Skip to content

Commit b116928

Browse files
douzzerdouzzer
authored
Merge pull request #531 from philljj/bsdkm_example
bsdkm: kernel example.
2 parents d2217b5 + ff0fc6c commit b116928

File tree

4 files changed

+265
-0
lines changed

4 files changed

+265
-0
lines changed

.gitignore

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -390,3 +390,11 @@ tpm/evp_tpm
390390
\.cproject
391391
\.project
392392
\.autotools
393+
394+
# FreeBSD kernel module example
395+
kernel/bsdkm/export_syms
396+
kernel/bsdkm/i386
397+
kernel/bsdkm/bsd_example.ko
398+
kernel/bsdkm/machine
399+
kernel/bsdkm/opt_global.h
400+
kernel/bsdkm/x86

kernel/bsdkm/Makefile

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# example module name and sources
2+
KMOD=bsd_example
3+
SRCS=bsd_example.c
4+
5+
# path to wolfssl dir
6+
WOLFSSL_DIR=../../../wolfssl/
7+
8+
# suppress wolfcrypt/src/misc.c drops const qualifier
9+
CFLAGS+= -Wno-cast-qual
10+
CFLAGS+= -Wno-error=cast-qual
11+
CFLAGS+= -I/usr/include
12+
CFLAGS+=-I${WOLFSSL_DIR} -DWOLFSSL_USE_OPTIONS_H -DWOLFSSL_CUSTOM_CONFIG
13+
14+
# point to live kernel kmod dot mk
15+
.include "/usr/src/sys/conf/kmod.mk"

kernel/bsdkm/README.md

Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
# FreeBSD wolfcrypt kernel module example
2+
3+
## About
4+
5+
Tested on FreeBSD 14.2:
6+
```sh
7+
uname -rsm
8+
FreeBSD 14.2-RELEASE amd64
9+
```
10+
11+
## Build libwolfssl.ko
12+
13+
```sh
14+
cd ~/
15+
git clone https://github.com/wolfSSL/wolfssl.git
16+
cd ~/wolfssl
17+
./autogen.sh
18+
./configure --enable-freebsdkm --enable-cryptonly --enable-crypttests --enable-all-crypto && make
19+
file bsdkm/libwolfssl.ko
20+
```
21+
22+
Load the kernel module:
23+
```sh
24+
sudo kldload bsdkm/libwolfssl.ko
25+
```
26+
27+
In dmesg output you should see something like:
28+
```sh
29+
dmesg | tail -n10
30+
PKCS7enveloped test passed!
31+
PKCS7authenveloped test passed!
32+
mp test passed!
33+
prime test passed!
34+
logging test passed!
35+
mutex test passed!
36+
crypto callback test passed!
37+
Test complete
38+
wolfCrypt self-test passed.
39+
info: wolfkmod init good
40+
```
41+
42+
and kldstat:
43+
```sh
44+
kldstat
45+
Id Refs Address Size Name
46+
1 20 0xffffffff80200000 1f3c6c0 kernel
47+
2 1 0xffffffff82818000 3220 intpm.ko
48+
3 1 0xffffffff8281c000 2178 smbus.ko
49+
4 1 0xffffffff8281f000 430c virtio_console.ko
50+
5 1 0xffffffff82824000 3360 uhid.ko
51+
6 1 0xffffffff82828000 3360 wmt.ko
52+
17 1 0xffffffff8282c000 154520 libwolfssl.ko
53+
```
54+
55+
wolfssl will also appear in vmstat entries:
56+
```sh
57+
vmstat -m | grep wolf
58+
wolfssl 0 0 1275500 16,32,64,128,256,384,512,1024,2048,4096,8192,16384
59+
```
60+
61+
## Build this example
62+
63+
From this example dir:
64+
```sh
65+
make && file bsd_example.ko
66+
```
67+
68+
Load it:
69+
```sh
70+
sudo kldload ./bsd_example.ko
71+
```
72+
73+
dmesg should show:
74+
```sh
75+
dmesg | tail -n5
76+
Test complete
77+
wolfCrypt self-test passed.
78+
info: wolfkmod init good
79+
info: bsdkm_example: running wc_aes_test()
80+
info: bsdkm_example: wc_aes_test good
81+
```
82+
83+
and kldstat:
84+
```sh
85+
kldstat
86+
Id Refs Address Size Name
87+
1 22 0xffffffff80200000 1f3c6c0 kernel
88+
2 1 0xffffffff82818000 3220 intpm.ko
89+
3 1 0xffffffff8281c000 2178 smbus.ko
90+
4 1 0xffffffff8281f000 430c virtio_console.ko
91+
5 1 0xffffffff82824000 3360 uhid.ko
92+
6 1 0xffffffff82828000 3360 wmt.ko
93+
17 2 0xffffffff8282c000 154520 libwolfssl.ko
94+
18 1 0xffffffff82981000 2188 bsd_example.ko
95+
```
96+
97+
Notice `libwolfssl.ko` reference count has incremented.
98+
99+
Unload in the opposite order as loading:
100+
```sh
101+
sudo kldunload bsd_example.ko
102+
sudo kldunload libwolfssl.ko
103+
kldstat
104+
Id Refs Address Size Name
105+
1 18 0xffffffff80200000 1f3c6c0 kernel
106+
2 1 0xffffffff82818000 3220 intpm.ko
107+
3 1 0xffffffff8281c000 2178 smbus.ko
108+
4 1 0xffffffff8281f000 430c virtio_console.ko
109+
5 1 0xffffffff82824000 3360 uhid.ko
110+
6 1 0xffffffff82828000 3360 wmt.ko
111+
```
112+
wolfssl should now have disappeared from the vmstat listing:
113+
114+
```sh
115+
# returns nothing
116+
vmstat -m | grep wolf
117+
```

kernel/bsdkm/bsd_example.c

Lines changed: 125 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,125 @@
1+
/* freebsd system includes */
2+
#include <sys/param.h>
3+
#include <sys/module.h>
4+
#include <sys/kernel.h>
5+
#include <sys/libkern.h>
6+
#include <sys/malloc.h>
7+
#include <sys/systm.h>
8+
9+
/* wolfssl includes */
10+
#include <wolfssl/options.h>
11+
#include <wolfssl/wolfcrypt/settings.h>
12+
#include <wolfssl/wolfcrypt/aes.h>
13+
#include <wolfssl/wolfcrypt/error-crypt.h>
14+
15+
MALLOC_DEFINE(M_BSD_EXAMPLE, "bsd_example", "example kernel memory");
16+
17+
static int wc_aes_test(void);
18+
const char * ko_name = "bsdkm_example";
19+
20+
static int
21+
example_loader(struct module * m, int what, void * arg)
22+
{
23+
int ret = 0;
24+
switch (what) {
25+
case MOD_LOAD:
26+
printf("info: %s: running wc_aes_test()\n", ko_name);
27+
ret = wc_aes_test();
28+
if (ret != 0) {
29+
return ECANCELED;
30+
}
31+
break;
32+
case MOD_UNLOAD:
33+
printf("info: %s: unload\n", ko_name);
34+
break;
35+
default:
36+
printf("info: %s: not implemented: %d\n", ko_name, what);
37+
return EOPNOTSUPP;
38+
}
39+
40+
return 0;
41+
}
42+
43+
static int wc_aes_test(void)
44+
{
45+
int ret = 0;
46+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
47+
Aes *aes = NULL;
48+
#else
49+
Aes aes[1];
50+
#endif
51+
52+
/* "Now is the time for all " w/o trailing 0 */
53+
const byte msg[] = {
54+
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
55+
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
56+
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
57+
};
58+
const byte verify[] =
59+
{
60+
0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
61+
0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
62+
};
63+
/* padded to 16-bytes */
64+
const byte key[] = "0123456789abcdef ";
65+
/* padded to 16-bytes */
66+
const byte iv[] = "1234567890abcdef ";
67+
byte cipher[WC_AES_BLOCK_SIZE * 4];
68+
69+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
70+
if ((aes = (Aes *)malloc(sizeof(*aes), M_BSD_EXAMPLE, M_WAITOK | M_ZERO)) == NULL) {
71+
printf("error: %s: xts aes alloc failed\n", ko_name);
72+
return MEMORY_E;
73+
}
74+
#endif
75+
76+
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
77+
if (ret) {
78+
printf("error: %s: wc_AesXtsInit returned: %d\n", ko_name, ret);
79+
goto wc_aes_test_end;
80+
}
81+
82+
ret = wc_AesSetKey(aes, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
83+
if (ret) {
84+
printf("error: %s: wc_AesSetKey returned: %d\n", ko_name, ret);
85+
goto wc_aes_test_end;
86+
}
87+
88+
memset(cipher, 0, sizeof(cipher));
89+
ret = wc_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
90+
if (ret) {
91+
printf("error: %s: wc_AesCbcEncrypt returned: %d\n", ko_name, ret);
92+
goto wc_aes_test_end;
93+
}
94+
95+
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) {
96+
printf("error: %s: wc_AesCbcDecrypt failed cipher-verify compare\n",
97+
ko_name);
98+
ret = -1;
99+
goto wc_aes_test_end;
100+
}
101+
102+
if (ret == 0) {
103+
printf("info: %s: wc_aes_test good\n", ko_name);
104+
}
105+
106+
wc_aes_test_end:
107+
wc_AesFree(aes);
108+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
109+
if (aes) {
110+
free(aes, M_BSD_EXAMPLE);
111+
aes = NULL;
112+
}
113+
#endif
114+
115+
return ret;
116+
}
117+
118+
static moduledata_t example_mod = {
119+
"bsdkm_example", /* name */
120+
example_loader, /* loader */
121+
NULL /* extra data */
122+
};
123+
124+
DECLARE_MODULE(bsdkm_example, example_mod, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);
125+
MODULE_DEPEND(bsdkm_example, libwolfssl, 1, 1, 1);

0 commit comments

Comments
 (0)