feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2054 from SparkiDev/pkcs11_rng

Browse Source 
Add support for random and getting entropy (seed) with PKCS#11
This commit is contained in:
toddouska
2019-02-01 09:59:12 -08:00
committed by GitHub
parent 4a177a8a30 743f8b576f
commit 1258467b0a
7 changed files with 136 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
wolfcrypt/src/cryptocb.c
View File

@@ -468,6 +468,29 @@ int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz)
return ret; return ret;
} }
int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
{
int ret = NOT_COMPILED_IN;
CryptoCb* dev;
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(os->devId);
if (dev) {
if (dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_SEED;
cryptoInfo.seed.os = os;
cryptoInfo.seed.seed = seed;
cryptoInfo.seed.sz = sz;
ret = dev->cb(os->devId, &cryptoInfo, dev->ctx);
}
}
return ret;
}
#endif /* !WC_NO_RNG */ #endif /* !WC_NO_RNG */
#endif /* WOLF_CRYPTO_CB */ #endif /* WOLF_CRYPTO_CB */

20
wolfcrypt/src/random.c
View File

@@ -704,6 +704,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
#endif #endif
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
rng->devId = devId; rng->devId = devId;
rng->seed.devId = devId;
#else #else
(void)devId; (void)devId;
#endif #endif
@@ -1480,6 +1481,16 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{ {
#ifdef WOLF_CRYPTO_CB
int ret;
if (os != NULL && os->devId != INVALID_DEVID) {
ret = wc_CryptoCb_RandomSeed(os, output, sz);
if (ret != NOT_COMPILED_IN)
return ret;
}
#endif
#ifdef HAVE_INTEL_RDSEED #ifdef HAVE_INTEL_RDSEED
if (IS_INTEL_RDSEED(intel_flags)) { if (IS_INTEL_RDSEED(intel_flags)) {
if (!wc_GenerateSeed_IntelRD(NULL, output, sz)) { if (!wc_GenerateSeed_IntelRD(NULL, output, sz)) {
@@ -2147,6 +2158,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{ {
int ret = 0; int ret = 0;
#ifdef WOLF_CRYPTO_CB
if (os != NULL && os->devId != INVALID_DEVID) {
ret = wc_CryptoCb_RandomSeed(os, output, sz);
if (ret != NOT_COMPILED_IN)
return ret;
}
#endif
#ifdef HAVE_INTEL_RDSEED #ifdef HAVE_INTEL_RDSEED
if (IS_INTEL_RDSEED(intel_flags)) { if (IS_INTEL_RDSEED(intel_flags)) {
ret = wc_GenerateSeed_IntelRD(NULL, output, sz); ret = wc_GenerateSeed_IntelRD(NULL, output, sz);
@@ -2220,6 +2239,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
} }
#endif #endif
/* End wc_GenerateSeed */ /* End wc_GenerateSeed */
#endif /* WC_NO_RNG */ #endif /* WC_NO_RNG */
#endif /* HAVE_FIPS */ #endif /* HAVE_FIPS */

63
wolfcrypt/src/wc_pkcs11.c
View File

@@ -1923,6 +1923,50 @@ static int Pkcs11AesGcmDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
} }
#endif #endif
#ifndef WC_NO_RNG
#ifndef HAVE_HASHDRBG
/**
* Performs random number generation.
*
* @param session [in] Session object.
* @param info [in] Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* 0 on success.
*/
static int Pkcs11RandomBlock(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
rv = session->func->C_GenerateRandom(session->handle, info->rng.out,
info->rng.sz);
if (rv != CKR_OK)
ret = WC_HW_E;
return ret;
}
#endif
/**
* Generates entropy (seed) data.
*
* @param session [in] Session object.
* @param info [in] Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* 0 on success.
*/
static int Pkcs11RandomSeed(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
rv = session->func->C_GenerateRandom(session->handle, info->seed.seed,
info->seed.sz);
if (rv != CKR_OK)
ret = WC_HW_E;
return ret;
}
#endif
/** /**
* Perform a cryptographic operation using PKCS#11 device. * Perform a cryptographic operation using PKCS#11 device.
* *
@@ -1986,8 +2030,25 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
ret = Pkcs11AesGcmDecrypt(&session, info); ret = Pkcs11AesGcmDecrypt(&session, info);
break; break;
#endif #endif
}
} }
}
else if (info->algo_type == WC_ALGO_TYPE_HASH) {
ret = NOT_COMPILED_IN;
}
else if (info->algo_type == WC_ALGO_TYPE_RNG) {
#if !defined(WC_NO_RNG) && !defined(HAVE_HASHDRBG)
ret = Pkcs11RandomBlock(&session, info);
#else
ret = NOT_COMPILED_IN;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG
ret = Pkcs11RandomSeed(&session, info);
#else
ret = NOT_COMPILED_IN;
#endif
}
Pkcs11CloseSession(token, &session); Pkcs11CloseSession(token, &session);
} }

20
wolfcrypt/test/test.c
View File

@@ -22896,6 +22896,26 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->rng.rng->devId = devIdArg; info->rng.rng->devId = devIdArg;
#endif #endif
} }
else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG
static byte seed[] = { 0x00, 0x00, 0x00, 0x01 };
word32 len;
int i;
/* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
while (info->seed.sz > 0) {
len = (word32)sizeof(seed);
if (info->seed.sz < len)
len = info->seed.sz;
XMEMCPY(info->seed.seed, seed, sizeof(seed));
info->seed.seed += len;
info->seed.sz -= len;
(*((word32*)seed))++;
}
ret = 0;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_PK) { else if (info->algo_type == WC_ALGO_TYPE_PK) {
#ifdef DEBUG_WOLFSSL #ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: Pk Type %d\n", info->pk.type); printf("CryptoDevCb: Pk Type %d\n", info->pk.type);

6
wolfssl/wolfcrypt/cryptocb.h
View File

@@ -169,6 +169,11 @@ typedef struct wc_CryptoInfo {
byte* out; byte* out;
word32 sz; word32 sz;
} rng; } rng;
struct {
OS_Seed* os;
byte* seed;
word32 sz;
} seed;
#endif #endif
} wc_CryptoInfo; } wc_CryptoInfo;
@@ -240,6 +245,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
#ifndef WC_NO_RNG #ifndef WC_NO_RNG
WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz); WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz);
WOLFSSL_LOCAL int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz);
#endif #endif
#endif /* WOLF_CRYPTO_CB */ #endif /* WOLF_CRYPTO_CB */

3
wolfssl/wolfcrypt/random.h
View File

@@ -138,6 +138,9 @@ typedef struct OS_Seed {
#else #else
int fd; int fd;
#endif #endif
#if defined(WOLF_CRYPTO_CB)
int devId;
#endif
} OS_Seed; } OS_Seed;

3
wolfssl/wolfcrypt/types.h
View File

@@ -543,8 +543,9 @@
WC_ALGO_TYPE_CIPHER = 2, WC_ALGO_TYPE_CIPHER = 2,
WC_ALGO_TYPE_PK = 3, WC_ALGO_TYPE_PK = 3,
WC_ALGO_TYPE_RNG = 4, WC_ALGO_TYPE_RNG = 4,
WC_ALGO_TYPE_SEED = 5,
WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_RNG WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_SEED
}; };
/* hash types */ /* hash types */