Skip to content

Commit 2d24e85

Browse files
philljjphilljj
committed
bsdkm: kernel example.
1 parent 123d562 commit 2d24e85

3 files changed

Lines changed: 258 additions & 0 deletions

File tree

kernel/bsdkm/Makefile

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# example module name and sources
2+
KMOD=bsd_example
3+
SRCS=bsd_example.c
4+
5+
# path to wolfssl dir
6+
WOLFSSL_DIR=../../../wolfssl/
7+
8+
# suppress wolfcrypt/src/misc.c drops const qualifier
9+
CFLAGS+= -Wno-cast-qual
10+
CFLAGS+= -Wno-error=cast-qual
11+
CFLAGS+= -I/usr/include
12+
CFLAGS+=-I${WOLFSSL_DIR} -DWOLFSSL_USE_OPTIONS_H -DWOLFSSL_CUSTOM_CONFIG
13+
14+
# point to live kernel kmod dot mk
15+
.include "/usr/src/sys/conf/kmod.mk"

kernel/bsdkm/README.md

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
# FreeBSD wolfcrypt kernel module example
2+
3+
## About
4+
5+
6+
Tested on FreeBSD 14.2:
7+
```sh
8+
uname -rsm
9+
FreeBSD 14.2-RELEASE amd64
10+
```
11+
12+
## Build libwolfssl.ko
13+
14+
```sh
15+
cd ~/
16+
git clone https://github.com/philljj/wolfssl.git
17+
cd ~/wolfssl && git co bsdkm
18+
./autogen.sh
19+
./configure --enable-bsdkm --enable-cryptonly --enable-crypttests --enable-all-crypto --disable-asm && make
20+
file bsdkm/libwolfssl.ko
21+
```
22+
23+
Load the kernel module:
24+
```sh
25+
sudo kldload bsdkm/libwolfssl.ko
26+
```
27+
28+
In dmesg output you should see something like:
29+
```sh
30+
dmesg | tail -n10
31+
PKCS7enveloped test passed!
32+
PKCS7authenveloped test passed!
33+
mp test passed!
34+
prime test passed!
35+
logging test passed!
36+
mutex test passed!
37+
crypto callback test passed!
38+
Test complete
39+
wolfCrypt self-test passed.
40+
info: wolfkmod init good
41+
```
42+
43+
and kldstat:
44+
```sh
45+
kldstat
46+
Id Refs Address Size Name
47+
1 20 0xffffffff80200000 1f3c6c0 kernel
48+
2 1 0xffffffff82818000 3220 intpm.ko
49+
3 1 0xffffffff8281c000 2178 smbus.ko
50+
4 1 0xffffffff8281f000 430c virtio_console.ko
51+
5 1 0xffffffff82824000 3360 uhid.ko
52+
6 1 0xffffffff82828000 3360 wmt.ko
53+
17 1 0xffffffff8282c000 154520 libwolfssl.ko
54+
```
55+
56+
wolfssl will also appear in vmstat entries:
57+
```sh
58+
vmstat -m | grep wolf
59+
wolfssl 0 0 1275500 16,32,64,128,256,384,512,1024,2048,4096,8192,16384
60+
```
61+
62+
## Build this example
63+
64+
From this example dir:
65+
```sh
66+
make && file bsd_example.ko
67+
```
68+
69+
Load it:
70+
```sh
71+
sudo kldload ./bsd_example.ko
72+
```
73+
74+
dmesg should show:
75+
```sh
76+
dmesg | tail -n5
77+
Test complete
78+
wolfCrypt self-test passed.
79+
info: wolfkmod init good
80+
info: bsdkm_example: running wc_aes_test()
81+
info: bsdkm_example: wc_aes_test good
82+
```
83+
84+
and kldstat:
85+
```sh
86+
kldstat
87+
Id Refs Address Size Name
88+
1 22 0xffffffff80200000 1f3c6c0 kernel
89+
2 1 0xffffffff82818000 3220 intpm.ko
90+
3 1 0xffffffff8281c000 2178 smbus.ko
91+
4 1 0xffffffff8281f000 430c virtio_console.ko
92+
5 1 0xffffffff82824000 3360 uhid.ko
93+
6 1 0xffffffff82828000 3360 wmt.ko
94+
17 2 0xffffffff8282c000 154520 libwolfssl.ko
95+
18 1 0xffffffff82981000 2188 bsd_example.ko
96+
```
97+
98+
Notice `libwolfssl.ko` reference count has incremented.
99+
100+
Unload in the opposite order as loading:
101+
```sh
102+
sudo kldunload bsd_example.ko
103+
sudo kldunload libwolfssl.ko
104+
kldstat
105+
Id Refs Address Size Name
106+
1 18 0xffffffff80200000 1f3c6c0 kernel
107+
2 1 0xffffffff82818000 3220 intpm.ko
108+
3 1 0xffffffff8281c000 2178 smbus.ko
109+
4 1 0xffffffff8281f000 430c virtio_console.ko
110+
5 1 0xffffffff82824000 3360 uhid.ko
111+
6 1 0xffffffff82828000 3360 wmt.ko
112+
```
113+
wolfssl should now have disappeared from the vmstat listing:
114+
115+
```sh
116+
# returns nothing
117+
vmstat -m | grep wolf
118+
```

kernel/bsdkm/bsd_example.c

Lines changed: 125 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,125 @@
1+
/* freebsd system includes */
2+
#include <sys/param.h>
3+
#include <sys/module.h>
4+
#include <sys/kernel.h>
5+
#include <sys/libkern.h>
6+
#include <sys/malloc.h>
7+
#include <sys/systm.h>
8+
9+
/* wolfssl includes */
10+
#include <wolfssl/options.h>
11+
#include <wolfssl/wolfcrypt/settings.h>
12+
#include <wolfssl/wolfcrypt/aes.h>
13+
#include <wolfssl/wolfcrypt/error-crypt.h>
14+
15+
MALLOC_DEFINE(M_BSD_EXAMPLE, "bsd_example", "example kernel memory");
16+
17+
static int wc_aes_test(void);
18+
const char * ko_name = "bsdkm_example";
19+
20+
static int
21+
example_loader(struct module * m, int what, void * arg)
22+
{
23+
int ret = 0;
24+
switch (what) {
25+
case MOD_LOAD:
26+
printf("info: %s: running wc_aes_test()\n", ko_name);
27+
ret = wc_aes_test();
28+
if (ret != 0) {
29+
return ECANCELED;
30+
}
31+
break;
32+
case MOD_UNLOAD:
33+
printf("info: %s: unload\n", ko_name);
34+
break;
35+
default:
36+
printf("info: %s: not implemented: %d\n", ko_name, what);
37+
return EOPNOTSUPP;
38+
}
39+
40+
return 0;
41+
}
42+
43+
static int wc_aes_test(void)
44+
{
45+
int ret = 0;
46+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
47+
Aes *aes = NULL;
48+
#else
49+
Aes aes[1];
50+
#endif
51+
52+
/* "Now is the time for all " w/o trailing 0 */
53+
const byte msg[] = {
54+
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
55+
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
56+
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
57+
};
58+
const byte verify[] =
59+
{
60+
0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
61+
0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
62+
};
63+
/* padded to 16-bytes */
64+
const byte key[] = "0123456789abcdef ";
65+
/* padded to 16-bytes */
66+
const byte iv[] = "1234567890abcdef ";
67+
byte cipher[WC_AES_BLOCK_SIZE * 4];
68+
69+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
70+
if ((aes = (Aes *)malloc(sizeof(*aes), M_BSD_EXAMPLE, M_WAITOK | M_ZERO)) == NULL) {
71+
printf("error: %s: xts aes alloc failed\n", ko_name);
72+
return MEMORY_E;
73+
}
74+
#endif
75+
76+
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
77+
if (ret) {
78+
printf("error: %s: wc_AesXtsInit returned: %d\n", ko_name, ret);
79+
goto wc_aes_test_end;
80+
}
81+
82+
ret = wc_AesSetKey(aes, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
83+
if (ret) {
84+
printf("error: %s: wc_AesSetKey returned: %d\n", ko_name, ret);
85+
goto wc_aes_test_end;
86+
}
87+
88+
memset(cipher, 0, sizeof(cipher));
89+
ret = wc_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
90+
if (ret) {
91+
printf("error: %s: wc_AesCbcEncrypt returned: %d\n", ko_name, ret);
92+
goto wc_aes_test_end;
93+
}
94+
95+
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) {
96+
printf("error: %s: wc_AesCbcDecrypt failed cipher-verify compare\n",
97+
ko_name);
98+
ret = -1;
99+
goto wc_aes_test_end;
100+
}
101+
102+
if (ret == 0) {
103+
printf("info: %s: wc_aes_test good\n", ko_name);
104+
}
105+
106+
wc_aes_test_end:
107+
wc_AesFree(aes);
108+
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
109+
if (aes) {
110+
free(aes, M_BSD_EXAMPLE);
111+
aes = NULL;
112+
}
113+
#endif
114+
115+
return ret;
116+
}
117+
118+
static moduledata_t hellomod = {
119+
"bsdkm_example", /* name */
120+
example_loader, /* loader */
121+
NULL /* extra data */
122+
};
123+
124+
DECLARE_MODULE(bsdkm_example, hellomod, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);
125+
MODULE_DEPEND(bsdkm_example, libwolfssl, 1, 1, 1);

0 commit comments

Comments
 (0)