forked from wolfSSL/wolfssl
Review comment changes
Add heap as a device initialization parameter. Allocate slot info pointer wiht device heap pointer. ForceZero user pin on token finalization. Add comments to structure definitions.
This commit is contained in:
Sean Parkinson
@@ -36,6 +36,12 @@
|
|||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
#include <wolfssl/wolfcrypt/rsa.h>
|
#include <wolfssl/wolfcrypt/rsa.h>
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef NO_INLINE
|
||||||
|
#include <wolfssl/wolfcrypt/misc.h>
|
||||||
|
#else
|
||||||
|
#define WOLFSSL_MISC_INCLUDED
|
||||||
|
#include <wolfcrypt/src/misc.c>
|
||||||
|
#endif
|
||||||
|
|
||||||
#define MAX_EC_PARAM_LEN 16
|
#define MAX_EC_PARAM_LEN 16
|
||||||
|
|
||||||
@@ -73,7 +79,7 @@ static CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY;
|
|||||||
* WC_HW_E when unable to get PKCS#11 function list.
|
* WC_HW_E when unable to get PKCS#11 function list.
|
||||||
* 0 on success.
|
* 0 on success.
|
||||||
*/
|
*/
|
||||||
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library)
|
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
void* func;
|
void* func;
|
||||||
@@ -83,6 +89,7 @@ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library)
|
|||||||
ret = BAD_FUNC_ARG;
|
ret = BAD_FUNC_ARG;
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
|
dev->heap = heap;
|
||||||
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
|
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
|
||||||
if (dev->dlHandle == NULL) {
|
if (dev->dlHandle == NULL) {
|
||||||
WOLFSSL_MSG(dlerror());
|
WOLFSSL_MSG(dlerror());
|
||||||
@@ -165,7 +172,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
|
|||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
ret = WC_HW_E;
|
ret = WC_HW_E;
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
slot = XMALLOC(slotCnt * sizeof(*slot), NULL,
|
slot = (CK_SLOT_ID*)XMALLOC(slotCnt * sizeof(*slot), dev->heap,
|
||||||
DYNAMIC_TYPE_TMP_BUFFER);
|
DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if (slot == NULL)
|
if (slot == NULL)
|
||||||
ret = MEMORY_E;
|
ret = MEMORY_E;
|
||||||
@@ -192,7 +199,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (slot != NULL)
|
if (slot != NULL)
|
||||||
XFREE(slot, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -208,6 +215,7 @@ void wc_Pkcs11Token_Final(Pkcs11Token* token)
|
|||||||
if (token != NULL && token->func != NULL) {
|
if (token != NULL && token->func != NULL) {
|
||||||
token->func->C_CloseAllSessions(token->slotId);
|
token->func->C_CloseAllSessions(token->slotId);
|
||||||
token->handle = NULL_PTR;
|
token->handle = NULL_PTR;
|
||||||
|
ForceZero(token->userPin, token->userPinSz);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -963,7 +971,7 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
|||||||
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
|
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
|
||||||
{ CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
|
{ CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
|
||||||
};
|
};
|
||||||
int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
|
CK_ULONG pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
|
||||||
CK_ATTRIBUTE privKeyTmpl[] = {
|
CK_ATTRIBUTE privKeyTmpl[] = {
|
||||||
{CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
|
{CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
|
||||||
{CKA_SIGN, &ckTrue, sizeof(ckTrue) },
|
{CKA_SIGN, &ckTrue, sizeof(ckTrue) },
|
||||||
|
|||||||
@@ -30,22 +30,23 @@
|
|||||||
#include <wolfssl/wolfcrypt/pkcs11.h>
|
#include <wolfssl/wolfcrypt/pkcs11.h>
|
||||||
|
|
||||||
typedef struct Pkcs11Dev {
|
typedef struct Pkcs11Dev {
|
||||||
void* dlHandle;
|
void* dlHandle; /* Handle to library */
|
||||||
CK_FUNCTION_LIST* func; /* Array of functions */
|
CK_FUNCTION_LIST* func; /* Array of functions */
|
||||||
|
void* heap;
|
||||||
} Pkcs11Dev;
|
} Pkcs11Dev;
|
||||||
|
|
||||||
typedef struct Pkcs11Token {
|
typedef struct Pkcs11Token {
|
||||||
CK_FUNCTION_LIST* func;
|
CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
|
||||||
CK_SLOT_ID slotId;
|
CK_SLOT_ID slotId; /* Id of slot to use */
|
||||||
CK_SESSION_HANDLE handle;
|
CK_SESSION_HANDLE handle; /* Handle to active session */
|
||||||
CK_UTF8CHAR_PTR userPin;
|
CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */
|
||||||
CK_ULONG userPinSz;
|
CK_ULONG userPinSz; /* Size of user's PIN in bytes */
|
||||||
} Pkcs11Token;
|
} Pkcs11Token;
|
||||||
|
|
||||||
typedef struct Pkcs11Session {
|
typedef struct Pkcs11Session {
|
||||||
CK_FUNCTION_LIST* func;
|
CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
|
||||||
CK_SLOT_ID slotId;
|
CK_SLOT_ID slotId; /* Id of slot to use */
|
||||||
CK_SESSION_HANDLE handle;
|
CK_SESSION_HANDLE handle; /* Handle to active session */
|
||||||
} Pkcs11Session;
|
} Pkcs11Session;
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
@@ -60,7 +61,8 @@ enum Pkcs11KeyType {
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library);
|
WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library,
|
||||||
|
void* heap);
|
||||||
WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
|
WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
|
||||||
|
|
||||||
WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev,
|
WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev,
|
||||||
|
|||||||
Reference in New Issue
Block a user