:%d\n", rqstHeader.algoType); switch (rqstHeader.algoType) { #ifndef NO_RSA #ifdef WOLFSSL_KEY_GEN @@ -3563,62 +3433,46 @@ int wh_Server_HandleCryptoRequest(whServerContext* ctx, uint16_t magic, switch (rqstHeader.algoType) { #ifndef NO_SHA256 case WC_HASH_TYPE_SHA256: -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] SHA256 req recv. type:%u\n", + WH_DEBUG_SERVER("SHA256 req recv. type:%u\n", rqstHeader.algoType); -#endif ret = _HandleSha256(ctx, magic, cryptoDataIn, cryptoInSize, cryptoDataOut, &cryptoOutSize); -#ifdef DEBUG_CRYPTOCB_VERBOSE if (ret != 0) { - printf("[server] SHA256 ret = %d\n", ret); + WH_DEBUG_SERVER("SHA256 ret = %d\n", ret); } -#endif break; #endif /* !NO_SHA256 */ #if defined(WOLFSSL_SHA224) case WC_HASH_TYPE_SHA224: -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] SHA224 req recv. type:%u\n", + WH_DEBUG_SERVER("SHA224 req recv. type:%u\n", rqstHeader.algoType); -#endif ret = _HandleSha224(ctx, magic, cryptoDataIn, cryptoInSize, cryptoDataOut, &cryptoOutSize); -#ifdef DEBUG_CRYPTOCB_VERBOSE if (ret != 0) { - printf("[server] SHA224 ret = %d\n", ret); + WH_DEBUG_SERVER("SHA224 ret = %d\n", ret); } -#endif break; #endif /* WOLFSSL_SHA224 */ #if defined(WOLFSSL_SHA384) case WC_HASH_TYPE_SHA384: -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] SHA384 req recv. type:%u\n", + WH_DEBUG_SERVER("SHA384 req recv. type:%u\n", rqstHeader.algoType); -#endif ret = _HandleSha384(ctx, magic, cryptoDataIn, cryptoInSize, cryptoDataOut, &cryptoOutSize); -#ifdef DEBUG_CRYPTOCB_VERBOSE if (ret != 0) { - printf("[server] SHA384 ret = %d\n", ret); + WH_DEBUG_SERVER("SHA384 ret = %d\n", ret); } -#endif break; #endif /* WOLFSSL_SHA384 */ #if defined(WOLFSSL_SHA512) case WC_HASH_TYPE_SHA512: -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] SHA512 req recv. type:%u\n", + WH_DEBUG_SERVER("SHA512 req recv. type:%u\n", rqstHeader.algoType); -#endif ret = _HandleSha512(ctx, magic, cryptoDataIn, cryptoInSize, cryptoDataOut, &cryptoOutSize); -#ifdef DEBUG_CRYPTOCB_VERBOSE if (ret != 0) { - printf("[server] SHA512 ret = %d\n", ret); + WH_DEBUG_SERVER("SHA512 ret = %d\n", ret); } -#endif break; #endif /* WOLFSSL_SHA512 */ default: @@ -3650,9 +3504,7 @@ int wh_Server_HandleCryptoRequest(whServerContext* ctx, uint16_t magic, sizeof(whMessageCrypto_GenericResponseHeader) + cryptoOutSize; } -#ifdef DEBUG_CRYPTOCB - printf("[server] %s End ret:%d\n", __func__, ret); -#endif + WH_DEBUG_SERVER_VERBOSE("End ret:%d\n", ret); /* Since crypto error codes are propagated to the client in the response * packet, return success to the caller unless a cancellation has occurred @@ -3726,9 +3578,7 @@ static int _HandleSha256Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Finalize the SHA256 operation */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] wc_Sha256Final: outAddr=%p\n", outAddr); -#endif + WH_DEBUG_SERVER_VERBOSE(" wc_Sha256Final: outAddr=%p\n", outAddr); ret = wc_Sha256Final(sha256, outAddr); } @@ -3752,10 +3602,8 @@ static int _HandleSha256Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Update the SHA256 operation */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] wc_Sha256Update: inAddr=%p, sz=%llu\n", inAddr, + WH_DEBUG_SERVER_VERBOSE(" wc_Sha256Update: inAddr=%p, sz=%llu\n", inAddr, (long long unsigned int)req.input.sz); -#endif ret = wc_Sha256Update(sha256, inAddr, req.input.sz); } @@ -3848,9 +3696,7 @@ static int _HandleSha224Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Finalize the SHA224 operation */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] wc_Sha224Final: outAddr=%p\n", outAddr); -#endif + WH_DEBUG_SERVER_VERBOSE(" wc_Sha224Final: outAddr=%p\n", outAddr); ret = wc_Sha224Final(sha224, outAddr); } @@ -3874,10 +3720,8 @@ static int _HandleSha224Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Update the SHA224 operation */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] wc_Sha224Update: inAddr=%p, sz=%llu\n", inAddr, + WH_DEBUG_SERVER_VERBOSE(" wc_Sha224Update: inAddr=%p, sz=%llu\n", inAddr, (long long unsigned int)req.input.sz); -#endif ret = wc_Sha224Update(sha224, inAddr, req.input.sz); } @@ -3970,9 +3814,7 @@ static int _HandleSha384Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Finalize the SHA384 operation */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] wc_Sha384Final: outAddr=%p\n", outAddr); -#endif + WH_DEBUG_SERVER_VERBOSE(" wc_Sha384Final: outAddr=%p\n", outAddr); ret = wc_Sha384Final(sha384, outAddr); } @@ -3996,10 +3838,8 @@ static int _HandleSha384Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Update the SHA384 operation */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] wc_Sha384Update: inAddr=%p, sz=%llu\n", inAddr, + WH_DEBUG_SERVER_VERBOSE(" wc_Sha384Update: inAddr=%p, sz=%llu\n", inAddr, (long long unsigned int)req.input.sz); -#endif ret = wc_Sha384Update(sha384, inAddr, req.input.sz); } @@ -4094,10 +3934,8 @@ static int _HandleSha512Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Finalize the SHA512 operation */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] wc_Sha512Final: outAddr=%p\n", outAddr); - printf("[server] hashTpe: %d\n", hashType); -#endif + WH_DEBUG_SERVER_VERBOSE(" wc_Sha512Final: outAddr=%p\n", outAddr); + WH_DEBUG_SERVER_VERBOSE(" hashTpe: %d\n", hashType); switch (hashType) { case WC_HASH_TYPE_SHA512_224: ret = wc_Sha512_224Final(sha512, outAddr); @@ -4131,10 +3969,8 @@ static int _HandleSha512Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Update the SHA512 operation */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] wc_Sha512Update: inAddr=%p, sz=%llu\n", inAddr, + WH_DEBUG_SERVER_VERBOSE(" wc_Sha512Update: inAddr=%p, sz=%llu\n", inAddr, (long long unsigned int)req.input.sz); -#endif ret = wc_Sha512Update(sha512, inAddr, req.input.sz); } @@ -4250,10 +4086,8 @@ static int _HandleMlDsaKeyGenDma(whServerContext* ctx, uint16_t magic, if (WH_KEYID_ISERASED(keyId)) { /* Generate a new id */ ret = wh_Server_KeystoreGetUniqueId(ctx, &keyId); -#ifdef DEBUG_CRYPTOCB - printf("[server] %s UniqueId: keyId:%u, ret:%d\n", - __func__, keyId, ret); -#endif + WH_DEBUG_SERVER("UniqueId: keyId:%u, ret:%d\n", + keyId, ret); if (ret != WH_ERROR_OK) { /* Early return on unique ID generation failure */ @@ -4266,11 +4100,8 @@ static int _HandleMlDsaKeyGenDma(whServerContext* ctx, uint16_t magic, ret = wh_Server_MlDsaKeyCacheImport( ctx, key, keyId, req.flags, req.labelSize, req.label); -#ifdef DEBUG_CRYPTOCB - printf( - "[server] %s CacheImport: keyId:%u, ret:%d\n", - __func__, keyId, ret); -#endif + WH_DEBUG_SERVER("CacheImport: keyId:%u, ret:%d\n", + keyId, ret); if (ret == 0) { res.keyId = wh_KeyId_TranslateToClient(keyId); res.keySize = keySize; @@ -4637,13 +4468,11 @@ static int _HandleCmacDma(whServerContext* ctx, uint16_t magic, uint16_t seq, cmac->devId = ctx->crypto->devId; /* Print out the state of req */ -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] DMA CMAC req recv. type:%u keySz:%u inSz:%u outSz:%u " + WH_DEBUG_SERVER_VERBOSE("DMA CMAC req recv. type:%u keySz:%u inSz:%u outSz:%u " "finalize:%u\n", (unsigned int)req.type, (unsigned int)req.key.sz, (unsigned int)req.input.sz, (unsigned int)req.output.sz, (unsigned int)req.finalize); -#endif /* Translate all DMA addresses upfront */ if (req.input.sz != 0) { @@ -4683,9 +4512,7 @@ static int _HandleCmacDma(whServerContext* ctx, uint16_t magic, uint16_t seq, * 3. One-shot operation with context already initialized with a key */ if (req.input.sz != 0 && req.output.sz != 0) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] CMAC one-shot operation detected\n"); -#endif + WH_DEBUG_SERVER_VERBOSE("CMAC one-shot operation detected\n"); /* Case 1: Direct one-shot operation with key provided in * request This is the simplest case - we have the key directly @@ -4879,9 +4706,7 @@ static int _HandleCmacDma(whServerContext* ctx, uint16_t magic, uint16_t seq, ctx, req.input.addr, &inAddr, req.input.sz, WH_DMA_OPER_CLIENT_READ_POST, (whServerDmaFlags){0}) != WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] Error cleaning up input DMA address\n"); -#endif + WH_DEBUG_SERVER_VERBOSE("Error cleaning up input DMA address\n"); } } @@ -4890,9 +4715,7 @@ static int _HandleCmacDma(whServerContext* ctx, uint16_t magic, uint16_t seq, ctx, req.output.addr, &outAddr, req.output.sz, WH_DMA_OPER_CLIENT_WRITE_POST, (whServerDmaFlags){0}) != WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] Error cleaning up output DMA address\n"); -#endif + WH_DEBUG_SERVER_VERBOSE("Error cleaning up output DMA address\n"); } } @@ -4901,9 +4724,7 @@ static int _HandleCmacDma(whServerContext* ctx, uint16_t magic, uint16_t seq, ctx, req.key.addr, &keyAddr, req.key.sz, WH_DMA_OPER_CLIENT_READ_POST, (whServerDmaFlags){0}) != WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] Error cleaning up key DMA address\n"); -#endif + WH_DEBUG_SERVER_VERBOSE("Error cleaning up key DMA address\n"); } } @@ -4967,10 +4788,8 @@ static int _HandleRngDma(whServerContext* ctx, uint16_t magic, uint16_t seq, /* Generate random bytes directly into client memory */ if (ret == WH_ERROR_OK) { -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] RNG DMA: generating %llu bytes to addr=%p\n", + WH_DEBUG_SERVER_VERBOSE("RNG DMA: generating %llu bytes to addr=%p\n", (long long unsigned int)req.output.sz, outAddr); -#endif ret = wc_RNG_GenerateBlock(ctx->crypto->rng, outAddr, req.output.sz); } @@ -4993,7 +4812,9 @@ static int _HandleRngDma(whServerContext* ctx, uint16_t magic, uint16_t seq, return ret; } #endif /* !WC_NO_RNG */ +#endif /* WOLFHSM_CFG_DMA */ +#ifdef WOLFHSM_CFG_DMA int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic, uint16_t action, uint16_t seq, uint16_t req_size, const void* req_packet, @@ -5032,11 +4853,9 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic, ret = _HandleSha256Dma(ctx, magic, seq, cryptoDataIn, cryptoInSize, cryptoDataOut, &cryptoOutSize); -#ifdef DEBUG_CRYPTOCB_VERBOSE if (ret != 0) { - printf("[server] DMA SHA256 ret = %d\n", ret); + WH_DEBUG_SERVER("DMA SHA256 ret = %d\n", ret); } -#endif break; #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA224 @@ -5044,11 +4863,9 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic, ret = _HandleSha224Dma(ctx, magic, seq, cryptoDataIn, cryptoInSize, cryptoDataOut, &cryptoOutSize); -#ifdef DEBUG_CRYPTOCB_VERBOSE if (ret != 0) { - printf("[server] DMA SHA224 ret = %d\n", ret); + WH_DEBUG_SERVER("DMA SHA224 ret = %d\n", ret); } -#endif break; #endif /* WOLFSSL_SHA224 */ #ifdef WOLFSSL_SHA384 @@ -5056,11 +4873,9 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic, ret = _HandleSha384Dma(ctx, magic, seq, cryptoDataIn, cryptoInSize, cryptoDataOut, &cryptoOutSize); -#ifdef DEBUG_CRYPTOCB_VERBOSE if (ret != 0) { - printf("[server] DMA SHA384 ret = %d\n", ret); + WH_DEBUG_SERVER("DMA SHA384 ret = %d\n", ret); } -#endif break; #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 @@ -5068,11 +4883,9 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic, ret = _HandleSha512Dma(ctx, magic, seq, cryptoDataIn, cryptoInSize, cryptoDataOut, &cryptoOutSize); -#ifdef DEBUG_CRYPTOCB_VERBOSE if (ret != 0) { - printf("[server] DMA SHA512 ret = %d\n", ret); + WH_DEBUG_SERVER("DMA SHA512 ret = %d\n", ret); } -#endif break; #endif /* WOLFSSL_SHA512 */ } @@ -5144,9 +4957,7 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic, } -#ifdef DEBUG_CRYPTOCB_VERBOSE - printf("[server] Crypto DMA request. Action:%u\n", action); -#endif + WH_DEBUG_SERVER_VERBOSE("Crypto DMA request. Action:%u\n", action); /* Since crypto error codes are propagated to the client in the response * packet, return success to the caller unless a cancellation has occurred */ diff --git a/src/wh_server_keystore.c b/src/wh_server_keystore.c index 720020a9..aa68a342 100644 --- a/src/wh_server_keystore.c +++ b/src/wh_server_keystore.c @@ -409,10 +409,8 @@ int wh_Server_KeystoreCacheKey(whServerContext* server, whNvmMetadata* meta, else { ctx->cache[foundIndex].committed = 1; } -#if defined(DEBUG_CRYPTOCB) && defined(DEBUG_CRYPTOCB_VERBOSE) - printf("[server] cacheKey: caching keyid=%u\n", meta->id); - wh_Utils_Hexdump("[server] cacheKey: key=", in, meta->len); -#endif + WH_DEBUG_SERVER_VERBOSE("cacheKey: caching keyid=%u\n", meta->id); + WH_DEBUG_VERBOSE_HEXDUMP("[server] cacheKey: key=", in, meta->len); } } else { @@ -455,12 +453,10 @@ int wh_Server_KeystoreCacheKey(whServerContext* server, whNvmMetadata* meta, if (foundIndex == -1) { return WH_ERROR_NOSPACE; } -#if defined(DEBUG_CRYPTOCB) && defined(DEBUG_CRYPTOCB_VERBOSE) else { - printf("[server] hsmCacheKey: cached keyid=0x%X in slot %d, len=%u\n", + WH_DEBUG_SERVER_VERBOSE("hsmCacheKey: cached keyid=0x%X in slot %d, len=%u\n", meta->id, foundIndex, meta->len); } -#endif return 0; } @@ -641,12 +637,10 @@ int wh_Server_KeystoreEvictKey(whServerContext* server, whNvmId keyId) /* Use the unified evict function */ ret = _EvictKeyFromCache(ctx, keyId); -#if defined(DEBUG_CRYPTOCB) && defined(DEBUG_CRYPTOCB_VERBOSE) if (ret == 0) { - printf("[server] wh_Server_KeystoreEvictKey: evicted keyid=0x%X\n", + WH_DEBUG_SERVER_VERBOSE("wh_Server_KeystoreEvictKey: evicted keyid=0x%X\n", keyId); } -#endif return ret; } diff --git a/src/wh_utils.c b/src/wh_utils.c index c4d7bb57..286224f0 100644 --- a/src/wh_utils.c +++ b/src/wh_utils.c @@ -142,18 +142,18 @@ void wh_Utils_Hexdump(const char* initial, const uint8_t* ptr, size_t size) #define HEXDUMP_BYTES_PER_LINE 16 int count = 0; if(initial != NULL) - printf("%s",initial); + WOLFHSM_CFG_PRINTF("%s",initial); while(size > 0) { - printf ("%02X ", *ptr); + WOLFHSM_CFG_PRINTF("%02X ", *ptr); ptr++; size --; count++; if (count % HEXDUMP_BYTES_PER_LINE == 0) { - printf("\n"); + WOLFHSM_CFG_PRINTF("\n"); } } if((count % HEXDUMP_BYTES_PER_LINE) != 0) { - printf("\n"); + WOLFHSM_CFG_PRINTF("\n"); } } #endif diff --git a/test/Makefile b/test/Makefile index 540a0410..d35ac286 100644 --- a/test/Makefile +++ b/test/Makefile @@ -69,6 +69,16 @@ ifeq ($(DEBUG),1) DBGFLAGS = -ggdb -g3 CFLAGS += $(DBGFLAGS) LDFLAGS += $(DBGFLAGS) + DEF += -DWOLFHSM_CFG_DEBUG +endif + +# Check if DEBUG_VERBOSE is set to 1 and enable verbose WOLFHSM debug output +# Note: DEBUG_VERBOSE implies DEBUG +ifeq ($(DEBUG_VERBOSE),1) + DBGFLAGS = -ggdb -g3 + CFLAGS += $(DBGFLAGS) + LDFLAGS += $(DBGFLAGS) + DEF += -DWOLFHSM_CFG_DEBUG -DWOLFHSM_CFG_DEBUG_VERBOSE endif # Add address sanitizer option @@ -88,15 +98,6 @@ ifeq ($(DEBUG_WOLFSSL),1) DEF += -DDEBUG_WOLFSSL endif -ifeq ($(DEBUG_CRYPTOCB),1) - DEF += -DDEBUG_CRYPTOCB -endif - -ifeq ($(DEBUG_CRYPTOCB_VERBOSE),1) - DEF += -DDEBUG_CRYPTOCB -DDEBUG_CRYPTOCB_VERBOSE -endif - - ## wolfHSM defines ifeq ($(NOCRYPTO),1) DEF += -DWOLFHSM_CFG_NO_CRYPTO diff --git a/test/config/user_settings.h b/test/config/user_settings.h index 1d341c21..776050c5 100644 --- a/test/config/user_settings.h +++ b/test/config/user_settings.h @@ -31,8 +31,8 @@ /* #define WC_NO_ASYNC_THREADING */ /* -#define DEBUG_CRYPTOCB -#define DEBUG_CRYPTOCB_VERBOSE +#define WOLFHSM_CFG_DEBUG +#define WOLFHSM_CFG_DEBUG_VERBOSE */ /** wolfHSM required settings for wolfCrypt */ diff --git a/test/wh_test.c b/test/wh_test.c index 413077ab..dad3f986 100644 --- a/test/wh_test.c +++ b/test/wh_test.c @@ -61,7 +61,7 @@ #if defined(WOLFHSM_CFG_ENABLE_CLIENT) && defined(WOLFHSM_CFG_ENABLE_SERVER) int whTest_Unit(void) { - printf("Enter unit tests\n"); + WH_TEST_PRINT("Enter unit tests\n"); /* Component Tests */ WH_TEST_ASSERT(0 == whTest_Flash_RamSim()); diff --git a/test/wh_test_cert.c b/test/wh_test_cert.c index cba10744..0233d90b 100644 --- a/test/wh_test_cert.c +++ b/test/wh_test_cert.c @@ -68,30 +68,30 @@ int whTest_CertServerCfg(whServerConfig* serverCfg) /* Initialize server */ WH_TEST_RETURN_ON_FAIL(wh_Server_Init(server, serverCfg)); - WH_DEBUG_PRINT("Server initialized successfully\n"); + WH_TEST_DEBUG_PRINT("Server initialized successfully\n"); WH_TEST_RETURN_ON_FAIL(wh_Server_CertInit(server)); /* Add trusted root certificate for chain A */ - WH_DEBUG_PRINT("Adding trusted root certificate for chain A...\n"); + WH_TEST_DEBUG_PRINT("Adding trusted root certificate for chain A...\n"); WH_TEST_RETURN_ON_FAIL(wh_Server_CertAddTrusted( server, rootCertA, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_A_CERT, ROOT_A_CERT_len)); /* Add trusted root certificate for chain B */ - WH_DEBUG_PRINT("Adding trusted root certificate for chain B...\n"); + WH_TEST_DEBUG_PRINT("Adding trusted root certificate for chain B...\n"); WH_TEST_RETURN_ON_FAIL(wh_Server_CertAddTrusted( server, rootCertB, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_B_CERT, ROOT_B_CERT_len)); /* Verify valid single cert (intermediate) */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Verifying valid single certificate...using intermediate cert\n"); WH_TEST_RETURN_ON_FAIL(wh_Server_CertVerify( server, INTERMEDIATE_A_CERT, INTERMEDIATE_A_CERT_len, rootCertA, WH_CERT_FLAGS_NONE, NULL)); /* attempt to verify invalid cert (leaf w/o intermediate), should fail */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Attempting to verify invalid single certificate...using leaf cert " "without intermediate\n"); WH_TEST_ASSERT_RETURN(WH_ERROR_CERT_VERIFY == @@ -101,7 +101,7 @@ int whTest_CertServerCfg(whServerConfig* serverCfg) /* attempt to verify invalid cert (intermediate with different root), * should fail */ - WH_DEBUG_PRINT("Attempting to verify invalid single certificate...using " + WH_TEST_DEBUG_PRINT("Attempting to verify invalid single certificate...using " "intermediate cert with different root\n"); WH_TEST_ASSERT_RETURN(WH_ERROR_CERT_VERIFY == wh_Server_CertVerify(server, INTERMEDIATE_B_CERT, @@ -110,19 +110,19 @@ int whTest_CertServerCfg(whServerConfig* serverCfg) NULL)); /* Verify valid chain */ - WH_DEBUG_PRINT("Verifying valid certificate chain...\n"); + WH_TEST_DEBUG_PRINT("Verifying valid certificate chain...\n"); WH_TEST_RETURN_ON_FAIL(wh_Server_CertVerify(server, RAW_CERT_CHAIN_A, RAW_CERT_CHAIN_A_len, rootCertA, WH_CERT_FLAGS_NONE, NULL)); /* Verify valid chain B */ - WH_DEBUG_PRINT("Verifying valid certificate chain B...\n"); + WH_TEST_DEBUG_PRINT("Verifying valid certificate chain B...\n"); WH_TEST_RETURN_ON_FAIL(wh_Server_CertVerify(server, RAW_CERT_CHAIN_B, RAW_CERT_CHAIN_B_len, rootCertB, WH_CERT_FLAGS_NONE, NULL)); /* attempt to verify invalid chains, should fail */ - WH_DEBUG_PRINT("Attempting to verify invalid certificate chains...\n"); + WH_TEST_DEBUG_PRINT("Attempting to verify invalid certificate chains...\n"); WH_TEST_ASSERT_RETURN(WH_ERROR_CERT_VERIFY == wh_Server_CertVerify(server, RAW_CERT_CHAIN_A, RAW_CERT_CHAIN_A_len, rootCertB, @@ -133,11 +133,11 @@ int whTest_CertServerCfg(whServerConfig* serverCfg) WH_CERT_FLAGS_NONE, NULL)); /* remove trusted root certificate for chain A */ - WH_DEBUG_PRINT("Removing trusted root certificates...\n"); + WH_TEST_DEBUG_PRINT("Removing trusted root certificates...\n"); WH_TEST_RETURN_ON_FAIL(wh_Server_CertEraseTrusted(server, rootCertA)); WH_TEST_RETURN_ON_FAIL(wh_Server_CertEraseTrusted(server, rootCertB)); - WH_DEBUG_PRINT("Test completed successfully\n"); + WH_TEST_DEBUG_PRINT("Test completed successfully\n"); return rc; } #endif /* WOLFHSM_CFG_ENABLE_SERVER */ @@ -153,28 +153,28 @@ int whTest_CertClient(whClientContext* client) uint8_t exportedPubKey[LEAF_A_PUBKEY_len]; uint16_t exportedPubKeyLen = sizeof(exportedPubKey); - WH_DEBUG_PRINT("Starting certificate client test...\n"); + WH_TEST_DEBUG_PRINT("Starting certificate client test...\n"); /* Initialize certificate manager */ - WH_DEBUG_PRINT("Initializing certificate manager...\n"); + WH_TEST_DEBUG_PRINT("Initializing certificate manager...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertInit(client, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Add root certificates to NVM */ - WH_DEBUG_PRINT("Adding root certificate A to NVM...\n"); + WH_TEST_DEBUG_PRINT("Adding root certificate A to NVM...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrusted( client, rootCertA_id, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_A_CERT, ROOT_A_CERT_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); - WH_DEBUG_PRINT("Adding root certificate B to NVM...\n"); + WH_TEST_DEBUG_PRINT("Adding root certificate B to NVM...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrusted( client, rootCertB_id, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_B_CERT, ROOT_B_CERT_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Verify valid single cert (intermediate) */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Verifying valid single certificate...using intermediate cert\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerify(client, INTERMEDIATE_A_CERT, INTERMEDIATE_A_CERT_len, @@ -182,7 +182,7 @@ int whTest_CertClient(whClientContext* client) WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* attempt to verify invalid cert (leaf w/o intermediate), should fail */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Attempting to verify invalid single certificate...using leaf cert " "without intermediate\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerify( @@ -191,7 +191,7 @@ int whTest_CertClient(whClientContext* client) /* attempt to verify invalid cert (intermediate with different root), * should fail */ - WH_DEBUG_PRINT("Attempting to verify invalid single certificate...using " + WH_TEST_DEBUG_PRINT("Attempting to verify invalid single certificate...using " "intermediate cert with different root\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerify(client, INTERMEDIATE_B_CERT, INTERMEDIATE_B_CERT_len, @@ -199,19 +199,19 @@ int whTest_CertClient(whClientContext* client) WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_CERT_VERIFY); /* Verify valid chain */ - WH_DEBUG_PRINT("Verifying valid certificate chain...\n"); + WH_TEST_DEBUG_PRINT("Verifying valid certificate chain...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerify( client, RAW_CERT_CHAIN_A, RAW_CERT_CHAIN_A_len, rootCertA_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Verify valid chain B */ - WH_DEBUG_PRINT("Verifying valid certificate chain B...\n"); + WH_TEST_DEBUG_PRINT("Verifying valid certificate chain B...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerify( client, RAW_CERT_CHAIN_B, RAW_CERT_CHAIN_B_len, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* attempt to verify invalid chains, should fail */ - WH_DEBUG_PRINT("Attempting to verify invalid certificate chains...\n"); + WH_TEST_DEBUG_PRINT("Attempting to verify invalid certificate chains...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerify( client, RAW_CERT_CHAIN_A, RAW_CERT_CHAIN_A_len, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_CERT_VERIFY); @@ -221,7 +221,7 @@ int whTest_CertClient(whClientContext* client) WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_CERT_VERIFY); /* Test verify with cached leaf public key */ - WH_DEBUG_PRINT("Testing verify with cached leaf public key...\n"); + WH_TEST_PRINT("Testing verify with cached leaf public key...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyAndCacheLeafPubKey( client, RAW_CERT_CHAIN_A, RAW_CERT_CHAIN_A_len, rootCertA_id, &out_keyId, &out_rc)); @@ -245,7 +245,7 @@ int whTest_CertClient(whClientContext* client) 0 == memcmp(exportedPubKey, LEAF_A_PUBKEY, LEAF_A_PUBKEY_len)); /* Clean up - delete the root certificates */ - WH_DEBUG_PRINT("Deleting root certificates...\n"); + WH_TEST_DEBUG_PRINT("Deleting root certificates...\n"); WH_TEST_RETURN_ON_FAIL( wh_Client_CertEraseTrusted(client, rootCertA_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); @@ -257,7 +257,7 @@ int whTest_CertClient(whClientContext* client) /* Test non-exportable flag enforcement */ WH_TEST_RETURN_ON_FAIL(whTest_CertNonExportable(client)); - WH_DEBUG_PRINT("Certificate client test completed successfully\n"); + WH_TEST_DEBUG_PRINT("Certificate client test completed successfully\n"); return rc; } @@ -271,42 +271,42 @@ int whTest_CertClientAcert(whClientContext* client) whNvmId trustedCertId = 1; whNvmId rootCertB_id = 2; - WH_DEBUG_PRINT("Starting attribute certificate client test...\n"); + WH_TEST_DEBUG_PRINT("Starting attribute certificate client test...\n"); /* Initialize certificate manager */ - WH_DEBUG_PRINT("Initializing certificate manager...\n"); + WH_TEST_DEBUG_PRINT("Initializing certificate manager...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertInit(client, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Add trusted certificate to NVM */ - WH_DEBUG_PRINT("Adding trusted certificate to NVM...\n"); + WH_TEST_DEBUG_PRINT("Adding trusted certificate to NVM...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrusted( client, trustedCertId, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, caCert_der, caCert_der_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); - WH_DEBUG_PRINT("Adding root certificate B to NVM...\n"); + WH_TEST_DEBUG_PRINT("Adding root certificate B to NVM...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrusted( client, rootCertB_id, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_B_CERT, ROOT_B_CERT_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Verify attribute certificate */ - WH_DEBUG_PRINT("Verifying attribute certificate...\n"); + WH_TEST_DEBUG_PRINT("Verifying attribute certificate...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyAcert( client, attrCert_der, attrCert_der_len, trustedCertId, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Attempt to verify attribute certificate with different root, should fail */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Attempting to verify attribute certificate with different root...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyAcert( client, attrCert_der, attrCert_der_len, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_CERT_VERIFY); /* Clean up - delete the trusted certificates */ - WH_DEBUG_PRINT("Deleting trusted certificates...\n"); + WH_TEST_DEBUG_PRINT("Deleting trusted certificates...\n"); WH_TEST_RETURN_ON_FAIL( wh_Client_CertEraseTrusted(client, trustedCertId, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); @@ -315,7 +315,7 @@ int whTest_CertClientAcert(whClientContext* client) wh_Client_CertEraseTrusted(client, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Attribute certificate client test completed successfully\n"); return rc; @@ -338,28 +338,28 @@ int whTest_CertClientDma_ClientServerTestInternal(whClientContext* client) uint8_t exportedPubKey[LEAF_A_PUBKEY_len]; uint16_t exportedPubKeyLen = sizeof(exportedPubKey); - WH_DEBUG_PRINT("Starting certificate client DMA test...\n"); + WH_TEST_DEBUG_PRINT("Starting certificate client DMA test...\n"); /* Initialize certificate manager */ - WH_DEBUG_PRINT("Initializing certificate manager...\n"); + WH_TEST_DEBUG_PRINT("Initializing certificate manager...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertInit(client, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Add root certificates to NVM */ - WH_DEBUG_PRINT("Adding root certificate A to NVM...\n"); + WH_TEST_DEBUG_PRINT("Adding root certificate A to NVM...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrustedDma( client, rootCertA_id, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_A_CERT, ROOT_A_CERT_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); - WH_DEBUG_PRINT("Adding root certificate B to NVM...\n"); + WH_TEST_DEBUG_PRINT("Adding root certificate B to NVM...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrustedDma( client, rootCertB_id, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_B_CERT, ROOT_B_CERT_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Verify valid single cert (intermediate) */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Verifying valid single certificate...using intermediate cert\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyDma(client, INTERMEDIATE_A_CERT, INTERMEDIATE_A_CERT_len, @@ -367,7 +367,7 @@ int whTest_CertClientDma_ClientServerTestInternal(whClientContext* client) WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* attempt to verify invalid cert (leaf w/o intermediate), should fail */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Attempting to verify invalid single certificate...using leaf cert " "without intermediate\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyDma( @@ -376,7 +376,7 @@ int whTest_CertClientDma_ClientServerTestInternal(whClientContext* client) /* attempt to verify invalid cert (intermediate with different root), * should fail */ - WH_DEBUG_PRINT("Attempting to verify invalid single certificate...using " + WH_TEST_DEBUG_PRINT("Attempting to verify invalid single certificate...using " "intermediate cert with different root\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyDma(client, INTERMEDIATE_B_CERT, INTERMEDIATE_B_CERT_len, @@ -384,19 +384,19 @@ int whTest_CertClientDma_ClientServerTestInternal(whClientContext* client) WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_CERT_VERIFY); /* Verify valid chain */ - WH_DEBUG_PRINT("Verifying valid certificate chain...\n"); + WH_TEST_DEBUG_PRINT("Verifying valid certificate chain...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyDma( client, RAW_CERT_CHAIN_A, RAW_CERT_CHAIN_A_len, rootCertA_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Verify valid chain B */ - WH_DEBUG_PRINT("Verifying valid certificate chain B...\n"); + WH_TEST_DEBUG_PRINT("Verifying valid certificate chain B...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyDma( client, RAW_CERT_CHAIN_B, RAW_CERT_CHAIN_B_len, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* attempt to verify invalid chains, should fail */ - WH_DEBUG_PRINT("Attempting to verify invalid certificate chains...\n"); + WH_TEST_DEBUG_PRINT("Attempting to verify invalid certificate chains...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyDma( client, RAW_CERT_CHAIN_A, RAW_CERT_CHAIN_A_len, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_CERT_VERIFY); @@ -406,7 +406,7 @@ int whTest_CertClientDma_ClientServerTestInternal(whClientContext* client) WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_CERT_VERIFY); /* Test verify with cached leaf public key */ - WH_DEBUG_PRINT("Testing verify with cached leaf public key using DMA...\n"); + WH_TEST_PRINT("Testing verify with cached leaf public key using DMA...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyDmaAndCacheLeafPubKey( client, RAW_CERT_CHAIN_A, RAW_CERT_CHAIN_A_len, rootCertA_id, &out_keyId, &out_rc)); @@ -431,7 +431,7 @@ int whTest_CertClientDma_ClientServerTestInternal(whClientContext* client) 0 == memcmp(exportedPubKey, LEAF_A_PUBKEY, LEAF_A_PUBKEY_len)); /* Clean up - delete the root certificates */ - WH_DEBUG_PRINT("Deleting root certificates...\n"); + WH_TEST_DEBUG_PRINT("Deleting root certificates...\n"); WH_TEST_RETURN_ON_FAIL( wh_Client_CertEraseTrusted(client, rootCertA_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); @@ -440,7 +440,7 @@ int whTest_CertClientDma_ClientServerTestInternal(whClientContext* client) wh_Client_CertEraseTrusted(client, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); - WH_DEBUG_PRINT("Certificate client DMA test completed successfully\n"); + WH_TEST_DEBUG_PRINT("Certificate client DMA test completed successfully\n"); return rc; } @@ -458,42 +458,42 @@ int whTest_CertClientAcertDma_ClientServerTestInternal(whClientContext* client) whNvmId trustedCertId = 1; whNvmId rootCertB_id = 2; - WH_DEBUG_PRINT("Starting attribute certificate client test...\n"); + WH_TEST_DEBUG_PRINT("Starting attribute certificate client test...\n"); /* Initialize certificate manager */ - WH_DEBUG_PRINT("Initializing certificate manager...\n"); + WH_TEST_DEBUG_PRINT("Initializing certificate manager...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertInit(client, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Add trusted certificate to NVM */ - WH_DEBUG_PRINT("Adding trusted certificate to NVM...\n"); + WH_TEST_DEBUG_PRINT("Adding trusted certificate to NVM...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrustedDma( client, trustedCertId, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, caCert_der, caCert_der_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); - WH_DEBUG_PRINT("Adding root certificate B to NVM...\n"); + WH_TEST_DEBUG_PRINT("Adding root certificate B to NVM...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrustedDma( client, rootCertB_id, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_B_CERT, ROOT_B_CERT_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Verify attribute certificate */ - WH_DEBUG_PRINT("Verifying attribute certificate...\n"); + WH_TEST_DEBUG_PRINT("Verifying attribute certificate...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyAcertDma( client, attrCert_der, attrCert_der_len, trustedCertId, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Attempt to verify attribute certificate with different root, should fail */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Attempting to verify attribute certificate with different root...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertVerifyAcertDma( client, attrCert_der, attrCert_der_len, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_CERT_VERIFY); /* Clean up - delete the trusted certificates */ - WH_DEBUG_PRINT("Deleting trusted certificates...\n"); + WH_TEST_DEBUG_PRINT("Deleting trusted certificates...\n"); WH_TEST_RETURN_ON_FAIL( wh_Client_CertEraseTrusted(client, trustedCertId, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); @@ -502,7 +502,7 @@ int whTest_CertClientAcertDma_ClientServerTestInternal(whClientContext* client) wh_Client_CertEraseTrusted(client, rootCertB_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Attribute certificate client test completed successfully\n"); return rc; @@ -520,17 +520,17 @@ static int whTest_CertNonExportable(whClientContext* client) uint8_t cert_buffer[2048] = {0}; uint32_t cert_len = sizeof(cert_buffer); - WH_DEBUG_PRINT("Testing non-exportable certificate functionality...\n"); + WH_TEST_PRINT("Testing non-exportable certificate functionality...\n"); /* Add exportable certificate */ - WH_DEBUG_PRINT("Adding exportable certificate...\n"); + WH_TEST_DEBUG_PRINT("Adding exportable certificate...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrusted( client, exportable_cert_id, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE, NULL, 0, ROOT_A_CERT, ROOT_A_CERT_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Add non-exportable certificate */ - WH_DEBUG_PRINT("Adding non-exportable certificate...\n"); + WH_TEST_DEBUG_PRINT("Adding non-exportable certificate...\n"); WH_TEST_RETURN_ON_FAIL(wh_Client_CertAddTrusted( client, nonexportable_cert_id, WH_NVM_ACCESS_ANY, WH_NVM_FLAGS_IMMUTABLE | WH_NVM_FLAGS_NONEXPORTABLE, NULL, 0, @@ -538,14 +538,14 @@ static int whTest_CertNonExportable(whClientContext* client) WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Test reading exportable certificate - should succeed */ - WH_DEBUG_PRINT("Reading exportable certificate (should succeed)...\n"); + WH_TEST_DEBUG_PRINT("Reading exportable certificate (should succeed)...\n"); cert_len = sizeof(cert_buffer); WH_TEST_RETURN_ON_FAIL(wh_Client_CertReadTrusted( client, exportable_cert_id, cert_buffer, &cert_len, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); /* Test reading non-exportable certificate - should fail */ - WH_DEBUG_PRINT("Reading non-exportable certificate (should fail)...\n"); + WH_TEST_DEBUG_PRINT("Reading non-exportable certificate (should fail)...\n"); cert_len = sizeof(cert_buffer); WH_TEST_RETURN_ON_FAIL(wh_Client_CertReadTrusted( client, nonexportable_cert_id, cert_buffer, &cert_len, &out_rc)); @@ -553,7 +553,7 @@ static int whTest_CertNonExportable(whClientContext* client) #ifdef WOLFHSM_CFG_DMA /* Test DMA variant with non-exportable certificate */ - WH_DEBUG_PRINT( + WH_TEST_DEBUG_PRINT( "Reading non-exportable certificate via DMA (should fail)...\n"); cert_len = sizeof(cert_buffer); WH_TEST_RETURN_ON_FAIL(wh_Client_CertReadTrustedDma( @@ -562,7 +562,7 @@ static int whTest_CertNonExportable(whClientContext* client) #endif /* Clean up - delete the certificates */ - WH_DEBUG_PRINT("Cleaning up certificates...\n"); + WH_TEST_DEBUG_PRINT("Cleaning up certificates...\n"); WH_TEST_RETURN_ON_FAIL( wh_Client_CertEraseTrusted(client, exportable_cert_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); @@ -571,7 +571,7 @@ static int whTest_CertNonExportable(whClientContext* client) wh_Client_CertEraseTrusted(client, nonexportable_cert_id, &out_rc)); WH_TEST_ASSERT_RETURN(out_rc == WH_ERROR_OK); - WH_DEBUG_PRINT("Non-exportable certificate test completed successfully\n"); + WH_TEST_DEBUG_PRINT("Non-exportable certificate test completed successfully\n"); return rc; } @@ -635,7 +635,7 @@ int whTest_CertRamSim(whTestNvmBackendType nvmType) #endif }}; - printf("Testing Server Certificate with RAM sim...\n"); + WH_TEST_PRINT("Testing Server Certificate with RAM sim...\n"); /* Initialize NVM */ WH_TEST_RETURN_ON_FAIL(wh_Nvm_Init(nvm, n_conf)); @@ -647,7 +647,7 @@ int whTest_CertRamSim(whTestNvmBackendType nvmType) /* Run certificate configuration tests */ rc = whTest_CertServerCfg(s_conf); if (rc != WH_ERROR_OK) { - printf("Certificate server config tests failed: %d\n", rc); + WH_ERROR_PRINT("Certificate server config tests failed: %d\n", rc); } /* Cleanup NVM */ diff --git a/test/wh_test_clientserver.c b/test/wh_test_clientserver.c index 3b946ed4..86025f2b 100644 --- a/test/wh_test_clientserver.c +++ b/test/wh_test_clientserver.c @@ -23,6 +23,7 @@ #include "wolfhsm/wh_settings.h" #include "wh_test_common.h" +#include "wh_test_clientserver.h" #include "wolfhsm/wh_error.h" #include "wolfhsm/wh_comm.h" @@ -418,7 +419,7 @@ static int _testClientCounter(whClientContext* client) whNvmId reclaim_objects; #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Testing NVM counters...\n"); + WH_TEST_DEBUG_PRINT("Testing NVM counters...\n"); #endif WH_TEST_RETURN_ON_FAIL(wh_Client_CounterReset(client, counterId, &counter)); @@ -480,7 +481,7 @@ static int _testClientCounter(whClientContext* client) client, &server_rc, &avail_size, &avail_objects, &reclaim_size, &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailable:%d, server_rc:%d, avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailable:%d, server_rc:%d, avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", rc, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -501,7 +502,7 @@ static int _testNonExportableNvmAccess(whClientContext* client) int32_t out_rc = 0; whNvmSize out_len = 0; - printf("Testing non-exportable NVM object access protection...\n"); + WH_TEST_PRINT("Testing non-exportable NVM object access protection...\n"); /* Test 1: Regular NVM Read Protection */ /* Create NVM object with non-exportable flag */ @@ -526,7 +527,7 @@ static int _testNonExportableNvmAccess(whClientContext* client) return -1; } - printf("Non-exportable NVM object read correctly denied\n"); + WH_TEST_DEBUG_PRINT("Non-exportable NVM object read correctly denied\n"); /* Clean up NVM object */ whNvmId destroyList[] = {nvmId}; @@ -566,7 +567,7 @@ static int _testNonExportableNvmAccess(whClientContext* client) return -1; } - printf("Exportable NVM object read succeeded\n"); + WH_TEST_DEBUG_PRINT("Exportable NVM object read succeeded\n"); /* Clean up */ out_rc = 0; @@ -574,7 +575,7 @@ static int _testNonExportableNvmAccess(whClientContext* client) #ifdef WOLFHSM_CFG_DMA /* Test 3: DMA NVM Read Protection */ - printf("Testing DMA NVM read protection...\n"); + WH_TEST_PRINT("Testing DMA NVM read protection...\n"); /* Create NVM object with non-exportable flag */ memcpy(nvmLabel, "NonExportDmaNvmObj", sizeof("NonExportDmaNvmObj")); @@ -601,7 +602,7 @@ static int _testNonExportableNvmAccess(whClientContext* client) return -1; } - printf("Non-exportable NVM object DMA read correctly denied\n"); + WH_TEST_DEBUG_PRINT("Non-exportable NVM object DMA read correctly denied\n"); /* Clean up */ out_rc = 0; @@ -638,14 +639,14 @@ static int _testNonExportableNvmAccess(whClientContext* client) return -1; } - printf("Exportable NVM object DMA read succeeded\n"); + WH_TEST_DEBUG_PRINT("Exportable NVM object DMA read succeeded\n"); /* Clean up */ out_rc = 0; wh_Client_NvmDestroyObjects(client, 1, &nvmId, &out_rc); #endif /* WOLFHSM_CFG_DMA */ - printf("NON-EXPORTABLE NVM ACCESS TEST SUCCESS\n"); + WH_TEST_PRINT("NON-EXPORTABLE NVM ACCESS TEST SUCCESS\n"); return 0; } #endif /* WOLFHSM_CFG_ENABLE_CLIENT */ @@ -889,25 +890,25 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) &boot_state, &lifecycle_state, &nvm_state)); - printf("Server Info: \n - Version:%s\n - Build:%s\n", version, build); - printf(" - cfg_comm_data_len:%u\n", (unsigned int)cfg_comm_data_len); - printf(" - cfg_nvm_object_count:%u\n", (unsigned int)cfg_nvm_object_count); - printf(" - cfg_server_keycache_count:%u\n", + WH_TEST_DEBUG_PRINT("Server Info: \n - Version:%s\n - Build:%s\n", version, build); + WH_TEST_DEBUG_PRINT(" - cfg_comm_data_len:%u\n", (unsigned int)cfg_comm_data_len); + WH_TEST_DEBUG_PRINT(" - cfg_nvm_object_count:%u\n", (unsigned int)cfg_nvm_object_count); + WH_TEST_DEBUG_PRINT(" - cfg_server_keycache_count:%u\n", (unsigned int)cfg_server_keycache_count); - printf(" - cfg_server_keycache_bufsize:%u\n", + WH_TEST_DEBUG_PRINT(" - cfg_server_keycache_bufsize:%u\n", (unsigned int)cfg_server_keycache_bufsize); - printf(" - cfg_server_keycache_bigcount:%u\n", + WH_TEST_DEBUG_PRINT(" - cfg_server_keycache_bigcount:%u\n", (unsigned int)cfg_server_keycache_bigcount); - printf(" - cfg_server_keycache_bigbufsize:%u\n", + WH_TEST_DEBUG_PRINT(" - cfg_server_keycache_bigbufsize:%u\n", (unsigned int)cfg_server_keycache_bigbufsize); - printf(" - cfg_server_customcb_count:%u\n", + WH_TEST_DEBUG_PRINT(" - cfg_server_customcb_count:%u\n", (unsigned int)cfg_server_customcb_count); - printf(" - cfg_server_dmaaddr_count:%u\n", + WH_TEST_DEBUG_PRINT(" - cfg_server_dmaaddr_count:%u\n", (unsigned int)cfg_server_dmaaddr_count); - printf(" - debug_state:%u\n", (unsigned int)debug_state); - printf(" - boot_state:%u\n", (unsigned int)boot_state); - printf(" - lifecycle_state:%u\n", (unsigned int)lifecycle_state); - printf(" - nvm_state:%u\n", (unsigned int)nvm_state); + WH_TEST_DEBUG_PRINT(" - debug_state:%u\n", (unsigned int)debug_state); + WH_TEST_DEBUG_PRINT(" - boot_state:%u\n", (unsigned int)boot_state); + WH_TEST_DEBUG_PRINT(" - lifecycle_state:%u\n", (unsigned int)lifecycle_state); + WH_TEST_DEBUG_PRINT(" - nvm_state:%u\n", (unsigned int)nvm_state); for (counter = 0; counter < REPEAT_COUNT; counter++) { @@ -920,7 +921,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL( wh_Client_EchoRequest(client, send_len, send_buffer)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client EchoRequest:%d, len:%d, %.*s\n", ret, send_len, send_len, + WH_TEST_DEBUG_PRINT("Client EchoRequest:%d, len:%d, %.*s\n", ret, send_len, send_len, send_buffer); #endif @@ -933,14 +934,14 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Server HandleRequestMessage:%d\n", ret); + WH_TEST_DEBUG_PRINT("Server HandleRequestMessage:%d\n", ret); #endif WH_TEST_RETURN_ON_FAIL( wh_Client_EchoResponse(client, &recv_len, recv_buffer)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client EchoResponse:%d, len:%d, %.*s, expected:%.*s\n", ret, + WH_TEST_DEBUG_PRINT("Client EchoResponse:%d, len:%d, %.*s, expected:%.*s\n", ret, recv_len, recv_len, recv_buffer, send_len, send_buffer); #endif WH_TEST_ASSERT_RETURN(recv_len == send_len); @@ -954,7 +955,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) wh_Client_NvmInitResponse(client, &server_rc, &client_id, &server_id)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmInitResponse:%d, server_rc:%d, clientid:%d serverid:%d\n", + WH_TEST_DEBUG_PRINT("Client NvmInitResponse:%d, server_rc:%d, clientid:%d serverid:%d\n", ret, (int)server_rc, (int)client_id, (int)server_id); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -966,7 +967,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) client, &server_rc, &avail_size, &avail_objects, &reclaim_size, &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailableResponse:%d, server_rc:%d avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailableResponse:%d, server_rc:%d avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -997,7 +998,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) id, counter); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmAddObjectRequest:%d, id:%u, access:0x%x, flags:0x%x, " + WH_TEST_DEBUG_PRINT("Client NvmAddObjectRequest:%d, id:%u, access:0x%x, flags:0x%x, " "len:%u label:%s\nData:%s\n", ret, id, access, flags, len, label, send_buffer); #endif @@ -1011,7 +1012,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL( wh_Client_NvmAddObjectResponse(client, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmAddObjectResponse:%d, server_rc:%d\n", ret, + WH_TEST_DEBUG_PRINT("Client NvmAddObjectResponse:%d, server_rc:%d\n", ret, (int)server_rc); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -1022,7 +1023,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) client, &server_rc, &avail_size, &avail_objects, &reclaim_size, &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailableResponse:%d, server_rc:%d, avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailableResponse:%d, server_rc:%d, avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -1038,7 +1039,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) client, &server_rc, &gid, &gaccess, &gflags, &glen, sizeof(glabel), (uint8_t*)glabel)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetMetadataResponse:%d, id:%u, access:0x%x, " + WH_TEST_DEBUG_PRINT("Client NvmGetMetadataResponse:%d, id:%u, access:0x%x, " "flags:0x%x, len:%u label:%s\n", ret, gid, gaccess, gflags, glen, glabel); #endif @@ -1053,7 +1054,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL(wh_Client_NvmReadResponse( client, &server_rc, &rlen, (uint8_t*)recv_buffer)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf( + WH_TEST_DEBUG_PRINT( "Client NvmReadResponse:%d, server_rc:%d id:%u, len:%u data:%s\n", ret, (int)server_rc, (unsigned int)gid, (unsigned int)rlen, recv_buffer); #endif @@ -1079,7 +1080,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL(wh_Client_NvmListResponse( client, &server_rc, &list_count, &list_id)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmListResponse:%d, server_rc:%d count:%u id:%u\n", ret, + WH_TEST_DEBUG_PRINT("Client NvmListResponse:%d, server_rc:%d count:%u id:%u\n", ret, (int)server_rc, (unsigned int)list_count, (unsigned int)list_id); #endif @@ -1094,7 +1095,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL( wh_Client_NvmDestroyObjectsResponse(client, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmDestroyObjectsResponse:%d, server_rc:%d for " + WH_TEST_DEBUG_PRINT("Client NvmDestroyObjectsResponse:%d, server_rc:%d for " "id:%u with count:%u\n", ret, (int)server_rc, (unsigned int)list_id, (unsigned int)list_count); #endif @@ -1109,7 +1110,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_ASSERT_RETURN(WH_ERROR_NOTFOUND == server_rc); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmListResponse:%d, server_rc:%d count:%u id:%u\n", + WH_TEST_DEBUG_PRINT("Client NvmListResponse:%d, server_rc:%d count:%u id:%u\n", ret, (int)server_rc, (unsigned int)list_count, (unsigned int)list_id); #endif @@ -1150,7 +1151,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) meta.id, counter); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmAddObjectDmaRequest:%d, id:%u, access:0x%x, " + WH_TEST_DEBUG_PRINT("Client NvmAddObjectDmaRequest:%d, id:%u, access:0x%x, " "flags:0x%x, len:%u label:%s\nData:%s\n", ret, meta.id, meta.access, meta.flags, len, meta.label, send_buffer); @@ -1164,7 +1165,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL( wh_Client_NvmAddObjectDmaResponse(client, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmAddObjectDmaResponse:%d, server_rc:%d, meta.len:%u\n", + WH_TEST_DEBUG_PRINT("Client NvmAddObjectDmaResponse:%d, server_rc:%d, meta.len:%u\n", ret, (int)server_rc, (unsigned int)meta.len); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -1175,7 +1176,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) client, &server_rc, &avail_size, &avail_objects, &reclaim_size, &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailableResponse:%d, server_rc:%d, avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailableResponse:%d, server_rc:%d, avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -1189,7 +1190,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) client, &server_rc, &gid, &gaccess, &gflags, &glen, sizeof(glabel), (uint8_t*)glabel)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetMetadataResponse:%d, id:%u, access:0x%x, " + WH_TEST_DEBUG_PRINT("Client NvmGetMetadataResponse:%d, id:%u, access:0x%x, " "flags:0x%x, len:%u label:%s\n", ret, gid, gaccess, gflags, glen, glabel); #endif @@ -1205,7 +1206,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL( wh_Client_NvmReadDmaResponse(client, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmReadDmaResponse:%d, server_rc:%d id:%u, len:%u " + WH_TEST_DEBUG_PRINT("Client NvmReadDmaResponse:%d, server_rc:%d id:%u, len:%u " "data:%s\n", ret, (int)server_rc, (unsigned int)gid, (unsigned int)glen, recv_buffer); #endif @@ -1224,7 +1225,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL(wh_Client_NvmListResponse( client, &server_rc, &list_count, &list_id)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmListResponse:%d, server_rc:%d count:%u id:%u\n", ret, + WH_TEST_DEBUG_PRINT("Client NvmListResponse:%d, server_rc:%d count:%u id:%u\n", ret, (int)server_rc, (unsigned int)list_count, (unsigned int)list_id); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -1242,7 +1243,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmDestroyObjectsResponse:%d, server_rc:%d for " + WH_TEST_DEBUG_PRINT("Client NvmDestroyObjectsResponse:%d, server_rc:%d for " "id:%u with count:%u\n", ret, (int)server_rc, (unsigned int)list_id, (unsigned int)list_count); #endif @@ -1264,7 +1265,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server)); WH_TEST_RETURN_ON_FAIL(wh_Client_NvmCleanupResponse(client, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmCleanupResponse:%d, server_rc:%d\n", ret, (int)server_rc); + WH_TEST_DEBUG_PRINT("Client NvmCleanupResponse:%d, server_rc:%d\n", ret, (int)server_rc); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -1274,7 +1275,7 @@ int whTest_ClientServerSequential(whTestNvmBackendType nvmType) client, &server_rc, &avail_size, &avail_objects, &reclaim_size, &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailableResponse:%d, server_rc:%d, avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailableResponse:%d, server_rc:%d, avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -1357,7 +1358,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) WH_TEST_RETURN_ON_FAIL(ret = wh_Client_Echo(client, send_len, send_buffer, &recv_len, recv_buffer)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client Echo:%d, len:%d, %.*s, expected:%.*s\n", + WH_TEST_DEBUG_PRINT("Client Echo:%d, len:%d, %.*s, expected:%.*s\n", ret, recv_len, recv_len, recv_buffer, send_len, send_buffer); #endif WH_TEST_ASSERT_RETURN( recv_len == send_len); @@ -1374,7 +1375,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailable:%d, server_rc:%d avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailable:%d, server_rc:%d avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -1411,7 +1412,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) (uint8_t*)send_buffer, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmAddObject:%d, server_rc:%d\n", ret, + WH_TEST_DEBUG_PRINT("Client NvmAddObject:%d, server_rc:%d\n", ret, (int)server_rc); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -1421,7 +1422,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailable:%d, server_rc:%d, avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailable:%d, server_rc:%d, avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -1437,7 +1438,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) sizeof(glabel), (uint8_t*)glabel)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetMetadata:%d, id:%u, access:0x%x, " + WH_TEST_DEBUG_PRINT("Client NvmGetMetadata:%d, id:%u, access:0x%x, " "flags:0x%x, len:%u label:%s\n", ret, gid, gaccess, gflags, glen, glabel); #endif @@ -1452,7 +1453,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) (uint8_t*)recv_buffer)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf( + WH_TEST_DEBUG_PRINT( "Client NvmRead:%d, server_rc:%d id:%u, len:%u data:%s\n", ret, (int)server_rc, (unsigned int)gid, (unsigned int)rlen, recv_buffer); #endif @@ -1473,7 +1474,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) ret = wh_Client_NvmList(client, list_access, list_flags, list_id, &server_rc, &list_count, &list_id)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmList:%d, server_rc:%d count:%u id:%u\n", ret, + WH_TEST_DEBUG_PRINT("Client NvmList:%d, server_rc:%d count:%u id:%u\n", ret, (int)server_rc, (unsigned int)list_count, (unsigned int)list_id); #endif @@ -1486,7 +1487,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) ret = wh_Client_NvmDestroyObjects(client, 1, &list_id, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmDestroyObjects:%d, server_rc:%d for " + WH_TEST_DEBUG_PRINT("Client NvmDestroyObjects:%d, server_rc:%d for " "id:%u with count:%u\n", ret, (int)server_rc, (unsigned int)list_id, (unsigned int)list_count); #endif @@ -1497,7 +1498,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) WH_TEST_ASSERT_RETURN(WH_ERROR_NOTFOUND == server_rc); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetMetadata:%d, server_rc:%d count:%u id:%u\n", + WH_TEST_DEBUG_PRINT("Client NvmGetMetadata:%d, server_rc:%d count:%u id:%u\n", ret, (int)server_rc, (unsigned int)list_count, (unsigned int)list_id); #endif @@ -1540,7 +1541,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) WH_TEST_RETURN_ON_FAIL(ret = wh_Client_NvmAddObjectDma(client, &meta, len, (uint8_t*)send_buffer, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmAddObjectDma:%d, server_rc:%d, meta.len:%u\n", + WH_TEST_DEBUG_PRINT("Client NvmAddObjectDma:%d, server_rc:%d, meta.len:%u\n", ret, (int)server_rc, meta.len); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -1548,7 +1549,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) WH_TEST_RETURN_ON_FAIL(ret = wh_Client_NvmGetAvailable(client, &server_rc, &avail_size, &avail_objects, &reclaim_size, &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailable:%d, server_rc:%d, avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailable:%d, server_rc:%d, avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -1558,7 +1559,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) WH_TEST_RETURN_ON_FAIL(ret = wh_Client_NvmGetMetadata(client, meta.id, &server_rc, &gid, &gaccess, &gflags, &glen, sizeof(glabel), (uint8_t*)glabel)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetMetadata:%d, id:%u, access:0x%x, " + WH_TEST_DEBUG_PRINT("Client NvmGetMetadata:%d, id:%u, access:0x%x, " "flags:0x%x, len:%u label:%s\n", ret, (unsigned int)gid, (unsigned int)gaccess, (unsigned int)gflags, (unsigned int)glen, glabel); #endif @@ -1572,7 +1573,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) ret = wh_Client_NvmReadDma(client, meta.id, 0, glen, (uint8_t*)recv_buffer, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmReadDma:%d, server_rc:%d id:%u, len:%u " + WH_TEST_DEBUG_PRINT("Client NvmReadDma:%d, server_rc:%d id:%u, len:%u " "data:%s\n", ret, (int)server_rc, (unsigned int)gid, (unsigned int)glen, recv_buffer); #endif @@ -1589,7 +1590,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) ret = wh_Client_NvmList(client, list_access, list_flags, list_id, &server_rc, &list_count, &list_id)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmList:%d, server_rc:%d count:%u id:%u\n", ret, + WH_TEST_DEBUG_PRINT("Client NvmList:%d, server_rc:%d count:%u id:%u\n", ret, (int)server_rc, (unsigned int)list_count, (unsigned int)list_id); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -1605,7 +1606,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmDestroyObjects:%d, server_rc:%d for " + WH_TEST_DEBUG_PRINT("Client NvmDestroyObjects:%d, server_rc:%d for " "id:%u with count:%u\n", ret, (int)server_rc, (unsigned int)list_id, (unsigned int)list_count); #endif @@ -1621,7 +1622,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) WH_TEST_RETURN_ON_FAIL(ret = wh_Client_NvmCleanup(client, &server_rc)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmCleanup:%d, server_rc:%d\n", ret, (int)server_rc); + WH_TEST_DEBUG_PRINT("Client NvmCleanup:%d, server_rc:%d\n", ret, (int)server_rc); #endif WH_TEST_ASSERT_RETURN(server_rc == WH_ERROR_OK); @@ -1630,7 +1631,7 @@ int whTest_ClientServerClientConfig(whClientConfig* clientCfg) client, &server_rc, &avail_size, &avail_objects, &reclaim_size, &reclaim_objects)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client NvmGetAvailable:%d, server_rc:%d, avail_size:%d " + WH_TEST_DEBUG_PRINT("Client NvmGetAvailable:%d, server_rc:%d, avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -1932,29 +1933,29 @@ static int wh_ClientServer_PosixMemMapThreadTest(whTestNvmBackendType nvmType) #if defined(WOLFHSM_CFG_ENABLE_CLIENT) && defined(WOLFHSM_CFG_ENABLE_SERVER) int whTest_ClientServer(void) { - printf("Testing client/server sequential: mem...\n"); + WH_TEST_PRINT("Testing client/server sequential: mem...\n"); WH_TEST_ASSERT(0 == whTest_ClientServerSequential(WH_NVM_TEST_BACKEND_FLASH)); #if defined(WOLFHSM_CFG_SERVER_NVM_FLASH_LOG) - printf("Testing client/server sequential: mem + flash log...\n"); + WH_TEST_PRINT("Testing client/server sequential: mem + flash log...\n"); WH_TEST_ASSERT(0 == whTest_ClientServerSequential(WH_NVM_TEST_BACKEND_FLASH_LOG)); #endif /* defined(WOLFHSM_CFG_SERVER_NVM_FLASH_LOG) */ #if defined(WOLFHSM_CFG_TEST_POSIX) - printf("Testing client/server: (pthread) mem...\n"); + WH_TEST_PRINT("Testing client/server: (pthread) mem...\n"); WH_TEST_ASSERT(0 == wh_ClientServer_MemThreadTest(WH_NVM_TEST_BACKEND_FLASH)); - printf("Testing client/server: (pthread) POSIX shared memory ...\n"); + WH_TEST_PRINT("Testing client/server: (pthread) POSIX shared memory ...\n"); WH_TEST_ASSERT( 0 == wh_ClientServer_PosixMemMapThreadTest(WH_NVM_TEST_BACKEND_FLASH)); #if defined(WOLFHSM_CFG_SERVER_NVM_FLASH_LOG) - printf("Testing client/server: (pthread) mem + flash log...\n"); + WH_TEST_PRINT("Testing client/server: (pthread) mem + flash log...\n"); WH_TEST_ASSERT(0 == wh_ClientServer_MemThreadTest(WH_NVM_TEST_BACKEND_FLASH_LOG)); - printf("Testing client/server: (pthread) POSIX shared memory + flash " + WH_TEST_PRINT("Testing client/server: (pthread) POSIX shared memory + flash " "log...\n"); WH_TEST_ASSERT( 0 == wh_ClientServer_PosixMemMapThreadTest(WH_NVM_TEST_BACKEND_FLASH_LOG)); diff --git a/test/wh_test_comm.c b/test/wh_test_comm.c index d5678ed3..1a6f5be6 100644 --- a/test/wh_test_comm.c +++ b/test/wh_test_comm.c @@ -137,10 +137,8 @@ int whTest_CommMem(void) WH_TEST_RETURN_ON_FAIL( wh_CommClient_SendRequest(client, tx_req_flags, tx_req_type, &tx_req_seq, tx_req_len, tx_req)); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client SendRequest:%d, flags %x, type:%x, seq:%d, len:%d, %s\n", + WH_TEST_DEBUG_PRINT("Client SendRequest:%d, flags %x, type:%x, seq:%d, len:%d, %s\n", ret, tx_req_flags, tx_req_type, tx_req_seq, tx_req_len, tx_req); -#endif if (counter == 0) { WH_TEST_ASSERT_RETURN(WH_ERROR_NOTREADY == @@ -158,10 +156,8 @@ int whTest_CommMem(void) wh_CommServer_RecvRequest(server, &rx_req_flags, &rx_req_type, &rx_req_seq, &rx_req_len, rx_req)); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Server RecvRequest:%d, flags %x, type:%x, seq:%d, len:%d, %s\n", + WH_TEST_DEBUG_PRINT("Server RecvRequest:%d, flags %x, type:%x, seq:%d, len:%d, %s\n", ret, rx_req_flags, rx_req_type, rx_req_seq, rx_req_len, rx_req); -#endif snprintf((char*)tx_resp, sizeof(tx_resp), "Response:%s", rx_req); tx_resp_len = strlen((char*)tx_resp); @@ -172,22 +168,18 @@ int whTest_CommMem(void) return ret; } -#if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf( + WH_TEST_DEBUG_PRINT( "Server SendResponse:%d, flags %x, type:%x, seq:%d, len:%d, %s\n", ret, rx_req_flags, rx_req_type, rx_req_seq, tx_resp_len, tx_resp); -#endif WH_TEST_RETURN_ON_FAIL( wh_CommClient_RecvResponse(client, &rx_resp_flags, &rx_resp_type, &rx_resp_seq, &rx_resp_len, rx_resp)); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf( + WH_TEST_DEBUG_PRINT( "Client RecvResponse:%d, flags %x, type:%x, seq:%d, len:%d, %s\n", ret, rx_resp_flags, rx_resp_type, rx_resp_seq, rx_resp_len, rx_resp); -#endif } WH_TEST_RETURN_ON_FAIL(wh_CommServer_Cleanup(server)); @@ -234,18 +226,16 @@ static void* _whCommClientTask(void* cf) &tx_req_seq, tx_req_len, tx_req); WH_TEST_ASSERT_MSG((ret == WH_ERROR_NOTREADY) || (0 == ret), "Client SendRequest: ret=%d", ret); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) if(ret != WH_ERROR_NOTREADY) { - printf("Client SendRequest:%d, flags %x, type:%x, seq:%d, len:%d, " + WH_TEST_DEBUG_PRINT("Client SendRequest:%d, flags %x, type:%x, seq:%d, len:%d, " "%s\n", ret, tx_req_flags, tx_req_type, tx_req_seq, tx_req_len, tx_req); } -#endif } while ((ret == WH_ERROR_NOTREADY) && (nanosleep(&ONE_MS, NULL) == 0)); if (ret != 0) { - printf("Client had failure. Exiting\n"); + WH_TEST_DEBUG_PRINT("Client had failure. Exiting\n"); break; } @@ -255,18 +245,16 @@ static void* _whCommClientTask(void* cf) &rx_resp_len, rx_resp); WH_TEST_ASSERT_MSG((ret == WH_ERROR_NOTREADY) || (0 == ret), "Client RecvResponse: ret=%d", ret); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) if(ret != WH_ERROR_NOTREADY) { - printf("Client RecvResponse:%d, flags %x, type:%x, seq:%d, len:%d, " + WH_TEST_DEBUG_PRINT("Client RecvResponse:%d, flags %x, type:%x, seq:%d, len:%d, " "%s\n", ret, rx_resp_flags, rx_resp_type, rx_resp_seq, rx_resp_len, rx_resp); } -#endif } while ((ret == WH_ERROR_NOTREADY) && (nanosleep(&ONE_MS, NULL) == 0)); if (ret != 0) { - printf("Client had failure. Exiting\n"); + WH_TEST_DEBUG_PRINT("Client had failure. Exiting\n"); break; } } @@ -304,18 +292,16 @@ static void* _whCommServerTask(void* cf) WH_TEST_ASSERT_MSG((ret == WH_ERROR_NOTREADY) || (0 == ret), "Server RecvRequest: ret=%d", ret); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) - if(ret != WH_ERROR_NOTREADY) { - printf("Server RecvRequest:%d, flags %x, type:%x, seq:%d, len:%d, " + if(ret != WH_ERROR_NOTREADY) { + WH_TEST_DEBUG_PRINT("Server RecvRequest:%d, flags %x, type:%x, seq:%d, len:%d, " "%s\n", ret, rx_req_flags, rx_req_type, rx_req_seq, rx_req_len, rx_req); - } -#endif + } } while ((ret == WH_ERROR_NOTREADY) && (nanosleep(&ONE_MS, NULL) == 0)); if (ret != 0) { - printf("Server had failure. Exiting\n"); + WH_TEST_DEBUG_PRINT("Server had failure. Exiting\n"); break; } @@ -328,18 +314,16 @@ static void* _whCommServerTask(void* cf) WH_TEST_ASSERT_MSG((ret == WH_ERROR_NOTREADY) || (0 == ret), "Server SendResponse: ret=%d", ret); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) if(ret != WH_ERROR_NOTREADY) { - printf("Server SendResponse:%d, flags %x, type:%x, seq:%d, len:%d, " + WH_TEST_DEBUG_PRINT("Server SendResponse:%d, flags %x, type:%x, seq:%d, len:%d, " "%s\n", ret, rx_req_flags, rx_req_type, rx_req_seq, tx_resp_len, tx_resp); } -#endif } while ((ret == WH_ERROR_NOTREADY) && (nanosleep(&ONE_MS, NULL) == 0)); if (ret != 0) { - printf("Server had failure. Exiting\n"); + WH_TEST_DEBUG_PRINT("Server had failure. Exiting\n"); break; } } @@ -363,15 +347,11 @@ static void _whCommClientServerThreadTest(whCommClientConfig* c_conf, int rc = 0; rc = pthread_create(&sthread, NULL, _whCommServerTask, s_conf); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Server thread create:%d\n", rc); -#endif + WH_TEST_DEBUG_PRINT("Server thread create:%d\n", rc); if (rc == 0) { rc = pthread_create(&cthread, NULL, _whCommClientTask, c_conf); -#if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("Client thread create:%d\n", rc); -#endif + WH_TEST_DEBUG_PRINT("Client thread create:%d\n", rc); if (rc == 0) { /* All good. Block on joining */ @@ -497,17 +477,17 @@ void wh_CommClientServer_TcpThreadTest(void) #if defined(WOLFHSM_CFG_ENABLE_CLIENT) && defined(WOLFHSM_CFG_ENABLE_SERVER) int whTest_Comm(void) { - printf("Testing comms: mem...\n"); + WH_TEST_PRINT("Testing comms: mem...\n"); WH_TEST_ASSERT(0 == whTest_CommMem()); #if defined(WOLFHSM_CFG_TEST_POSIX) - printf("Testing comms: (pthread) mem...\n"); + WH_TEST_PRINT("Testing comms: (pthread) mem...\n"); wh_CommClientServer_MemThreadTest(); - printf("Testing comms: (pthread) tcp...\n"); + WH_TEST_PRINT("Testing comms: (pthread) tcp...\n"); wh_CommClientServer_TcpThreadTest(); - printf("Testing comms: (pthread) posix mem...\n"); + WH_TEST_PRINT("Testing comms: (pthread) posix mem...\n"); wh_CommClientServer_ShMemThreadTest(); #endif /* defined(WOLFHSM_CFG_TEST_POSIX) */ diff --git a/test/wh_test_common.h b/test/wh_test_common.h index 792ec36b..dcf2d964 100644 --- a/test/wh_test_common.h +++ b/test/wh_test_common.h @@ -35,31 +35,36 @@ #define WH_TEST_SUCCESS (0) #define WH_TEST_DEFAULT_CLIENT_ID (1) -/* Helper macro to print a message with caller source file info */ +/* Test-specific print macro that always prints (replacement for printf in tests) + * This internally uses WOLFHSM_CFG_PRINTF for consistency */ +#define WH_TEST_PRINT WOLFHSM_CFG_PRINTF + +/* Test-specific debug print with function and line info + * This internally uses WOLFHSM_CFG_PRINTF for consistency */ #ifdef WOLFHSM_CFG_TEST_VERBOSE #if !defined(__CCRH__) -#define WH_DEBUG_PRINT(fmt, ...) \ - printf("[%s:%d]: " fmt, __func__, __LINE__, ##__VA_ARGS__) +#define WH_TEST_DEBUG_PRINT(fmt, ...) \ + WOLFHSM_CFG_PRINTF("[%s:%d]: " fmt, __func__, __LINE__, ##__VA_ARGS__) #else -#define WH_DEBUG_PRINT(...) WH_DEBUG_PRINT2(__VA_ARGS__, "") -#define WH_DEBUG_PRINT2(fmt, ...) \ - printf("[%s:%d]: " fmt, __func__, __LINE__, ##__VA_ARGS__) +#define WH_TEST_DEBUG_PRINT(...) WH_TEST_DEBUG_PRINT2(__VA_ARGS__, "") +#define WH_TEST_DEBUG_PRINT2(fmt, ...) \ + WOLFHSM_CFG_PRINTF("[%s:%d]: " fmt, __func__, __LINE__, ##__VA_ARGS__) #endif #else -#define WH_DEBUG_PRINT(...) \ +#define WH_TEST_DEBUG_PRINT(...) \ do { \ } while (0) #endif /* Helper macro to print a message, prefixed by ERROR, along with caller source * file info */ - #if !defined(__CCRH__) +#if !defined(__CCRH__) #define WH_ERROR_PRINT(fmt, ...) \ - printf("ERROR [%s:%d]: " fmt, __func__, __LINE__, ##__VA_ARGS__) + WOLFHSM_CFG_PRINTF("ERROR [%s:%d]: " fmt, __func__, __LINE__, ##__VA_ARGS__) #else #define WH_ERROR_PRINT(...) WH_ERROR_PRINT2(__VA_ARGS__, "") #define WH_ERROR_PRINT2(fmt, ...) \ - printf("[%s:%d]: " fmt, __func__, __LINE__, ##__VA_ARGS__) + WOLFHSM_CFG_PRINTF("ERROR [%s:%d]: " fmt, __func__, __LINE__, ##__VA_ARGS__) #endif /* * Helper macro for test error propagation @@ -104,7 +109,7 @@ #define WH_TEST_ASSERT_MSG(condition, message, ...) \ do { \ if (!(condition)) { \ - printf("\n\n***TEST FAILURE***\nin %s:%s():%d: " message "\n", \ + WOLFHSM_CFG_PRINTF("\n\n***TEST FAILURE***\nin %s:%s():%d: " message "\n", \ __FILE__, __func__, __LINE__, ##__VA_ARGS__); \ WH_TEST_ASSERT(condition); \ } \ diff --git a/test/wh_test_crypto.c b/test/wh_test_crypto.c index 63302065..74ca5d96 100644 --- a/test/wh_test_crypto.c +++ b/test/wh_test_crypto.c @@ -116,7 +116,7 @@ static int whTest_ShowNvmAvailable(whClientContext* ctx) if (ret != 0) { WH_ERROR_PRINT("Failed to get available NVM status\n"); } else { - printf("CRYPTO TEST NVM STATUS: NvmGetAvailable:%d, server_rc:%d " + WH_TEST_DEBUG_PRINT("CRYPTO TEST NVM STATUS: NvmGetAvailable:%d, server_rc:%d " "avail_size:%d avail_objects:%d, reclaim_size:%d " "reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, @@ -163,7 +163,7 @@ static int whTest_CryptoRng(whClientContext* ctx, int devId, WC_RNG* rng) } } if (ret == 0) { - printf("RNG DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("RNG DEVID=0x%X SUCCESS\n", devId); } return ret; } @@ -301,7 +301,7 @@ static int whTest_CryptoRsa(whClientContext* ctx, int devId, WC_RNG* rng) (void)wh_Client_KeyEvict(ctx, keyId); } if (ret == 0) { - printf("RSA SUCCESS\n"); + WH_TEST_PRINT("RSA SUCCESS\n"); } return ret; } @@ -350,7 +350,7 @@ static int whTest_CryptoEcc(whClientContext* ctx, int devId, WC_RNG* rng) ret); } else { if (memcmp(shared_ab, shared_ba, secLen) == 0) { - printf("ECDH SUCCESS\n"); + WH_TEST_PRINT("ECDH SUCCESS\n"); } else { WH_ERROR_PRINT("ECDH FAILED TO MATCH\n"); @@ -379,7 +379,7 @@ static int whTest_CryptoEcc(whClientContext* ctx, int devId, WC_RNG* rng) } else { if (res == 1) { - printf("ECC SIGN/VERIFY SUCCESS\n"); + WH_TEST_PRINT("ECC SIGN/VERIFY SUCCESS\n"); } else { WH_ERROR_PRINT("ECC SIGN/VERIFY FAIL\n"); @@ -566,7 +566,7 @@ static int whTest_CryptoCurve25519(whClientContext* ctx, int devId, WC_RNG* rng) } } if (ret == 0) { - printf("CURVE25519 SUCCESS\n"); + WH_TEST_PRINT("CURVE25519 SUCCESS\n"); } return ret; } @@ -680,7 +680,7 @@ static int whTest_CryptoSha256(whClientContext* ctx, int devId, WC_RNG* rng) } } if (ret == 0) { - printf("SHA256 DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("SHA256 DEVID=0x%X SUCCESS\n", devId); } return ret; } @@ -796,7 +796,7 @@ static int whTest_CryptoSha224(whClientContext* ctx, int devId, WC_RNG* rng) } } if (ret == 0) { - printf("SHA224 DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("SHA224 DEVID=0x%X SUCCESS\n", devId); } return ret; } @@ -917,7 +917,7 @@ static int whTest_CryptoSha384(whClientContext* ctx, int devId, WC_RNG* rng) } } if (ret == 0) { - printf("SHA384 DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("SHA384 DEVID=0x%X SUCCESS\n", devId); } return ret; } @@ -1042,7 +1042,7 @@ static int whTest_CryptoSha512(whClientContext* ctx, int devId, WC_RNG* rng) } } if (ret == 0) { - printf("SHA512 DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("SHA512 DEVID=0x%X SUCCESS\n", devId); } return ret; } @@ -1236,7 +1236,7 @@ static int whTest_CryptoHkdf(whClientContext* ctx, int devId, WC_RNG* rng) } } - printf("HKDF SUCCESS\n"); + WH_TEST_PRINT("HKDF SUCCESS\n"); return 0; } #endif /* HAVE_HKDF */ @@ -1423,7 +1423,7 @@ static int whTest_CryptoCmacKdf(whClientContext* ctx, int devId, WC_RNG* rng) return ret; } - printf("CMAC KDF SUCCESS\n"); + WH_TEST_PRINT("CMAC KDF SUCCESS\n"); return 0; } #endif /* HAVE_CMAC_KDF */ @@ -1521,7 +1521,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != 0) { WH_ERROR_PRINT("Failed to Test CacheExportKey %d\n", ret); } else { - printf("KEY CACHE/EXPORT SUCCESS\n"); + WH_TEST_PRINT("KEY CACHE/EXPORT SUCCESS\n"); } } #ifdef WOLFHSM_CFG_IS_TEST_SERVER @@ -1581,7 +1581,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng) ret = -1; } else { - printf("KEY CACHE USER EXCLUSION SUCCESS\n"); + WH_TEST_PRINT("KEY CACHE USER EXCLUSION SUCCESS\n"); } } } @@ -1601,7 +1601,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng) if (ret != WH_ERROR_NOTFOUND) { WH_ERROR_PRINT("Failed to not find evicted key %d\n", ret); } else { - printf("KEY CACHE EVICT SUCCESS\n"); + WH_TEST_PRINT("KEY CACHE EVICT SUCCESS\n"); ret = 0; } } @@ -1671,7 +1671,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng) } } if (ret == 0) { - printf("KEY COMMIT/ERASE SUCCESS\n"); + WH_TEST_PRINT("KEY COMMIT/ERASE SUCCESS\n"); } } @@ -1846,7 +1846,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng) } if (ret == 0) { - printf("KEY CROSS-CACHE EVICTION AND REPLACEMENT SUCCESS\n"); + WH_TEST_PRINT("KEY CROSS-CACHE EVICTION AND REPLACEMENT SUCCESS\n"); } } @@ -1866,7 +1866,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng) WH_ERROR_PRINT("Failed to wh_Client_KeyEvict %d\n", ret); } else { - printf("KEY CACHE/EXPORT DMA SUCCESS\n"); + WH_TEST_PRINT("KEY CACHE/EXPORT DMA SUCCESS\n"); } } } @@ -2046,7 +2046,7 @@ static int whTest_KeyCache(whClientContext* ctx, int devId, WC_RNG* rng) } if (ret == 0) { - printf("KEY CROSS-CACHE EVICTION AND REPLACEMENT DMA SUCCESS\n"); + WH_TEST_PRINT("KEY CROSS-CACHE EVICTION AND REPLACEMENT DMA SUCCESS\n"); } } #endif /* WOLFHSM_CFG_DMA */ @@ -2071,7 +2071,7 @@ static int whTest_NonExportableKeystore(whClientContext* ctx, int devId, uint8_t exportedLabel[WH_NVM_LABEL_LEN] = {0}; uint16_t exportedKeySize; - printf("Testing non-exportable keystore enforcement...\n"); + WH_TEST_PRINT("Testing non-exportable keystore enforcement...\n"); /* Test 1: Cache a key with non-exportable flag and try to export it */ ret = wh_Client_KeyCache(ctx, WH_NVM_FLAGS_NONEXPORTABLE, label, @@ -2091,7 +2091,7 @@ static int whTest_NonExportableKeystore(whClientContext* ctx, int devId, return -1; } - printf("Non-exportable key export correctly denied\n"); + WH_TEST_DEBUG_PRINT("Non-exportable key export correctly denied\n"); /* Clean up the key */ wh_Client_KeyEvict(ctx, keyId); @@ -2123,14 +2123,14 @@ static int whTest_NonExportableKeystore(whClientContext* ctx, int devId, return -1; } - printf("Exportable key export succeeded\n"); + WH_TEST_DEBUG_PRINT("Exportable key export succeeded\n"); /* Clean up */ wh_Client_KeyEvict(ctx, keyId); #ifdef WOLFHSM_CFG_DMA /* Test 3: Test DMA export with non-exportable key */ - printf("Testing DMA key export protection...\n"); + WH_TEST_PRINT("Testing DMA key export protection...\n"); /* Cache a key with non-exportable flag */ keyId = WH_KEYID_ERASED; @@ -2153,7 +2153,7 @@ static int whTest_NonExportableKeystore(whClientContext* ctx, int devId, return -1; } - printf("Non-exportable key DMA export correctly denied\n"); + WH_TEST_DEBUG_PRINT("Non-exportable key DMA export correctly denied\n"); /* Clean up the key */ wh_Client_KeyEvict(ctx, keyId); @@ -2188,13 +2188,13 @@ static int whTest_NonExportableKeystore(whClientContext* ctx, int devId, return -1; } - printf("Exportable key DMA export succeeded\n"); + WH_TEST_DEBUG_PRINT("Exportable key DMA export succeeded\n"); /* Clean up */ wh_Client_KeyEvict(ctx, keyId); #endif /* WOLFHSM_CFG_DMA */ - printf("NON-EXPORTABLE KEYSTORE TEST SUCCESS\n"); + WH_TEST_PRINT("NON-EXPORTABLE KEYSTORE TEST SUCCESS\n"); return 0; } @@ -2338,7 +2338,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) memset(plainOut, 0, sizeof(plainOut)); } if (ret == 0) { - printf("AES CTR DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("AES CTR DEVID=0x%X SUCCESS\n", devId); } } #endif @@ -2452,7 +2452,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) memset(plainOut, 0, sizeof(plainOut)); } if (ret == 0) { - printf("AES ECB DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("AES ECB DEVID=0x%X SUCCESS\n", devId); } } #endif /* HAVE_AES_ECB */ @@ -2562,7 +2562,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) memset(plainOut, 0, sizeof(plainOut)); } if (ret == 0) { - printf("AES CBC DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("AES CBC DEVID=0x%X SUCCESS\n", devId); } } #endif /* HAVE_AES_CBC */ @@ -2665,7 +2665,7 @@ static int whTestCrypto_Aes(whClientContext* ctx, int devId, WC_RNG* rng) memset(authTag, 0, sizeof(authTag)); } if (ret == 0) { - printf("AES GCM DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("AES GCM DEVID=0x%X SUCCESS\n", devId); } } #endif /* HAVE_AES_GCM */ @@ -3009,7 +3009,7 @@ static int whTestCrypto_Cmac(whClientContext* ctx, int devId, WC_RNG* rng) } #endif /* WOLFHSM_CFG_CANCEL_API */ if (ret == 0) { - printf("CMAC DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("CMAC DEVID=0x%X SUCCESS\n", devId); } return ret; } @@ -3099,7 +3099,7 @@ static int whTestCrypto_MlDsaWolfCrypt(whClientContext* ctx, int devId, ret = -1; } else { - printf("ML-DSA DEVID=0x%X SUCCESS\n", devId); + WH_TEST_PRINT("ML-DSA DEVID=0x%X SUCCESS\n", devId); } } @@ -3263,7 +3263,7 @@ static int whTestCrypto_MlDsaDmaClient(whClientContext* ctx, int devId, if (ret == 0) { - printf("ML-DSA Client DMA API SUCCESS\n"); + WH_TEST_PRINT("ML-DSA Client DMA API SUCCESS\n"); } wc_MlDsaKey_Free(key); @@ -3718,7 +3718,7 @@ int whTestCrypto_MlDsaVerifyOnlyDma(whClientContext* ctx, int devId, wc_MlDsaKey_Free(key); if (ret == WH_ERROR_OK) { - printf("ML-DSA VERIFY ONLY: SUCCESS\n"); + WH_TEST_PRINT("ML-DSA VERIFY ONLY: SUCCESS\n"); } return ret; @@ -3740,7 +3740,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) uint32_t keyLen = sizeof(key); whKeyId keyId = WH_KEYID_ERASED; - printf("Testing Key Usage Policies...\n"); + WH_TEST_PRINT("Testing Key Usage Policies...\n"); /* Generate random test data */ ret = wc_RNG_GenerateBlock(rng, plaintext, sizeof(plaintext)); @@ -3758,7 +3758,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) #ifndef NO_AES #ifdef HAVE_AES_CBC /* AES encrypt without ENCRYPT flag */ - printf(" Testing AES CBC encrypt without ENCRYPT flag...\n"); + WH_TEST_PRINT(" Testing AES CBC encrypt without ENCRYPT flag...\n"); { Aes aes[1]; uint8_t iv[AES_BLOCK_SIZE] = {0}; @@ -3782,7 +3782,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) ret = wc_AesCbcEncrypt(aes, ciphertext, plaintext, sizeof(plaintext)); if (ret == WH_ERROR_USAGE) { - printf(" PASS: Correctly denied encryption\n"); + WH_TEST_PRINT(" PASS: Correctly denied encryption\n"); ret = 0; /* Test passed */ } else { @@ -3802,7 +3802,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) return ret; /* AES decrypt without DECRYPT flag */ - printf(" Testing AES CBC decrypt without DECRYPT flag...\n"); + WH_TEST_PRINT(" Testing AES CBC decrypt without DECRYPT flag...\n"); { Aes aes[1]; uint8_t iv[AES_BLOCK_SIZE] = {0}; @@ -3854,7 +3854,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) ret = wc_AesCbcDecrypt(aes, decrypted, tempCipher, sizeof(tempCipher)); if (ret == WH_ERROR_USAGE) { - printf( + WH_TEST_PRINT( " PASS: Correctly denied decryption\n"); ret = 0; /* Test passed */ } @@ -3880,7 +3880,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) #ifdef HAVE_ECC #ifdef HAVE_ECC_SIGN /* ECDSA sign without SIGN flag */ - printf(" Testing ECDSA sign without SIGN flag...\n"); + WH_TEST_PRINT(" Testing ECDSA sign without SIGN flag...\n"); { ecc_key eccKey[1]; uint8_t sig[ECC_MAX_SIG_SIZE] = {0}; @@ -3908,7 +3908,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigLen, rng, eccKey); if (ret == WH_ERROR_USAGE) { - printf(" PASS: Correctly denied signing\n"); + WH_TEST_PRINT(" PASS: Correctly denied signing\n"); ret = 0; /* Test passed */ } else { @@ -3931,7 +3931,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) #ifdef HAVE_ECC_DHE /* ECDH without DERIVE flag */ - printf(" Testing ECDH without DERIVE flag...\n"); + WH_TEST_PRINT(" Testing ECDH without DERIVE flag...\n"); { ecc_key privKey[1]; ecc_key pubKey[1]; @@ -3962,7 +3962,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) ret = wc_ecc_shared_secret( privKey, pubKey, sharedSecret, &secretLen); if (ret == WH_ERROR_USAGE) { - printf(" PASS: Correctly denied key " + WH_TEST_PRINT(" PASS: Correctly denied key " "derivation\n"); ret = 0; /* Test passed */ } @@ -3988,7 +3988,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) #ifdef HAVE_HKDF /* HKDF without DERIVE flag */ - printf(" Testing HKDF without DERIVE flag...\n"); + WH_TEST_PRINT(" Testing HKDF without DERIVE flag...\n"); { uint8_t ikm[32] = {0}; whKeyId outKeyId = WH_KEYID_ERASED; @@ -4010,7 +4010,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) WH_NVM_FLAGS_EPHEMERAL, (uint8_t*)"hkdf-out", strlen("hkdf-out"), 32); /* output size */ if (ret == WH_ERROR_USAGE) { - printf(" PASS: Correctly denied HKDF derivation\n"); + WH_TEST_PRINT(" PASS: Correctly denied HKDF derivation\n"); ret = 0; /* Test passed */ } else { @@ -4031,7 +4031,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) /* CMAC Generate without SIGN flag */ - printf(" Testing CMAC generate without SIGN flag...\n"); + WH_TEST_PRINT(" Testing CMAC generate without SIGN flag...\n"); { Cmac cmac; whKeyId keyId = WH_KEYID_ERASED; @@ -4061,7 +4061,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) sizeof(message), NULL, 0, NULL, WH_DEV_ID); if (ret == WH_ERROR_USAGE) { - printf(" PASS: Correctly denied CMAC generate\n"); + WH_TEST_PRINT(" PASS: Correctly denied CMAC generate\n"); ret = 0; /* Test passed */ } else { @@ -4079,7 +4079,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) return ret; /* CMAC Verify without VERIFY flag */ - printf(" Testing CMAC verify without VERIFY flag...\n"); + WH_TEST_PRINT(" Testing CMAC verify without VERIFY flag...\n"); { Cmac cmac; whKeyId keyId = WH_KEYID_ERASED; @@ -4113,7 +4113,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) sizeof(message), NULL, 0, NULL, WH_DEV_ID); if (ret == WH_ERROR_USAGE) { - printf(" PASS: Correctly denied CMAC verify\n"); + WH_TEST_PRINT(" PASS: Correctly denied CMAC verify\n"); ret = 0; /* Test passed */ } else { @@ -4133,7 +4133,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) #ifdef WOLFHSM_CFG_KEYWRAP /* Key wrap without WRAP flag */ - printf(" Testing key wrap without WRAP flag...\n"); + WH_TEST_PRINT(" Testing key wrap without WRAP flag...\n"); { uint8_t kek[32] = {0}; uint8_t dataKey[32] = {0}; @@ -4164,7 +4164,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) dataKey, sizeof(dataKey), &meta, wrappedKey, sizeof(wrappedKey)); if (ret == WH_ERROR_USAGE) { - printf(" PASS: Correctly denied key wrapping\n"); + WH_TEST_PRINT(" PASS: Correctly denied key wrapping\n"); ret = 0; /* Test passed */ } else { @@ -4180,7 +4180,7 @@ int whTest_CryptoKeyUsagePolicies(whClientContext* client, WC_RNG* rng) return ret; #endif /* WOLFHSM_CFG_KEYWRAP */ - printf("Key Usage Policy Tests PASSED\n"); + WH_TEST_PRINT("Key Usage Policy Tests PASSED\n"); return 0; } @@ -4637,12 +4637,12 @@ static int wh_ClientServer_MemThreadTest(whTestNvmBackendType nvmType) defined(WOLFHSM_CFG_ENABLE_SERVER) int whTest_Crypto(void) { - printf("Testing crypto: (pthread) mem...\n"); + WH_TEST_PRINT("Testing crypto: (pthread) mem...\n"); WH_TEST_RETURN_ON_FAIL( wh_ClientServer_MemThreadTest(WH_NVM_TEST_BACKEND_FLASH)); #if defined(WOLFHSM_CFG_SERVER_NVM_FLASH_LOG) - printf("Testing crypto: (pthread) mem (flash log)...\n"); + WH_TEST_PRINT("Testing crypto: (pthread) mem (flash log)...\n"); WH_TEST_RETURN_ON_FAIL( wh_ClientServer_MemThreadTest(WH_NVM_TEST_BACKEND_FLASH_LOG)); #endif diff --git a/test/wh_test_flash_ramsim.c b/test/wh_test_flash_ramsim.c index bec38e65..fe7ad0d7 100644 --- a/test/wh_test_flash_ramsim.c +++ b/test/wh_test_flash_ramsim.c @@ -49,11 +49,11 @@ static void fillTestData(uint8_t* buffer, uint32_t size, uint32_t baseValue) #if defined(WH_TEST_FLASH_RAMSIM_DEBUG) static void printMemory(uint8_t* buffer, uint32_t size, uint32_t offset) { - printf("Memory at offset %u: ", offset); + WH_TEST_DEBUG_PRINT("Memory at offset %u: ", offset); for (size_t i = 0; i < size; i++) { - printf("%02X ", buffer[i]); + WH_TEST_DEBUG_PRINT("%02X ", buffer[i]); } - printf("\n"); + WH_TEST_DEBUG_PRINT("\n"); } #endif /* WH_TEST_FLASH_RAMSIM_DEBUG */ @@ -73,7 +73,7 @@ int whTest_Flash_RamSim(void) uint8_t testData[TEST_PAGE_SIZE] = {0}; uint8_t readData[TEST_PAGE_SIZE] = {0}; - printf("Testing RAM-based flash simulator...\n"); + WH_TEST_PRINT("Testing RAM-based flash simulator...\n"); WH_TEST_RETURN_ON_FAIL(whFlashRamsim_Init(&ctx, &cfg)); @@ -146,7 +146,7 @@ int whTest_Flash_RamSim(void) }; #if WH_TEST_FLASH_RAMSIM_DEBUG - printf("Page %u in sector %u before programming:\n", (unsigned int)page, (unsigned int)sector); + WH_TEST_DEBUG_PRINT("Page %u in sector %u before programming:\n", (unsigned int)page, (unsigned int)sector); printMemory(readData, cfg.pageSize, pageOffset); #endif /* WH_TEST_FLASH_RAMSIM_DEBUG */ @@ -160,7 +160,7 @@ int whTest_Flash_RamSim(void) } #if WH_TEST_FLASH_RAMSIM_DEBUG - printf("Page %u in sector %u after programming:\n", (unsigned int)page, (unsigned int)sector); + WH_TEST_DEBUG_PRINT("Page %u in sector %u after programming:\n", (unsigned int)page, (unsigned int)sector); whFlashRamsim_Read(&ctx, pageOffset, cfg.pageSize, readData); printMemory(readData, cfg.pageSize, pageOffset); #endif /* WH_TEST_FLASH_RAMSIM_DEBUG */ diff --git a/test/wh_test_keywrap.c b/test/wh_test_keywrap.c index b5de6f82..8ba818ac 100644 --- a/test/wh_test_keywrap.c +++ b/test/wh_test_keywrap.c @@ -332,7 +332,7 @@ int whTest_KeyWrapClientConfig(whClientConfig* clientCfg) WH_ERROR_PRINT("Failed to whTest_Client_KeyWrap %d\n", ret); } else { - printf("KEYWRAP TESTS SUCCESS\n"); + WH_TEST_PRINT("KEYWRAP TESTS SUCCESS\n"); } ret = whTest_Client_DataWrap(client); @@ -340,7 +340,7 @@ int whTest_KeyWrapClientConfig(whClientConfig* clientCfg) WH_ERROR_PRINT("Failed to whTest_Client_DataWrap %d\n", ret); } else { - printf("DATAWRAP TESTS SUCCESS\n"); + WH_TEST_PRINT("DATAWRAP TESTS SUCCESS\n"); } /* Clean up used resources */ diff --git a/test/wh_test_multiclient.c b/test/wh_test_multiclient.c index 12b35170..64c5f4c4 100644 --- a/test/wh_test_multiclient.c +++ b/test/wh_test_multiclient.c @@ -124,7 +124,7 @@ static int _testGlobalKeyBasic(whClientContext* client1, uint8_t outBuf[sizeof(TEST_KEY_DATA_1)] = {0}; uint16_t outSz = sizeof(outBuf); - printf("Test: Global key basic operations\n"); + WH_TEST_PRINT("Test: Global key basic operations\n"); /* Client 1 caches a global key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -144,7 +144,7 @@ static int _testGlobalKeyBasic(whClientContext* client1, WH_TEST_ASSERT_RETURN(outSz == sizeof(TEST_KEY_DATA_1)); WH_TEST_ASSERT_RETURN(0 == memcmp(outBuf, TEST_KEY_DATA_1, outSz)); - printf(" PASS: Basic global key operations\n"); + WH_TEST_PRINT(" PASS: Basic global key operations\n"); (void)ret; return 0; @@ -170,7 +170,7 @@ static int _testLocalKeyIsolation(whClientContext* client1, uint8_t outBuf[32] = {0}; uint16_t outSz; - printf("Test: Local key isolation\n"); + WH_TEST_PRINT("Test: Local key isolation\n"); /* Client 1 caches a local key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -206,7 +206,7 @@ static int _testLocalKeyIsolation(whClientContext* client1, WH_TEST_ASSERT_RETURN( 0 == memcmp(outBuf, TEST_KEY_DATA_2, sizeof(TEST_KEY_DATA_2))); - printf(" PASS: Local key isolation\n"); + WH_TEST_PRINT(" PASS: Local key isolation\n"); (void)ret; return 0; @@ -234,7 +234,7 @@ static int _testMixedGlobalLocal(whClientContext* client1, uint8_t outBuf[32] = {0}; uint16_t outSz; - printf( + WH_TEST_DEBUG_PRINT( "Test: Mixed global and local keys with no cross-cache interference\n"); /* Client 1 caches global key */ @@ -311,7 +311,7 @@ static int _testMixedGlobalLocal(whClientContext* client1, WH_TEST_ASSERT_RETURN( 0 == memcmp(outBuf, TEST_KEY_DATA_1, sizeof(TEST_KEY_DATA_1))); - printf(" PASS: Mixed global and local keys with no cross-cache " + WH_TEST_PRINT(" PASS: Mixed global and local keys with no cross-cache " "interference\n"); (void)ret; @@ -336,7 +336,7 @@ static int _testGlobalKeyNvmPersistence(whClientContext* client1, uint8_t outBuf[sizeof(TEST_KEY_DATA_1)] = {0}; uint16_t outSz; - printf("Test: NVM persistence of global keys\n"); + WH_TEST_PRINT("Test: NVM persistence of global keys\n"); /* Client 1 caches and commits a global key to NVM */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -374,7 +374,7 @@ static int _testGlobalKeyNvmPersistence(whClientContext* client1, WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEraseResponse(client1)); - printf(" PASS: NVM persistence of global keys\n"); + WH_TEST_PRINT(" PASS: NVM persistence of global keys\n"); (void)ret; return 0; @@ -397,7 +397,7 @@ static int _testGlobalKeyExportProtection(whClientContext* client1, uint8_t outBuf[sizeof(TEST_KEY_DATA_1)] = {0}; uint16_t outSz; - printf("Test: Export protection on global keys\n"); + WH_TEST_PRINT("Test: Export protection on global keys\n"); /* Client 1 caches a non-exportable global key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -423,7 +423,7 @@ static int _testGlobalKeyExportProtection(whClientContext* client1, WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Export protection on global keys\n"); + WH_TEST_PRINT(" PASS: Export protection on global keys\n"); return 0; } @@ -449,7 +449,7 @@ static int _testGlobalKeyDma(whClientContext* client1, whServerContext* server1, uint16_t labelSz = sizeof(label); uint16_t outSz; - printf("Test: DMA operations with global keys\n"); + WH_TEST_PRINT("Test: DMA operations with global keys\n"); /* Part 1: Cache via DMA, export via regular */ /* Client 1 caches a global key using DMA */ @@ -505,7 +505,7 @@ static int _testGlobalKeyDma(whClientContext* client1, whServerContext* server1, WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: DMA operations with global keys\n"); + WH_TEST_PRINT(" PASS: DMA operations with global keys\n"); (void)ret; return 0; @@ -534,7 +534,7 @@ static int _testGlobalKeyWrapExport(whClientContext* client1, uint8_t unwrappedKey[AES_256_KEY_SIZE] = {0}; whNvmMetadata meta = {0}; - printf("Test: Key wrap with global server key\n"); + WH_TEST_PRINT("Test: Key wrap with global server key\n"); /* Client 1 caches a global wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -572,7 +572,7 @@ static int _testGlobalKeyWrapExport(whClientContext* client1, WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Key wrap with global server key\n"); + WH_TEST_PRINT(" PASS: Key wrap with global server key\n"); (void)ret; return 0; @@ -603,7 +603,7 @@ static int _testGlobalKeyUnwrapCache(whClientContext* client1, uint16_t verifySz = sizeof(verifyBuf); whNvmMetadata meta = {0}; - printf("Test: Key unwrap and cache with global server key\n"); + WH_TEST_PRINT("Test: Key unwrap and cache with global server key\n"); /* Client 1 caches a global wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -660,7 +660,7 @@ static int _testGlobalKeyUnwrapCache(whClientContext* client1, WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Key unwrap and cache with global server key\n"); + WH_TEST_PRINT(" PASS: Key unwrap and cache with global server key\n"); (void)ret; return 0; @@ -686,7 +686,7 @@ static int _testWrappedKey_GlobalWrap_GlobalKey_Positive( uint8_t unwrappedKey[AES_256_KEY_SIZE] = {0}; whNvmMetadata meta = {0}; - printf("Test 7a: Global wrap key + Global wrapped key (Positive)\n"); + WH_TEST_DEBUG_PRINT("Test 7a: Global wrap key + Global wrapped key (Positive)\n"); /* Client 1 caches a global wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -724,7 +724,7 @@ static int _testWrappedKey_GlobalWrap_GlobalKey_Positive( WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Global wrap key + Global wrapped key (Positive)\n"); + WH_TEST_PRINT(" PASS: Global wrap key + Global wrapped key (Positive)\n"); (void)ret; return 0; @@ -750,7 +750,7 @@ static int _testWrappedKey_GlobalWrap_GlobalKey_NonExportable( uint8_t unwrappedKey[AES_256_KEY_SIZE] = {0}; whNvmMetadata meta = {0}; - printf("Test 7b: Global wrap key + Global wrapped key (Non-exportable)\n"); + WH_TEST_DEBUG_PRINT("Test 7b: Global wrap key + Global wrapped key (Non-exportable)\n"); /* Client 1 caches a global wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -789,7 +789,7 @@ static int _testWrappedKey_GlobalWrap_GlobalKey_NonExportable( WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Global wrap key + Global wrapped key (Non-exportable)\n"); + WH_TEST_PRINT(" PASS: Global wrap key + Global wrapped key (Non-exportable)\n"); return 0; #undef WRAPPED_KEY_SIZE @@ -815,7 +815,7 @@ static int _testWrappedKey_GlobalWrap_LocalKey_OwnerExport( uint8_t unwrappedKey[AES_256_KEY_SIZE] = {0}; whNvmMetadata meta = {0}; - printf("Test 8a: Global wrap key + Local wrapped key (Owner export)\n"); + WH_TEST_DEBUG_PRINT("Test 8a: Global wrap key + Local wrapped key (Owner export)\n"); /* Client 1 caches a global wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -853,7 +853,7 @@ static int _testWrappedKey_GlobalWrap_LocalKey_OwnerExport( WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Global wrap key + Local wrapped key (Owner export)\n"); + WH_TEST_PRINT(" PASS: Global wrap key + Local wrapped key (Owner export)\n"); (void)ret; return 0; @@ -882,7 +882,7 @@ static int _testWrappedKey_GlobalWrap_LocalKey_NonOwnerFails( whNvmMetadata meta = {0}; whKeyId cachedKeyId = 0; - printf("Test 8b: Global wrap key + Local wrapped key (Non-owner fails)\n"); + WH_TEST_DEBUG_PRINT("Test 8b: Global wrap key + Local wrapped key (Non-owner fails)\n"); /* Client 1 caches a global wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -930,7 +930,7 @@ static int _testWrappedKey_GlobalWrap_LocalKey_NonOwnerFails( WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Global wrap key + Local wrapped key (Non-owner fails)\n"); + WH_TEST_PRINT(" PASS: Global wrap key + Local wrapped key (Non-owner fails)\n"); return WH_ERROR_OK; #undef WRAPPED_KEY_SIZE @@ -956,7 +956,7 @@ static int _testWrappedKey_LocalWrap_LocalKey_SameOwner( uint8_t unwrappedKey[AES_256_KEY_SIZE] = {0}; whNvmMetadata meta = {0}; - printf("Test 9a: Local wrap key + Local wrapped key (Same owner)\n"); + WH_TEST_DEBUG_PRINT("Test 9a: Local wrap key + Local wrapped key (Same owner)\n"); /* Client 1 caches a LOCAL wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -994,7 +994,7 @@ static int _testWrappedKey_LocalWrap_LocalKey_SameOwner( WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Local wrap key + Local wrapped key (Same owner)\n"); + WH_TEST_PRINT(" PASS: Local wrap key + Local wrapped key (Same owner)\n"); (void)ret; (void)client2; @@ -1024,7 +1024,7 @@ static int _testWrappedKey_LocalWrap_LocalKey_NoAccessWithoutWrapKey( uint8_t unwrappedKey[AES_256_KEY_SIZE] = {0}; whNvmMetadata meta = {0}; - printf( + WH_TEST_DEBUG_PRINT( "Test 9b: Local wrap key + Local wrapped key (No wrap key access)\n"); /* Client 1 caches a LOCAL wrapping key */ @@ -1065,7 +1065,7 @@ static int _testWrappedKey_LocalWrap_LocalKey_NoAccessWithoutWrapKey( WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Local wrap key + Local wrapped key (No wrap key access)\n"); + WH_TEST_PRINT(" PASS: Local wrap key + Local wrapped key (No wrap key access)\n"); return 0; #undef WRAPPED_KEY_SIZE @@ -1096,7 +1096,7 @@ static int _testWrappedKey_LocalWrap_GlobalKey_AnyCacheGlobal( whNvmMetadata meta = {0}; whKeyId cachedKeyId = 0; - printf("Test 10a: Local wrap key + Global wrapped key (Cache global)\n"); + WH_TEST_DEBUG_PRINT("Test 10a: Local wrap key + Global wrapped key (Cache global)\n"); /* Client 1 caches a LOCAL wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -1146,7 +1146,7 @@ static int _testWrappedKey_LocalWrap_GlobalKey_AnyCacheGlobal( WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Local wrap key + Global wrapped key (Cache global)\n"); + WH_TEST_PRINT(" PASS: Local wrap key + Global wrapped key (Cache global)\n"); (void)ret; return 0; @@ -1172,7 +1172,7 @@ static int _testWrappedKey_LocalWrap_GlobalKey_NonOwnerNoWrapKey( uint8_t unwrappedKey[AES_256_KEY_SIZE] = {0}; whNvmMetadata meta = {0}; - printf("Test 10b: Local wrap key + Global wrapped key (No wrap key)\n"); + WH_TEST_DEBUG_PRINT("Test 10b: Local wrap key + Global wrapped key (No wrap key)\n"); /* Client 1 caches a LOCAL wrapping key */ WH_TEST_RETURN_ON_FAIL(wh_Client_KeyCacheRequest_ex( @@ -1213,7 +1213,7 @@ static int _testWrappedKey_LocalWrap_GlobalKey_NonOwnerNoWrapKey( WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Local wrap key + Global wrapped key (No wrap key)\n"); + WH_TEST_PRINT(" PASS: Local wrap key + Global wrapped key (No wrap key)\n"); return 0; #undef WRAPPED_KEY_SIZE @@ -1233,7 +1233,7 @@ static int _testKeyIdFlagPreservation(whClientContext* client1, (void)client2; (void)server2; - printf("Test: KeyId flag preservation\n"); + WH_TEST_PRINT("Test: KeyId flag preservation\n"); /* Test 1: Global key cache preserves global flag */ { @@ -1258,7 +1258,7 @@ static int _testKeyIdFlagPreservation(whClientContext* client1, WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Global key cache preserves global flag\n"); + WH_TEST_PRINT(" PASS: Global key cache preserves global flag\n"); } /* Test 2: Local key cache does not have global flag */ @@ -1284,7 +1284,7 @@ static int _testKeyIdFlagPreservation(whClientContext* client1, WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Local key cache has no global flag\n"); + WH_TEST_PRINT(" PASS: Local key cache has no global flag\n"); } /* Test 3: Reusing returned keyId works correctly */ @@ -1322,7 +1322,7 @@ static int _testKeyIdFlagPreservation(whClientContext* client1, WH_TEST_RETURN_ON_FAIL(wh_Server_HandleRequestMessage(server1)); WH_TEST_RETURN_ON_FAIL(wh_Client_KeyEvictResponse(client1)); - printf(" PASS: Reusing returned keyId works correctly\n"); + WH_TEST_PRINT(" PASS: Reusing returned keyId works correctly\n"); } return 0; @@ -1392,7 +1392,7 @@ static int _runGlobalKeysTests(whClientContext* client1, client1, server1, client2, server2)); #endif - printf("All Global Keys Tests PASSED ===\n"); + WH_TEST_PRINT("All Global Keys Tests PASSED ===\n"); return 0; } @@ -1596,7 +1596,7 @@ static int whTest_MultiClientSequential(void) if (ret != 0) return ret; - printf("=== Multi-Client Sequential Tests Begin ===\n"); + WH_TEST_PRINT("=== Multi-Client Sequential Tests Begin ===\n"); /* Run test suites that require multiple clients */ #ifdef WOLFHSM_CFG_GLOBAL_KEYS WH_TEST_RETURN_ON_FAIL( @@ -1617,7 +1617,7 @@ static int whTest_MultiClientSequential(void) #endif wh_Nvm_Cleanup(nvm); - printf("=== Multi-Client Sequential Tests Complete ===\n"); + WH_TEST_PRINT("=== Multi-Client Sequential Tests Complete ===\n"); return 0; } diff --git a/test/wh_test_nvm_flash.c b/test/wh_test_nvm_flash.c index 7ddc4184..f18a4755 100644 --- a/test/wh_test_nvm_flash.c +++ b/test/wh_test_nvm_flash.c @@ -55,24 +55,24 @@ static void _HexDump(const char* p, size_t data_len) const size_t bytesPerLine = 16; const unsigned char two_digits = 0x10; const unsigned char* u = (const unsigned char*)p; - printf(" HD:%p for %lu bytes\n", p, data_len); + WH_TEST_DEBUG_PRINT(" HD:%p for %lu bytes\n", p, data_len); if ((p == NULL) || (data_len == 0)) return; size_t off = 0; for (off = 0; off < data_len; off++) { if ((off % bytesPerLine) == 0) - printf(" "); + WH_TEST_DEBUG_PRINT(" "); if (u[off] < two_digits) { - printf("0%X ", u[off]); + WH_TEST_DEBUG_PRINT("0%X ", u[off]); } else { - printf("%X ", u[off]); + WH_TEST_DEBUG_PRINT("%X ", u[off]); } if ((off % bytesPerLine) == (bytesPerLine - 1)) - printf("\n"); + WH_TEST_DEBUG_PRINT("\n"); } if ((off % bytesPerLine) != 0) - printf("\n"); + WH_TEST_DEBUG_PRINT("\n"); } static void _ShowAvailable(const whNvmCb* cb, void* context) @@ -85,13 +85,13 @@ static void _ShowAvailable(const whNvmCb* cb, void* context) rc = cb->GetAvailable(context, &free_space, &free_objects, &reclaim_space, &reclaim_objects); if (rc == 0) { - printf("NVM %p has %u bytes, and %u objects available \n" + WH_TEST_DEBUG_PRINT("NVM %p has %u bytes, and %u objects available \n" " %u bytes, and %u objects reclaimable \n", context, (unsigned int)free_space, (unsigned int)free_objects, (unsigned int)reclaim_space, (unsigned int)reclaim_objects); } else { - printf("NVM %p failed to get available info: %d.\n", context, rc); + WH_TEST_DEBUG_PRINT("NVM %p failed to get available info: %d.\n", context, rc); } } @@ -109,7 +109,7 @@ static void _ShowList(const whNvmCb* cb, void* context) id, &listCount, &id); if ((rc == 0) && (listCount > 0)) { - printf("Found object id 0x%X (%d) with %d more objects\n", id, id, + WH_TEST_DEBUG_PRINT("Found object id 0x%X (%d) with %d more objects\n", id, id, listCount - 1); whNvmMetadata myMetadata; memset(&myMetadata, 0, sizeof(myMetadata)); @@ -120,7 +120,7 @@ static void _ShowList(const whNvmCb* cb, void* context) uint8_t data[16] = {0}; whNvmSize offset = 0; - printf("-Id:%04hX\n-Label:%.*s\n" + WH_TEST_DEBUG_PRINT("-Id:%04hX\n-Label:%.*s\n" "-Access:%04hX\n-Flags:%04hX\n-Len:%d\n", myMetadata.id, (int)sizeof(myMetadata.label), myMetadata.label, myMetadata.access, myMetadata.flags, @@ -323,7 +323,7 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) WH_TEST_RETURN_ON_FAIL(cb->Init(context, cfg)); #if defined(WOLFHSM_CFG_TEST_VERBOSE) - printf("--Initial NVM contents\n"); + WH_TEST_DEBUG_PRINT("--Initial NVM contents\n"); _ShowAvailable(cb, context); _ShowList(cb, context); #endif @@ -348,7 +348,7 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) /* Add 3 objects, checking for each object that we can read back what was * written */ - printf("--Adding 3 new objects\n"); + WH_TEST_PRINT("--Adding 3 new objects\n"); ret = addObjectWithReadBackCheck(cb, context, &meta1, sizeof(data1), data1); if (ret != 0) { goto cleanup; @@ -368,7 +368,7 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) #endif /* Overwrite an existing Object */ - printf("--Overwrite an existing object\n"); + WH_TEST_PRINT("--Overwrite an existing object\n"); ret = addObjectWithReadBackCheck(cb, context, &meta1, sizeof(update1), update1); if (ret != 0) { @@ -381,14 +381,14 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) #endif /* Overwrite an existing Object twice */ - printf("--Overwrite an existing object again \n"); + WH_TEST_PRINT("--Overwrite an existing object again \n"); ret = addObjectWithReadBackCheck(cb, context, &meta2, sizeof(update2), update2); if (ret != 0) { goto cleanup; } - printf("--Overwrite an existing object with new data\n"); + WH_TEST_PRINT("--Overwrite an existing object with new data\n"); ret = addObjectWithReadBackCheck(cb, context, &meta2, sizeof(update3), update3); if (ret != 0) { @@ -402,7 +402,7 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) #endif /* Regenerate */ - printf("--Reclaim space\n"); + WH_TEST_PRINT("--Reclaim space\n"); if ((ret = cb->DestroyObjects(context, 0, NULL)) != 0) { goto cleanup; } @@ -417,7 +417,7 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) whNvmMetadata metaBuf = {0}; unsigned char dataBuf[256]; size_t i = 0; - printf("--Read IDs after reclaim\n"); + WH_TEST_PRINT("--Read IDs after reclaim\n"); for (i=0; iGetMetadata(context, ids[i], &metaBuf)) != 0) { WH_ERROR_PRINT("GetMetadata after reclaim returned %d\n", ret); @@ -433,7 +433,7 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) } /* Destroy 1 object */ - printf("--Destroy 1 object\n"); + WH_TEST_PRINT("--Destroy 1 object\n"); if ((ret = destroyObjectWithReadBackCheck(cb, context, 1, ids)) != 0) { goto cleanup; @@ -446,7 +446,7 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) /* Attempt to destroy 3 objects, of which one has been already destroyed. * This should not cause an error */ - printf("--Destroy 3 objects\n"); + WH_TEST_PRINT("--Destroy 3 objects\n"); if ((ret = destroyObjectWithReadBackCheck( cb, context, sizeof(ids) / sizeof(ids[0]), ids)) != 0) { goto cleanup; @@ -457,7 +457,7 @@ int whTest_NvmFlashCfg(void* cfg, void* context, const whNvmCb* cb) _ShowList(cb, context); #endif - printf("--Done\n"); + WH_TEST_PRINT("--Done\n"); cleanup: /* Don't overwrite an already failed return code? */ @@ -589,7 +589,7 @@ int whTest_NvmFlash_Recovery(void) uint32_t bytesReclBefore, bytesReclAfter; whNvmId objsReclBefore, objsReclAfter; - printf("--simulate failure when writing object start\n"); + WH_TEST_PRINT("--simulate failure when writing object start\n"); WH_TEST_RETURN_ON_FAIL(simulateFailureAndRecover( 2 /* program epoch, metadata and fail */, &test_data_len, &bytesBefore, &objsBefore, &bytesReclBefore, &objsReclBefore, &bytesAfter, &objsAfter, @@ -602,7 +602,7 @@ int whTest_NvmFlash_Recovery(void) /* available object should be decremented */ WH_TEST_ASSERT_RETURN(objsAfter == objsBefore - 1); - printf("--simulate failure when writing object count\n"); + WH_TEST_PRINT("--simulate failure when writing object count\n"); WH_TEST_RETURN_ON_FAIL(simulateFailureAndRecover( 4 /* program epoch, metadata, start, data and fail */, &test_data_len, &bytesBefore, &objsBefore, &bytesReclBefore, &objsReclBefore, @@ -679,14 +679,14 @@ int whTest_NvmFlash_PosixFileSim(void) int whTest_NvmFlash(void) { - printf("Testing NVM flash with RAM sim...\n"); + WH_TEST_PRINT("Testing NVM flash with RAM sim...\n"); WH_TEST_ASSERT(0 == whTest_NvmFlash_RamSim()); - printf("Testing NVM flash recovery mechanism...\n"); + WH_TEST_PRINT("Testing NVM flash recovery mechanism...\n"); WH_TEST_ASSERT(0 == whTest_NvmFlash_Recovery()); #if defined(WOLFHSM_CFG_TEST_POSIX) - printf("Testing NVM flash with POSIX file sim...\n"); + WH_TEST_PRINT("Testing NVM flash with POSIX file sim...\n"); WH_TEST_ASSERT(0 == whTest_NvmFlash_PosixFileSim()); #endif diff --git a/test/wh_test_server_img_mgr.c b/test/wh_test_server_img_mgr.c index ec2cfd7c..cf5f9092 100644 --- a/test/wh_test_server_img_mgr.c +++ b/test/wh_test_server_img_mgr.c @@ -227,13 +227,13 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Initialize wolfCrypt */ ret = wc_InitRng(&rng); if (ret != 0) { - printf("Failed to initialize RNG: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize RNG: %d\n", ret); return ret; } ret = wc_ecc_init(&eccKey); if (ret != 0) { - printf("Failed to initialize ECC key: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize ECC key: %d\n", ret); wc_FreeRng(&rng); return ret; } @@ -243,7 +243,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) ret = wc_EccPrivateKeyDecode(testEccPrivKey, &inOutIdx, &eccKey, sizeof(testEccPrivKey)); if (ret != 0) { - printf("Failed to decode ECC private key: %d\n", ret); + WH_ERROR_PRINT("Failed to decode ECC private key: %d\n", ret); wc_ecc_free(&eccKey); wc_FreeRng(&rng); return ret; @@ -252,7 +252,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Export public key in DER format so we can store it in NVM */ ret = wc_EccPublicKeyToDer(&eccKey, pubKeyDer, pubKeyDerLen, 1); if (ret <= 0) { - printf("Failed to export public key to DER: %d\n", ret); + WH_ERROR_PRINT("Failed to export public key to DER: %d\n", ret); wc_ecc_free(&eccKey); wc_FreeRng(&rng); return ret; @@ -262,7 +262,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Hash the test data */ ret = wc_InitSha256(&sha); if (ret != 0) { - printf("Failed to initialize SHA256: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize SHA256: %d\n", ret); wc_ecc_free(&eccKey); wc_FreeRng(&rng); return ret; @@ -270,7 +270,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) ret = wc_Sha256Update(&sha, testData, sizeof(testData)); if (ret != 0) { - printf("Failed to update SHA256: %d\n", ret); + WH_ERROR_PRINT("Failed to update SHA256: %d\n", ret); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); wc_FreeRng(&rng); @@ -279,7 +279,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) ret = wc_Sha256Final(&sha, hash); if (ret != 0) { - printf("Failed to finalize SHA256: %d\n", ret); + WH_ERROR_PRINT("Failed to finalize SHA256: %d\n", ret); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); wc_FreeRng(&rng); @@ -290,7 +290,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) ret = wc_ecc_sign_hash(hash, sizeof(hash), signature, &sigLen, &rng, &eccKey); if (ret != 0) { - printf("Failed to sign hash: %d\n", ret); + WH_ERROR_PRINT("Failed to sign hash: %d\n", ret); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); wc_FreeRng(&rng); @@ -302,7 +302,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) ret = wc_ecc_verify_hash(signature, sigLen, hash, sizeof(hash), &verifyResult, &eccKey); if (ret != 0 || verifyResult != 1) { - printf("Direct signature verification failed: ret=%d, result=%d\n", ret, + WH_ERROR_PRINT("Direct signature verification failed: ret=%d, result=%d\n", ret, verifyResult); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -319,7 +319,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) ret = wh_Nvm_AddObject(serverCfg->nvm, &sigMeta, sigLen, signature); if (ret != WH_ERROR_OK) { - printf("Failed to add signature to NVM: %d\n", ret); + WH_ERROR_PRINT("Failed to add signature to NVM: %d\n", ret); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); wc_FreeRng(&rng); @@ -341,7 +341,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Initialize server */ ret = wh_Server_Init(server, serverCfg); if (ret != WH_ERROR_OK) { - printf("Failed to initialize server: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize server: %d\n", ret); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); wc_FreeRng(&rng); @@ -351,7 +351,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Initialize the image manager to work with the server */ ret = wh_Server_ImgMgrInit(&imgMgr, &imgMgrConfig); if (ret != WH_ERROR_OK) { - printf("Failed to initialize image manager: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize image manager: %d\n", ret); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); wc_FreeRng(&rng); @@ -369,7 +369,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) ret = wh_Server_KeystoreCacheKey(server, &keyMeta, pubKeyDer); if (ret != WH_ERROR_OK) { - printf("Failed to cache key in keystore: %d\n", ret); + WH_ERROR_PRINT("Failed to cache key in keystore: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -380,7 +380,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Commit the key to NVM */ ret = wh_Server_KeystoreCommitKey(server, testEccKeyId); if (ret != WH_ERROR_OK) { - printf("Failed to commit key to NVM: %d\n", ret); + WH_ERROR_PRINT("Failed to commit key to NVM: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -392,7 +392,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) whServerImgMgrVerifyResult result; ret = wh_Server_ImgMgrVerifyImg(&imgMgr, &testImage, &result); if (ret != WH_ERROR_OK) { - printf("Image verification failed: %d\n", ret); + WH_ERROR_PRINT("Image verification failed: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -402,7 +402,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Check verify method result */ if (result.verifyMethodResult != WH_ERROR_OK) { - printf("ECC verify method failed: %d\n", result.verifyMethodResult); + WH_ERROR_PRINT("ECC verify method failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -412,7 +412,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Check verify action result */ if (result.verifyActionResult != WH_ERROR_OK) { - printf("ECC verify action failed: %d\n", result.verifyActionResult); + WH_ERROR_PRINT("ECC verify action failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -423,7 +423,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Test verify by index */ ret = wh_Server_ImgMgrVerifyImgIdx(&imgMgr, 0, &result); if (ret != WH_ERROR_OK) { - printf("Image verification by index failed: %d\n", ret); + WH_ERROR_PRINT("Image verification by index failed: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -433,7 +433,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Check verify method result */ if (result.verifyMethodResult != WH_ERROR_OK) { - printf("ECC verify method by index failed: %d\n", + WH_ERROR_PRINT("ECC verify method by index failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -444,7 +444,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Check verify action result */ if (result.verifyActionResult != WH_ERROR_OK) { - printf("ECC verify action by index failed: %d\n", + WH_ERROR_PRINT("ECC verify action by index failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -457,7 +457,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) whServerImgMgrVerifyResult results[1]; ret = wh_Server_ImgMgrVerifyAll(&imgMgr, results, 1, NULL); if (ret != WH_ERROR_OK) { - printf("Verify all images failed: %d\n", ret); + WH_ERROR_PRINT("Verify all images failed: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -467,7 +467,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Check verify method result for all images */ if (results[0].verifyMethodResult != WH_ERROR_OK) { - printf("ECC verify method for all images failed: %d\n", + WH_ERROR_PRINT("ECC verify method for all images failed: %d\n", results[0].verifyMethodResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -478,7 +478,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Check verify action result for all images */ if (results[0].verifyActionResult != WH_ERROR_OK) { - printf("ECC verify action for all images failed: %d\n", + WH_ERROR_PRINT("ECC verify action for all images failed: %d\n", results[0].verifyActionResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -493,7 +493,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) uint8_t corruptedSig[128]; ret = wh_Nvm_Read(serverCfg->nvm, testEccSigNvmId, 0, sigLen, corruptedSig); if (ret != WH_ERROR_OK) { - printf("Failed to read signature for negative test: %d\n", ret); + WH_ERROR_PRINT("Failed to read signature for negative test: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -507,7 +507,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Write corrupted signature back to NVM */ ret = wh_Nvm_AddObject(serverCfg->nvm, &sigMeta, sigLen, corruptedSig); if (ret != WH_ERROR_OK) { - printf("Failed to write corrupted signature: %d\n", ret); + WH_ERROR_PRINT("Failed to write corrupted signature: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -518,7 +518,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Test that the image does not verify with the corrupted signature */ ret = wh_Server_ImgMgrVerifyImg(&imgMgr, &testImage, &result); if (ret != WH_ERROR_OK) { - printf("ERROR: ECC image verification with corrupted signature failed: " + WH_ERROR_PRINT("ERROR: ECC image verification with corrupted signature failed: " "%d\n", ret); wh_Server_Cleanup(server); @@ -530,7 +530,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Verify method result should not be OK */ if (result.verifyMethodResult == WH_ERROR_OK) { - printf("ECC verify method with corrupted signature failed: %d\n", + WH_ERROR_PRINT("ECC verify method with corrupted signature failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -541,7 +541,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Verify action result should just be the verify method result */ if (result.verifyActionResult != result.verifyMethodResult) { - printf("ECC verify action with corrupted signature failed: %d\n", + WH_ERROR_PRINT("ECC verify action with corrupted signature failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -553,7 +553,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) /* Delete the signature object to leave NVM in clean state */ ret = wh_Nvm_DestroyObjects(serverCfg->nvm, 1, &testEccSigNvmId); if (ret != WH_ERROR_OK) { - printf("Failed to delete RSA signature object: %d\n", ret); + WH_ERROR_PRINT("Failed to delete RSA signature object: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_ecc_free(&eccKey); @@ -567,7 +567,7 @@ static int whTest_ServerImgMgrServerCfgEcc256(whServerConfig* serverCfg) wc_ecc_free(&eccKey); wc_FreeRng(&rng); - printf("IMG_MGR ECC P256 Test completed successfully!\n"); + WH_TEST_PRINT("IMG_MGR ECC P256 Test completed successfully!\n"); return 0; } #endif /* HAVE_ECC */ @@ -595,19 +595,19 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) ret = wc_InitCmac(&cmac, testAes128Key, sizeof(testAes128Key), WC_CMAC_AES, NULL); if (ret != 0) { - printf("Failed to initialize CMAC: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize CMAC: %d\n", ret); return ret; } ret = wc_CmacUpdate(&cmac, testData, sizeof(testData)); if (ret != 0) { - printf("Failed to update CMAC: %d\n", ret); + WH_ERROR_PRINT("Failed to update CMAC: %d\n", ret); return ret; } ret = wc_CmacFinal(&cmac, computed_cmac, &cmac_size); if (ret != 0) { - printf("Failed to finalize CMAC: %d\n", ret); + WH_ERROR_PRINT("Failed to finalize CMAC: %d\n", ret); return ret; } @@ -620,7 +620,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) ret = wh_Nvm_AddObject(serverCfg->nvm, &sigMeta, cmac_size, computed_cmac); if (ret != WH_ERROR_OK) { - printf("Failed to add CMAC signature to NVM: %d\n", ret); + WH_ERROR_PRINT("Failed to add CMAC signature to NVM: %d\n", ret); return ret; } @@ -639,14 +639,14 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Initialize server */ ret = wh_Server_Init(server, serverCfg); if (ret != WH_ERROR_OK) { - printf("Failed to initialize server: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize server: %d\n", ret); return ret; } /* Initialize the image manager to work with the server */ ret = wh_Server_ImgMgrInit(&imgMgr, &imgMgrConfig); if (ret != WH_ERROR_OK) { - printf("Failed to initialize image manager: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize image manager: %d\n", ret); wh_Server_Cleanup(server); return ret; } @@ -661,7 +661,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) ret = wh_Server_KeystoreCacheKey(server, &keyMeta, (uint8_t*)testAes128Key); if (ret != WH_ERROR_OK) { - printf("Failed to cache AES128 key in keystore: %d\n", ret); + WH_ERROR_PRINT("Failed to cache AES128 key in keystore: %d\n", ret); wh_Server_Cleanup(server); return ret; } @@ -669,7 +669,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Commit the key to NVM */ ret = wh_Server_KeystoreCommitKey(server, testAesCmacKeyId); if (ret != WH_ERROR_OK) { - printf("Failed to commit AES128 key to NVM: %d\n", ret); + WH_ERROR_PRINT("Failed to commit AES128 key to NVM: %d\n", ret); wh_Server_Cleanup(server); return ret; } @@ -678,21 +678,21 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) whServerImgMgrVerifyResult result; ret = wh_Server_ImgMgrVerifyImg(&imgMgr, &testImage, &result); if (ret != WH_ERROR_OK) { - printf("CMAC image verification failed: %d\n", ret); + WH_ERROR_PRINT("CMAC image verification failed: %d\n", ret); wh_Server_Cleanup(server); return ret; } /* Check verify method result */ if (result.verifyMethodResult != WH_ERROR_OK) { - printf("CMAC verify method failed: %d\n", result.verifyMethodResult); + WH_ERROR_PRINT("CMAC verify method failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); return result.verifyMethodResult; } /* Check verify action result */ if (result.verifyActionResult != WH_ERROR_OK) { - printf("CMAC verify action failed: %d\n", result.verifyActionResult); + WH_ERROR_PRINT("CMAC verify action failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); return result.verifyActionResult; } @@ -700,14 +700,14 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Test verify by index */ ret = wh_Server_ImgMgrVerifyImgIdx(&imgMgr, 0, &result); if (ret != WH_ERROR_OK) { - printf("CMAC image verification by index failed: %d\n", ret); + WH_ERROR_PRINT("CMAC image verification by index failed: %d\n", ret); wh_Server_Cleanup(server); return ret; } /* Check verify method result */ if (result.verifyMethodResult != WH_ERROR_OK) { - printf("CMAC verify method by index failed: %d\n", + WH_ERROR_PRINT("CMAC verify method by index failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); return result.verifyMethodResult; @@ -715,7 +715,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Check verify action result */ if (result.verifyActionResult != WH_ERROR_OK) { - printf("CMAC verify action by index failed: %d\n", + WH_ERROR_PRINT("CMAC verify action by index failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); return result.verifyActionResult; @@ -725,14 +725,14 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) whServerImgMgrVerifyResult results[1]; ret = wh_Server_ImgMgrVerifyAll(&imgMgr, results, 1, NULL); if (ret != WH_ERROR_OK) { - printf("CMAC verify all images failed: %d\n", ret); + WH_ERROR_PRINT("CMAC verify all images failed: %d\n", ret); wh_Server_Cleanup(server); return ret; } /* Check verify method result for all images */ if (results[0].verifyMethodResult != WH_ERROR_OK) { - printf("CMAC verify method for all images failed: %d\n", + WH_ERROR_PRINT("CMAC verify method for all images failed: %d\n", results[0].verifyMethodResult); wh_Server_Cleanup(server); return results[0].verifyMethodResult; @@ -740,7 +740,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Check verify action result for all images */ if (results[0].verifyActionResult != WH_ERROR_OK) { - printf("CMAC verify action for all images failed: %d\n", + WH_ERROR_PRINT("CMAC verify action for all images failed: %d\n", results[0].verifyActionResult); wh_Server_Cleanup(server); return results[0].verifyActionResult; @@ -753,7 +753,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) ret = wh_Nvm_Read(serverCfg->nvm, testAesCmacSigNvmId, 0, cmac_size, corruptedCmac); if (ret != WH_ERROR_OK) { - printf("Failed to read CMAC signature for negative test: %d\n", ret); + WH_ERROR_PRINT("Failed to read CMAC signature for negative test: %d\n", ret); wh_Server_Cleanup(server); return ret; } @@ -764,7 +764,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Write corrupted signature back to NVM */ ret = wh_Nvm_AddObject(serverCfg->nvm, &sigMeta, cmac_size, corruptedCmac); if (ret != WH_ERROR_OK) { - printf("Failed to write corrupted CMAC signature: %d\n", ret); + WH_ERROR_PRINT("Failed to write corrupted CMAC signature: %d\n", ret); wh_Server_Cleanup(server); return ret; } @@ -772,7 +772,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Test that the image does not verify with the corrupted signature */ ret = wh_Server_ImgMgrVerifyImg(&imgMgr, &testImage, &result); if (ret != WH_ERROR_OK) { - printf("ERROR: CMAC image verification with corrupted signature " + WH_ERROR_PRINT("ERROR: CMAC image verification with corrupted signature " "failed: %d\n", ret); wh_Server_Cleanup(server); @@ -781,7 +781,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Verify method result should not be OK */ if (result.verifyMethodResult == WH_ERROR_OK) { - printf("CMAC verify method with corrupted signature failed: %d\n", + WH_ERROR_PRINT("CMAC verify method with corrupted signature failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); return WH_ERROR_ABORTED; @@ -789,7 +789,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Verify action result should just be the verify method result */ if (result.verifyActionResult != result.verifyMethodResult) { - printf("CMAC verify action with corrupted signature failed: %d\n", + WH_ERROR_PRINT("CMAC verify action with corrupted signature failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); return WH_ERROR_ABORTED; @@ -798,7 +798,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Delete the signature object to leave NVM in clean state */ ret = wh_Nvm_DestroyObjects(serverCfg->nvm, 1, &testAesCmacSigNvmId); if (ret != WH_ERROR_OK) { - printf("Failed to delete CMAC signature object: %d\n", ret); + WH_ERROR_PRINT("Failed to delete CMAC signature object: %d\n", ret); wh_Server_Cleanup(server); return ret; } @@ -806,7 +806,7 @@ static int whTest_ServerImgMgrServerCfgAes128Cmac(whServerConfig* serverCfg) /* Cleanup */ wh_Server_Cleanup(server); - printf("IMG_MGR AES128 CMAC Test completed successfully!\n"); + WH_TEST_PRINT("IMG_MGR AES128 CMAC Test completed successfully!\n"); return 0; } #endif /* WOLFSSL_CMAC */ @@ -837,13 +837,13 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) ret = wc_InitRng(&rng); if (ret != 0) { - printf("Failed to initialize RNG: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize RNG: %d\n", ret); return ret; } ret = wc_InitRsaKey(&rsaKey, NULL); if (ret != 0) { - printf("Failed to initialize RSA key: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize RSA key: %d\n", ret); wc_FreeRng(&rng); return ret; } @@ -853,7 +853,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) ret = wc_RsaPrivateKeyDecode(testRsa2048PrivKey, &inOutIdx, &rsaKey, sizeof(testRsa2048PrivKey)); if (ret != 0) { - printf("Failed to decode RSA private key: %d\n", ret); + WH_ERROR_PRINT("Failed to decode RSA private key: %d\n", ret); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); return ret; @@ -862,7 +862,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Export public key in DER format so we can store it in NVM */ ret = wc_RsaKeyToPublicDer(&rsaKey, pubKeyDer, pubKeyDerLen); if (ret <= 0) { - printf("Failed to export public key to DER: %d\n", ret); + WH_ERROR_PRINT("Failed to export public key to DER: %d\n", ret); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); return ret; @@ -872,7 +872,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Hash the test data */ ret = wc_InitSha256(&sha); if (ret != 0) { - printf("Failed to initialize SHA256: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize SHA256: %d\n", ret); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); return ret; @@ -880,7 +880,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) ret = wc_Sha256Update(&sha, testData, sizeof(testData)); if (ret != 0) { - printf("Failed to update SHA256: %d\n", ret); + WH_ERROR_PRINT("Failed to update SHA256: %d\n", ret); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); @@ -889,7 +889,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) ret = wc_Sha256Final(&sha, hash); if (ret != 0) { - printf("Failed to finalize SHA256: %d\n", ret); + WH_ERROR_PRINT("Failed to finalize SHA256: %d\n", ret); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); @@ -899,7 +899,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Sign the hash using RSA SSL */ ret = wc_RsaSSL_Sign(hash, sizeof(hash), signature, sigLen, &rsaKey, &rng); if (ret <= 0) { - printf("Failed to sign hash: %d\n", ret); + WH_ERROR_PRINT("Failed to sign hash: %d\n", ret); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); @@ -912,7 +912,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) word32 decryptedLen = sizeof(decrypted); ret = wc_RsaSSL_Verify(signature, sigLen, decrypted, decryptedLen, &rsaKey); if (ret <= 0) { - printf("Direct signature verification failed: %d\n", ret); + WH_ERROR_PRINT("Direct signature verification failed: %d\n", ret); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); @@ -922,7 +922,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) if (decryptedLen != sizeof(hash) || XMEMCMP(decrypted, hash, sizeof(hash)) != 0) { - printf("Direct signature verification failed: hash mismatch\n"); + WH_ERROR_PRINT("Direct signature verification failed: hash mismatch\n"); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); @@ -938,7 +938,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) ret = wh_Nvm_AddObject(serverCfg->nvm, &sigMeta, sigLen, signature); if (ret != WH_ERROR_OK) { - printf("Failed to add RSA signature to NVM: %d\n", ret); + WH_ERROR_PRINT("Failed to add RSA signature to NVM: %d\n", ret); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); @@ -960,7 +960,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Initialize server */ ret = wh_Server_Init(server, serverCfg); if (ret != WH_ERROR_OK) { - printf("Failed to initialize server: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize server: %d\n", ret); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); @@ -970,7 +970,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Initialize the image manager to work with the server */ ret = wh_Server_ImgMgrInit(&imgMgr, &imgMgrConfig); if (ret != WH_ERROR_OK) { - printf("Failed to initialize image manager: %d\n", ret); + WH_ERROR_PRINT("Failed to initialize image manager: %d\n", ret); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); @@ -988,7 +988,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) ret = wh_Server_KeystoreCacheKey(server, &keyMeta, pubKeyDer); if (ret != WH_ERROR_OK) { - printf("Failed to cache RSA key in keystore: %d\n", ret); + WH_ERROR_PRINT("Failed to cache RSA key in keystore: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -999,7 +999,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Commit the key to NVM */ ret = wh_Server_KeystoreCommitKey(server, testRsaKeyId); if (ret != WH_ERROR_OK) { - printf("Failed to commit RSA key to NVM: %d\n", ret); + WH_ERROR_PRINT("Failed to commit RSA key to NVM: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1011,7 +1011,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) whServerImgMgrVerifyResult result; ret = wh_Server_ImgMgrVerifyImg(&imgMgr, &testImage, &result); if (ret != WH_ERROR_OK) { - printf("RSA image verification failed: %d\n", ret); + WH_ERROR_PRINT("RSA image verification failed: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1021,7 +1021,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Check verify method result */ if (result.verifyMethodResult != WH_ERROR_OK) { - printf("RSA verify method failed: %d\n", result.verifyMethodResult); + WH_ERROR_PRINT("RSA verify method failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1031,7 +1031,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Check verify action result */ if (result.verifyActionResult != WH_ERROR_OK) { - printf("RSA verify action failed: %d\n", result.verifyActionResult); + WH_ERROR_PRINT("RSA verify action failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1042,7 +1042,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Test verify by index */ ret = wh_Server_ImgMgrVerifyImgIdx(&imgMgr, 0, &result); if (ret != WH_ERROR_OK) { - printf("RSA image verification by index failed: %d\n", ret); + WH_ERROR_PRINT("RSA image verification by index failed: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1052,7 +1052,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Check verify method result */ if (result.verifyMethodResult != WH_ERROR_OK) { - printf("RSA verify method by index failed: %d\n", + WH_ERROR_PRINT("RSA verify method by index failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -1063,7 +1063,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Check verify action result */ if (result.verifyActionResult != WH_ERROR_OK) { - printf("RSA verify action by index failed: %d\n", + WH_ERROR_PRINT("RSA verify action by index failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -1076,7 +1076,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) whServerImgMgrVerifyResult results[1]; ret = wh_Server_ImgMgrVerifyAll(&imgMgr, results, 1, NULL); if (ret != WH_ERROR_OK) { - printf("RSA verify all images failed: %d\n", ret); + WH_ERROR_PRINT("RSA verify all images failed: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1086,7 +1086,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Check verify method result for all images */ if (results[0].verifyMethodResult != WH_ERROR_OK) { - printf("RSA verify method for all images failed: %d\n", + WH_ERROR_PRINT("RSA verify method for all images failed: %d\n", results[0].verifyMethodResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -1097,7 +1097,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Check verify action result for all images */ if (results[0].verifyActionResult != WH_ERROR_OK) { - printf("RSA verify action for all images failed: %d\n", + WH_ERROR_PRINT("RSA verify action for all images failed: %d\n", results[0].verifyActionResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -1113,7 +1113,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) ret = wh_Nvm_Read(serverCfg->nvm, testRsaSigNvmId, 0, sigLen, corruptedRsaSig); if (ret != WH_ERROR_OK) { - printf("Failed to read RSA signature for negative test: %d\n", ret); + WH_ERROR_PRINT("Failed to read RSA signature for negative test: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1127,7 +1127,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Write corrupted signature back to NVM */ ret = wh_Nvm_AddObject(serverCfg->nvm, &sigMeta, sigLen, corruptedRsaSig); if (ret != WH_ERROR_OK) { - printf("Failed to write corrupted RSA signature: %d\n", ret); + WH_ERROR_PRINT("Failed to write corrupted RSA signature: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1138,7 +1138,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Test that the image does not verify with the corrupted signature */ ret = wh_Server_ImgMgrVerifyImg(&imgMgr, &testImage, &result); if (ret != WH_ERROR_OK) { - printf("ERROR: RSA image verification with corrupted signature failed: " + WH_ERROR_PRINT("ERROR: RSA image verification with corrupted signature failed: " "%d\n", ret); wh_Server_Cleanup(server); @@ -1150,7 +1150,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Verify method result should not be OK */ if (result.verifyMethodResult == WH_ERROR_OK) { - printf("RSA verify method with corrupted signature failed: %d\n", + WH_ERROR_PRINT("RSA verify method with corrupted signature failed: %d\n", result.verifyMethodResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -1161,7 +1161,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Verify action result should just be the verify method result */ if (result.verifyActionResult != result.verifyMethodResult) { - printf("RSA verify action with corrupted signature failed: %d\n", + WH_ERROR_PRINT("RSA verify action with corrupted signature failed: %d\n", result.verifyActionResult); wh_Server_Cleanup(server); wc_Sha256Free(&sha); @@ -1173,7 +1173,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) /* Delete the signature object to leave NVM in clean state */ ret = wh_Nvm_DestroyObjects(serverCfg->nvm, 1, &testRsaSigNvmId); if (ret != WH_ERROR_OK) { - printf("Failed to delete RSA signature object: %d\n", ret); + WH_ERROR_PRINT("Failed to delete RSA signature object: %d\n", ret); wh_Server_Cleanup(server); wc_Sha256Free(&sha); wc_FreeRsaKey(&rsaKey); @@ -1187,7 +1187,7 @@ static int whTest_ServerImgMgrServerCfgRsa2048(whServerConfig* serverCfg) wc_FreeRsaKey(&rsaKey); wc_FreeRng(&rng); - printf("IMG_MGR RSA2048 Test completed successfully!\n"); + WH_TEST_PRINT("IMG_MGR RSA2048 Test completed successfully!\n"); return 0; } #endif /* !NO_RSA */ @@ -1249,7 +1249,7 @@ int whTest_ServerImgMgr(whTestNvmBackendType nvmType) /* Initialize NVM */ rc = wh_Nvm_Init(nvm, n_conf); if (rc != 0) { - printf("Failed to initialize NVM: %d\n", rc); + WH_ERROR_PRINT("Failed to initialize NVM: %d\n", rc); return rc; } @@ -1259,7 +1259,7 @@ int whTest_ServerImgMgr(whTestNvmBackendType nvmType) /* ECC P256 verify method */ rc = whTest_ServerImgMgrServerCfgEcc256(s_conf); if (rc != 0) { - printf("ECC P256 image manager server config tests failed: %d\n", rc); + WH_ERROR_PRINT("ECC P256 image manager server config tests failed: %d\n", rc); wh_Nvm_Cleanup(nvm); return rc; } @@ -1269,7 +1269,7 @@ int whTest_ServerImgMgr(whTestNvmBackendType nvmType) /* AES128 CMAC verify method */ rc = whTest_ServerImgMgrServerCfgAes128Cmac(s_conf); if (rc != 0) { - printf("AES128 CMAC image manager server config tests failed: %d\n", + WH_ERROR_PRINT("AES128 CMAC image manager server config tests failed: %d\n", rc); wh_Nvm_Cleanup(nvm); return rc; @@ -1280,7 +1280,7 @@ int whTest_ServerImgMgr(whTestNvmBackendType nvmType) /* RSA2048 verify method */ rc = whTest_ServerImgMgrServerCfgRsa2048(s_conf); if (rc != 0) { - printf("RSA2048 image manager server config tests failed: %d\n", rc); + WH_ERROR_PRINT("RSA2048 image manager server config tests failed: %d\n", rc); wh_Nvm_Cleanup(nvm); return rc; } diff --git a/test/wh_test_she.c b/test/wh_test_she.c index 64e3cc6a..afd61e4c 100644 --- a/test/wh_test_she.c +++ b/test/wh_test_she.c @@ -177,7 +177,7 @@ int whTest_SheClientConfig(whClientConfig* config) &avail_objects, &reclaim_size, &reclaim_objects)); - printf("PRE-SHE TEST: NvmGetAvailable:%d, server_rc:%d avail_size:%d " + WH_TEST_DEBUG_PRINT("PRE-SHE TEST: NvmGetAvailable:%d, server_rc:%d avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -254,7 +254,7 @@ int whTest_SheClientConfig(whClientConfig* config) WH_ERROR_PRINT("Failed to secureBoot with SHE CMAC\n"); goto exit; } - printf("SHE secure boot SUCCESS\n"); + WH_TEST_PRINT("SHE secure boot SUCCESS\n"); /* load the secret key using pre program */ if ((ret = wh_Client_ShePreProgramKey(client, WH_SHE_SECRET_KEY_ID, 0, secretKey, sizeof(secretKey))) != 0) { WH_ERROR_PRINT("Failed to wh_Client_ShePreProgramKey %d\n", ret); @@ -287,7 +287,7 @@ int whTest_SheClientConfig(whClientConfig* config) WH_ERROR_PRINT("Failed to generate a loadable key to match the vector\n"); goto exit; } - printf("SHE wh_SheGenerateLoadableKey SUCCESS\n"); + WH_TEST_PRINT("SHE wh_SheGenerateLoadableKey SUCCESS\n"); /* test CMD_LOAD_KEY with test vector */ if ((ret = wh_Client_SheLoadKey(client, vectorMessageOne, vectorMessageTwo, vectorMessageThree, outMessageFour, outMessageFive)) != 0) { WH_ERROR_PRINT("Failed to wh_Client_SheLoadKey %d\n", ret); @@ -299,7 +299,7 @@ int whTest_SheClientConfig(whClientConfig* config) WH_ERROR_PRINT("wh_Client_SheLoadKey FAILED TO MATCH\n"); goto exit; } - printf("SHE LOAD KEY SUCCESS\n"); + WH_TEST_PRINT("SHE LOAD KEY SUCCESS\n"); if ((ret = wh_Client_SheInitRnd(client)) != 0) { WH_ERROR_PRINT("Failed to wh_Client_SheInitRnd %d\n", ret); goto exit; @@ -312,7 +312,7 @@ int whTest_SheClientConfig(whClientConfig* config) WH_ERROR_PRINT("Failed to wh_Client_SheExtendSeed %d\n", ret); goto exit; } - printf("SHE RND SUCCESS\n"); + WH_TEST_PRINT("SHE RND SUCCESS\n"); if ((ret = wh_Client_SheLoadPlainKey(client, key, sizeof(key))) != 0) { WH_ERROR_PRINT("Failed to wh_Client_SheLoadPlainKey %d\n", ret); goto exit; @@ -337,7 +337,7 @@ int whTest_SheClientConfig(whClientConfig* config) WH_ERROR_PRINT("SHE ECB FAILED TO MATCH\n"); goto exit; } - printf("SHE ECB SUCCESS\n"); + WH_TEST_PRINT("SHE ECB SUCCESS\n"); if ((ret = wh_Client_SheEncCbc(client, WH_SHE_RAM_KEY_ID, iv, sizeof(iv), plainText, cipherText, sizeof(plainText))) != 0) { WH_ERROR_PRINT("Failed to wh_Client_SheEncCbc %d\n", ret); goto exit; @@ -350,7 +350,7 @@ int whTest_SheClientConfig(whClientConfig* config) WH_ERROR_PRINT("SHE CBC FAILED TO MATCH\n"); goto exit; } - printf("SHE CBC SUCCESS\n"); + WH_TEST_PRINT("SHE CBC SUCCESS\n"); if ((ret = wh_Client_SheGenerateMac(client, WH_SHE_RAM_KEY_ID, plainText, sizeof(plainText), cipherText, sizeof(cipherText))) != 0) { WH_ERROR_PRINT("Failed to wh_Client_SheGenerateMac %d\n", ret); goto exit; @@ -389,7 +389,7 @@ int whTest_SheClientConfig(whClientConfig* config) WH_ERROR_PRINT("Failed to _destroySheKey, ret=%d\n", ret); goto exit; } - printf("SHE CMAC SUCCESS\n"); + WH_TEST_PRINT("SHE CMAC SUCCESS\n"); #ifdef WOLFHSM_CFG_TEST_VERBOSE { @@ -404,7 +404,7 @@ int whTest_SheClientConfig(whClientConfig* config) &avail_objects, &reclaim_size, &reclaim_objects)); - printf("POST-SHE TEST: NvmGetAvailable:%d, server_rc:%d avail_size:%d " + WH_TEST_DEBUG_PRINT("POST-SHE TEST: NvmGetAvailable:%d, server_rc:%d avail_size:%d " "avail_objects:%d, reclaim_size:%d reclaim_objects:%d\n", ret, (int)server_rc, (int)avail_size, (int)avail_objects, (int)reclaim_size, (int)reclaim_objects); @@ -602,7 +602,7 @@ static int wh_ClientServer_MemThreadTest(void) defined(WOLFHSM_CFG_ENABLE_SERVER) int whTest_She(void) { - printf("Testing SHE: (pthread) mem...\n"); + WH_TEST_PRINT("Testing SHE: (pthread) mem...\n"); WH_TEST_RETURN_ON_FAIL(wh_ClientServer_MemThreadTest()); return 0; } diff --git a/test/wh_test_wolfcrypt_test.c b/test/wh_test_wolfcrypt_test.c index 50494a9d..fbe74d58 100644 --- a/test/wh_test_wolfcrypt_test.c +++ b/test/wh_test_wolfcrypt_test.c @@ -279,7 +279,7 @@ static int wh_ClientServer_MemThreadTest(void) defined(WOLFHSM_CFG_ENABLE_SERVER) int whTest_WolfCryptTest(void) { - printf("Testing wolfCrypt tests: (pthread) mem...\n"); + WH_TEST_PRINT("Testing wolfCrypt tests: (pthread) mem...\n"); WH_TEST_RETURN_ON_FAIL(wh_ClientServer_MemThreadTest()); return 0; } diff --git a/tools/Makefile b/tools/Makefile index 8e2fcf69..aeded84d 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -4,11 +4,11 @@ all: whnvmtool testcertgen: - make -C testcertgen + make -C testcertgen $(if $(DEBUG),DEBUG=$(DEBUG)) $(if $(DEBUG_VERBOSE),DEBUG_VERBOSE=$(DEBUG_VERBOSE)) whnvmtool: - make -C whnvmtool + make -C whnvmtool $(if $(DEBUG),DEBUG=$(DEBUG)) $(if $(DEBUG_VERBOSE),DEBUG_VERBOSE=$(DEBUG_VERBOSE)) clean: - make -C testcertgen clean - make -C whnvmtool clean + make -C testcertgen clean $(if $(DEBUG),DEBUG=$(DEBUG)) $(if $(DEBUG_VERBOSE),DEBUG_VERBOSE=$(DEBUG_VERBOSE)) + make -C whnvmtool clean $(if $(DEBUG),DEBUG=$(DEBUG)) $(if $(DEBUG_VERBOSE),DEBUG_VERBOSE=$(DEBUG_VERBOSE)) diff --git a/tools/whnvmtool/Makefile b/tools/whnvmtool/Makefile index d83010cd..b82faed1 100644 --- a/tools/whnvmtool/Makefile +++ b/tools/whnvmtool/Makefile @@ -66,11 +66,17 @@ OUT = $(TARGET) # Output executable name # DEBUG flag ifeq ($(DEBUG), 1) - CFLAGS += -g -O0 -DDEBUG -ggdb3 + CFLAGS += -g -O0 -DDEBUG -ggdb3 -DWOLFHSM_CFG_DEBUG else CFLAGS += -O2 endif +# Check if DEBUG_VERBOSE is set to 1 and enable verbose WOLFHSM debug output +# Note: DEBUG_VERBOSE implies DEBUG +ifeq ($(DEBUG_VERBOSE),1) + CFLAGS += -g -O0 -DDEBUG -ggdb3 -DWOLFHSM_CFG_DEBUG -DWOLFHSM_CFG_DEBUG_VERBOSE +endif + ifeq ($(ASAN), 1) CFLAGS_EXTRA += -fsanitize=address endif diff --git a/tools/whnvmtool/test/Makefile b/tools/whnvmtool/test/Makefile index bd1285a7..3a4d45bf 100644 --- a/tools/whnvmtool/test/Makefile +++ b/tools/whnvmtool/test/Makefile @@ -51,11 +51,17 @@ OUT = $(TARGET) # Output executable name # DEBUG flag ifeq ($(DEBUG), 1) - CFLAGS += -g -O0 -DDEBUG -ggdb3 + CFLAGS += -g -O0 -DDEBUG -ggdb3 -DWOLFHSM_CFG_DEBUG else CFLAGS += -O2 endif +# Check if DEBUG_VERBOSE is set to 1 and enable verbose WOLFHSM debug output +# Note: DEBUG_VERBOSE implies DEBUG +ifeq ($(DEBUG_VERBOSE),1) + CFLAGS += -g -O0 -DDEBUG -ggdb3 -DWOLFHSM_CFG_DEBUG -DWOLFHSM_CFG_DEBUG_VERBOSE +endif + # Targets all: $(OUT) diff --git a/tools/whnvmtool/test/test_whnvmtool.c b/tools/whnvmtool/test/test_whnvmtool.c index da550884..264f8038 100644 --- a/tools/whnvmtool/test/test_whnvmtool.c +++ b/tools/whnvmtool/test/test_whnvmtool.c @@ -258,7 +258,7 @@ static int checkNvmDataValid(whNvmId id, const uint8_t* nvmData, fprintf(stderr, "\n"); } else { - printf("Data verification successful for ID %u\n", id); + WOLFHSM_CFG_PRINTF("Data verification successful for ID %u\n", id); } free(fileData); @@ -284,7 +284,7 @@ int _checkNvm(whServerContext* server) return rc; } - printf("NVM List: Count=%u\n", count); + WOLFHSM_CFG_PRINTF("NVM List: Count=%u\n", count); if (count > 0) { whNvmMetadata meta; @@ -296,11 +296,11 @@ int _checkNvm(whServerContext* server) return rc; } - printf("Object ID: %u\n", meta.id); - printf("Access: 0x%04x\n", meta.access); - printf("Flags: 0x%04x\n", meta.flags); - printf("Length: %u\n", meta.len); - printf("Label: %s\n", meta.label); + WOLFHSM_CFG_PRINTF("Object ID: %u\n", meta.id); + WOLFHSM_CFG_PRINTF("Access: 0x%04x\n", meta.access); + WOLFHSM_CFG_PRINTF("Flags: 0x%04x\n", meta.flags); + WOLFHSM_CFG_PRINTF("Length: %u\n", meta.len); + WOLFHSM_CFG_PRINTF("Label: %s\n", meta.label); uint8_t* data = malloc(meta.len); if (data == NULL) { @@ -346,7 +346,7 @@ int _initAndCheckNvmFlashCfg(whNvmFlashConfig* nvmFlashCfg) /* If this is the RamSim configuration, set the initData config field to the * contents of the NVM image */ if (nvmFlashCfg->cb == gFlashRamsimCb) { - printf("Initializing RamSim NVM Flash\n"); + WOLFHSM_CFG_PRINTF("Initializing RamSim NVM Flash\n"); FILE* file = fopen(FLASH_IMAGE_FILENAME, "rb"); if (file == NULL) { @@ -438,7 +438,7 @@ int main(void) } for (size_t i = 0; i < NVM_FLASH_CONFIGS_TO_TEST_COUNT; i++) { - printf("Testing NVM Flash config %zu\n", i); + WOLFHSM_CFG_PRINTF("Testing NVM Flash config %zu\n", i); rc = _initAndCheckNvmFlashCfg( (whNvmFlashConfig*)&gNvmFlashConfigsToTest[i]); if (rc != WH_ERROR_OK) { diff --git a/tools/whnvmtool/user_settings.h b/tools/whnvmtool/user_settings.h index 7e1becf9..89de4d27 100644 --- a/tools/whnvmtool/user_settings.h +++ b/tools/whnvmtool/user_settings.h @@ -35,8 +35,8 @@ extern "C" { /* #define WC_NO_ASYNC_THREADING */ /* -#define DEBUG_CRYPTOCB -#define DEBUG_CRYPTOCB_VERBOSE +#define WOLFHSM_CFG_DEBUG +#define WOLFHSM_CFG_DEBUG_VERBOSE */ /** wolfHSM required settings for wolfCrypt */ diff --git a/tools/whnvmtool/whnvmtool.c b/tools/whnvmtool/whnvmtool.c index 319b69ec..ec8012db 100644 --- a/tools/whnvmtool/whnvmtool.c +++ b/tools/whnvmtool/whnvmtool.c @@ -169,7 +169,7 @@ static void processEntry(Entry* entry, int isKey, whNvmContext* nvmContext) if (isKey) { /* Keys have special ID format */ meta.id = WH_MAKE_KEYID(WH_KEYTYPE_CRYPTO, entry->clientId, entry->id); - printf("Processing Key Entry - ClientID: 0x%X, KeyID: 0x%X, Meta ID: " + WOLFHSM_CFG_PRINTF("Processing Key Entry - ClientID: 0x%X, KeyID: 0x%X, Meta ID: " "0x%X, " "Access: 0x%X, Flags: 0x%X, Label: %s, File: %s, Size: %ld\n", entry->clientId, entry->id, meta.id, entry->access, entry->flags, @@ -177,7 +177,7 @@ static void processEntry(Entry* entry, int isKey, whNvmContext* nvmContext) } else { meta.id = entry->id; - printf("Processing Object Entry - ID: 0x%X, Access: 0x%X, Flags: 0x%X, " + WOLFHSM_CFG_PRINTF("Processing Object Entry - ID: 0x%X, Access: 0x%X, Flags: 0x%X, " "Label: %s, File: %s, Size: %ld\n", entry->id, entry->access, entry->flags, entry->label, entry->filePath, fileSize); diff --git a/wolfhsm/wh_client.h b/wolfhsm/wh_client.h index 80885f02..27e5fc49 100644 --- a/wolfhsm/wh_client.h +++ b/wolfhsm/wh_client.h @@ -2475,6 +2475,21 @@ int wh_Client_CertVerifyAcertDmaRequest(whClientContext* c, const void* cert, int wh_Client_CertVerifyAcertDmaResponse(whClientContext* c, int32_t* out_rc); #if defined(WOLFHSM_CFG_DMA) +/** + * @brief Registers a DMA address allowlist for client-side validation + * + * This function allows the client to register an allowlist of valid DMA + * addresses. The allowlist will be checked during DMA operations to ensure + * addresses are within allowed ranges. + * + * @param[in] client Pointer to the client context. + * @param[in] allowlist Pointer to the DMA address allowlist structure. + * @return int Returns WH_ERROR_OK on success, or WH_ERROR_BADARGS if the + * arguments are invalid. + */ +int wh_Client_DmaRegisterAllowList(struct whClientContext_t* client, + const whDmaAddrAllowList* allowlist); + /** * @brief Registers a custom client DMA callback * diff --git a/wolfhsm/wh_server_cert.h b/wolfhsm/wh_server_cert.h index cef1b33f..6323d609 100644 --- a/wolfhsm/wh_server_cert.h +++ b/wolfhsm/wh_server_cert.h @@ -92,6 +92,24 @@ int wh_Server_CertVerify(whServerContext* server, const uint8_t* cert, uint32_t cert_len, whNvmId trustedRootNvmId, whCertFlags flags, whKeyId* inout_keyId); +#if defined(WOLFHSM_CFG_CERTIFICATE_MANAGER_ACERT) +/** + * @brief Verifies an attribute certificate against a trusted root certificate + * + * This function retrieves a trusted root certificate from NVM using the + * specified NVM ID and verifies the provided attribute certificate against it. + * + * @param[in] server Pointer to the server context + * @param[in] cert Pointer to the attribute certificate data to verify + * @param[in] cert_len Length of the certificate data in bytes + * @param[in] trustedRootNvmId NVM ID of the trusted root certificate to verify + * against + * @return int Returns 0 on success, or a negative error code on failure. + */ +int wh_Server_CertVerifyAcert(whServerContext* server, const uint8_t* cert, + uint32_t cert_len, whNvmId trustedRootNvmId); +#endif + /** * @brief Handle a certificate request and generate a response * @param server The server context diff --git a/wolfhsm/wh_settings.h b/wolfhsm/wh_settings.h index d7441615..98144477 100644 --- a/wolfhsm/wh_settings.h +++ b/wolfhsm/wh_settings.h @@ -96,6 +96,18 @@ * all cancellation code is compiled out. * Default: Not defined * + * WOLFHSM_CFG_DEBUG - If defined, enable basic debug output from wolfHSM + * Default: Not defined + * + * WOLFHSM_CFG_DEBUG_VERBOSE - If defined, enable verbose debug output + * Default: Not defined + * + * WOLFHSM_CFG_PRINTF - Function or macro for printf redirection. Must have + * signature: int func(const char* fmt, ...) + * Default: stdlib printf + * Example custom definition: + * #define WOLFHSM_CFG_PRINTF my_custom_printf + * * Overridable porting functions: * * XMEMFENCE() - Create a sequential memory consistency sync point. Note this @@ -136,9 +148,9 @@ #include "user_settings.h" #endif /* WOLFSSL_USER_SETTINGS */ -#if defined(DEBUG_CRYPTOCB) || defined(DEBUG_CRYPTOCB_VERBOSE) +#if defined(WOLFHSM_CFG_DEBUG) || defined(WOLFHSM_CFG_DEBUG_VERBOSE) #define WOLFHSM_CFG_HEXDUMP -#endif /* DEBUG_CRYPTOCB || DEBUG_CRYPTOCB_VERBOSE */ +#endif #endif /* !WOLFHSM_CFG_NO_CRYPTO */ /** Default shares configurations */ @@ -218,6 +230,106 @@ #endif #endif +/*----------------------------------------------------------------------------- + * Debug and Print Configuration + *---------------------------------------------------------------------------*/ + +/* User can define WOLFHSM_CFG_PRINTF to override the default printf function. + * This should be a function-like macro or function pointer that matches: + * int func(const char* format, ...) + */ +#ifndef WOLFHSM_CFG_PRINTF + #include + #define WOLFHSM_CFG_PRINTF printf +#endif + +/* Debug levels can be enabled by defining WOLFHSM_CFG_DEBUG and/or + * WOLFHSM_CFG_DEBUG_VERBOSE in wolfhsm_cfg.h or via compiler flags. + * + * WOLFHSM_CFG_DEBUG - Enable basic debug output + * WOLFHSM_CFG_DEBUG_VERBOSE - Enable verbose debug output (includes basic) + */ + +/* Internal print macro - do not use directly + * This is the base macro that all other debug macros build on top of */ +#ifdef WOLFHSM_CFG_DEBUG + #if !defined(__CCRH__) + #define WH_DEBUG_PRINT(fmt, ...) \ + WOLFHSM_CFG_PRINTF(fmt, ##__VA_ARGS__) + #else + /* CCRH workaround for ##__VA_ARGS__ */ + #define WH_DEBUG_PRINT(...) WH_DEBUG_PRINT2(__VA_ARGS__, "") + #define WH_DEBUG_PRINT2(fmt, ...) \ + WOLFHSM_CFG_PRINTF(fmt, ##__VA_ARGS__) + #endif +#else + #define WH_DEBUG_PRINT(...) do { } while (0) +#endif + +/* Client-side debug print with [client] prefix */ +#ifdef WOLFHSM_CFG_DEBUG + #if !defined(__CCRH__) + #define WH_DEBUG_CLIENT(fmt, ...) \ + WH_DEBUG_PRINT("[client] " fmt, ##__VA_ARGS__) + #else + #define WH_DEBUG_CLIENT(...) WH_DEBUG_CLIENT2(__VA_ARGS__, "") + #define WH_DEBUG_CLIENT2(fmt, ...) \ + WH_DEBUG_PRINT("[client] " fmt, ##__VA_ARGS__) + #endif +#else + #define WH_DEBUG_CLIENT(...) do { } while (0) +#endif + +/* Server-side debug print with [server] prefix */ +#ifdef WOLFHSM_CFG_DEBUG + #if !defined(__CCRH__) + #define WH_DEBUG_SERVER(fmt, ...) \ + WH_DEBUG_PRINT("[server] " fmt, ##__VA_ARGS__) + #else + #define WH_DEBUG_SERVER(...) WH_DEBUG_SERVER2(__VA_ARGS__, "") + #define WH_DEBUG_SERVER2(fmt, ...) \ + WH_DEBUG_PRINT("[server] " fmt, ##__VA_ARGS__) + #endif +#else + #define WH_DEBUG_SERVER(...) do { } while (0) +#endif + +/* Verbose client-side debug print with function and line context */ +#ifdef WOLFHSM_CFG_DEBUG_VERBOSE + #if !defined(__CCRH__) + #define WH_DEBUG_CLIENT_VERBOSE(fmt, ...) \ + WH_DEBUG_PRINT("[client:%s:%d] " fmt, __func__, __LINE__, ##__VA_ARGS__) + #else + #define WH_DEBUG_CLIENT_VERBOSE(...) WH_DEBUG_CLIENT_VERBOSE2(__VA_ARGS__, "") + #define WH_DEBUG_CLIENT_VERBOSE2(fmt, ...) \ + WH_DEBUG_PRINT("[client:%s:%d] " fmt, __func__, __LINE__, ##__VA_ARGS__) + #endif +#else + #define WH_DEBUG_CLIENT_VERBOSE(...) do { } while (0) +#endif + +/* Verbose server-side debug print with function and line context */ +#ifdef WOLFHSM_CFG_DEBUG_VERBOSE + #if !defined(__CCRH__) + #define WH_DEBUG_SERVER_VERBOSE(fmt, ...) \ + WH_DEBUG_PRINT("[server:%s:%d] " fmt, __func__, __LINE__, ##__VA_ARGS__) + #else + #define WH_DEBUG_SERVER_VERBOSE(...) WH_DEBUG_SERVER_VERBOSE2(__VA_ARGS__, "") + #define WH_DEBUG_SERVER_VERBOSE2(fmt, ...) \ + WH_DEBUG_PRINT("[server:%s:%d] " fmt, __func__, __LINE__, ##__VA_ARGS__) + #endif +#else + #define WH_DEBUG_SERVER_VERBOSE(...) do { } while (0) +#endif + +/* Hexdump helper macro - only active in verbose mode */ +#if defined(WOLFHSM_CFG_DEBUG_VERBOSE) && defined(WOLFHSM_CFG_HEXDUMP) + #define WH_DEBUG_VERBOSE_HEXDUMP(msg, data, len) \ + wh_Utils_Hexdump(msg, data, len) +#else + #define WH_DEBUG_VERBOSE_HEXDUMP(msg, data, len) do { } while (0) +#endif + /** Configuration checks */ #ifndef WOLFHSM_CFG_NO_CRYPTO /* Crypto Cb is mandatory */