feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2054 from SparkiDev/pkcs11_rng

Browse Source 
Add support for random and getting entropy (seed) with PKCS#11
This commit is contained in:
toddouska
2019-02-01 09:59:12 -08:00
committed by GitHub
parent 4a177a8a30 743f8b576f
commit 1258467b0a
7 changed files with 136 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
wolfcrypt/src/cryptocb.c
View File

@ -468,6 +468,29 @@ int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz)
return ret;
}
int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz)
{
int ret = NOT_COMPILED_IN;
CryptoCb* dev;
/* locate registered callback */
dev = wc_CryptoCb_FindDevice(os->devId);
if (dev) {
if (dev->cb) {
wc_CryptoInfo cryptoInfo;
XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
cryptoInfo.algo_type = WC_ALGO_TYPE_SEED;
cryptoInfo.seed.os = os;
cryptoInfo.seed.seed = seed;
cryptoInfo.seed.sz = sz;
ret = dev->cb(os->devId, &cryptoInfo, dev->ctx);
}
}
return ret;
}
#endif /* !WC_NO_RNG */
#endif /* WOLF_CRYPTO_CB */

20
wolfcrypt/src/random.c
View File

@ -704,6 +704,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
rng->devId = devId;
rng->seed.devId = devId;
#else
(void)devId;
#endif
@ -1480,6 +1481,16 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
#ifdef WOLF_CRYPTO_CB
int ret;
if (os != NULL && os->devId != INVALID_DEVID) {
ret = wc_CryptoCb_RandomSeed(os, output, sz);
if (ret != NOT_COMPILED_IN)
return ret;
}
#endif
#ifdef HAVE_INTEL_RDSEED
if (IS_INTEL_RDSEED(intel_flags)) {
if (!wc_GenerateSeed_IntelRD(NULL, output, sz)) {
@ -2147,6 +2158,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
{
int ret = 0;
#ifdef WOLF_CRYPTO_CB
if (os != NULL && os->devId != INVALID_DEVID) {
ret = wc_CryptoCb_RandomSeed(os, output, sz);
if (ret != NOT_COMPILED_IN)
return ret;
}
#endif
#ifdef HAVE_INTEL_RDSEED
if (IS_INTEL_RDSEED(intel_flags)) {
ret = wc_GenerateSeed_IntelRD(NULL, output, sz);
@ -2220,6 +2239,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
}
#endif
/* End wc_GenerateSeed */
#endif /* WC_NO_RNG */
#endif /* HAVE_FIPS */

61
wolfcrypt/src/wc_pkcs11.c
View File

@ -1923,6 +1923,50 @@ static int Pkcs11AesGcmDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
}
#endif
#ifndef WC_NO_RNG
#ifndef HAVE_HASHDRBG
/**
* Performs random number generation.
*
* @param session [in] Session object.
* @param info [in] Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* 0 on success.
*/
static int Pkcs11RandomBlock(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
rv = session->func->C_GenerateRandom(session->handle, info->rng.out,
info->rng.sz);
if (rv != CKR_OK)
ret = WC_HW_E;
return ret;
}
#endif
/**
* Generates entropy (seed) data.
*
* @param session [in] Session object.
* @param info [in] Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* 0 on success.
*/
static int Pkcs11RandomSeed(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
rv = session->func->C_GenerateRandom(session->handle, info->seed.seed,
info->seed.sz);
if (rv != CKR_OK)
ret = WC_HW_E;
return ret;
}
#endif
/**
* Perform a cryptographic operation using PKCS#11 device.
*
@ -1988,6 +2032,23 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
#endif
}
}
else if (info->algo_type == WC_ALGO_TYPE_HASH) {
ret = NOT_COMPILED_IN;
}
else if (info->algo_type == WC_ALGO_TYPE_RNG) {
#if !defined(WC_NO_RNG) && !defined(HAVE_HASHDRBG)
ret = Pkcs11RandomBlock(&session, info);
#else
ret = NOT_COMPILED_IN;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG
ret = Pkcs11RandomSeed(&session, info);
#else
ret = NOT_COMPILED_IN;
#endif
}
Pkcs11CloseSession(token, &session);
}

20
wolfcrypt/test/test.c
View File

@ -22896,6 +22896,26 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
info->rng.rng->devId = devIdArg;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG
static byte seed[] = { 0x00, 0x00, 0x00, 0x01 };
word32 len;
int i;
/* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
while (info->seed.sz > 0) {
len = (word32)sizeof(seed);
if (info->seed.sz < len)
len = info->seed.sz;
XMEMCPY(info->seed.seed, seed, sizeof(seed));
info->seed.seed += len;
info->seed.sz -= len;
(*((word32*)seed))++;
}
ret = 0;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: Pk Type %d\n", info->pk.type);

6
wolfssl/wolfcrypt/cryptocb.h
View File

@ -169,6 +169,11 @@ typedef struct wc_CryptoInfo {
byte* out;
word32 sz;
} rng;
struct {
OS_Seed* os;
byte* seed;
word32 sz;
} seed;
#endif
} wc_CryptoInfo;
@ -240,6 +245,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
#ifndef WC_NO_RNG
WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz);
WOLFSSL_LOCAL int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz);
#endif
#endif /* WOLF_CRYPTO_CB */

3
wolfssl/wolfcrypt/random.h
View File

@ -138,6 +138,9 @@ typedef struct OS_Seed {
#else
int fd;
#endif
#if defined(WOLF_CRYPTO_CB)
int devId;
#endif
} OS_Seed;

3
wolfssl/wolfcrypt/types.h
View File

@ -543,8 +543,9 @@
WC_ALGO_TYPE_CIPHER = 2,
WC_ALGO_TYPE_PK = 3,
WC_ALGO_TYPE_RNG = 4,
WC_ALGO_TYPE_SEED = 5,
WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_RNG
WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_SEED
};
/* hash types */