wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1882 from SparkiDev/pkcs11_lib

Browse Source 
Improvements for PKCS#11 library
This commit is contained in:
toddouska
2018-11-06 08:53:57 -08:00
committed by GitHub
parent 2c7ff56a3e ab458db504
commit 144ff68cfb
5 changed files with 116 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
wolfcrypt/src/ecc.c
View File

@ -3296,6 +3296,34 @@ int wc_ecc_get_curve_id_from_params(int fieldSize,
return ecc_sets[idx].id; return ecc_sets[idx].id;
} }
/* Returns the curve id that corresponds to a given OID,
* as listed in ecc_sets[] of ecc.c.
*
* oid OID, from ecc_sets[].name in ecc.c
* len OID len, from ecc_sets[].name in ecc.c
* return curve id, from ecc_sets[] on success, negative on error
*/
int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len)
{
int curve_idx;
if (oid == NULL)
return BAD_FUNC_ARG;
for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) {
if (ecc_sets[curve_idx].oid && ecc_sets[curve_idx].oidSz == len &&
XMEMCMP(ecc_sets[curve_idx].oid, oid, len) == 0) {
break;
}
}
if (ecc_sets[curve_idx].size == 0) {
WOLFSSL_MSG("ecc_set curve name not found");
return ECC_CURVE_INVALID;
}
return ecc_sets[curve_idx].id;
}
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
static WC_INLINE int wc_ecc_alloc_mpint(ecc_key* key, mp_int** mp) static WC_INLINE int wc_ecc_alloc_mpint(ecc_key* key, mp_int** mp)
@ -4008,6 +4036,17 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
#endif /* WOLFSSL_SP_MATH */ #endif /* WOLFSSL_SP_MATH */
} }
#ifdef HAVE_WOLF_BIGINT
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->k, &key->k.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(key->pubkey.x, &key->pubkey.x->raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(key->pubkey.y, &key->pubkey.y->raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(key->pubkey.z, &key->pubkey.z->raw);
#endif
#endif /* WOLFSSL_ATECC508A */ #endif /* WOLFSSL_ATECC508A */
return err; return err;

19
wolfcrypt/src/rsa.c
View File

@ -3109,6 +3109,25 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
if (err == MP_OKAY) if (err == MP_OKAY)
key->type = RSA_PRIVATE; key->type = RSA_PRIVATE;
#ifdef HAVE_WOLF_BIGINT
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->n, &key->n.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->e, &key->e.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->d, &key->d.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->p, &key->p.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->q, &key->q.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->dP, &key->dP.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->dQ, &key->dQ.raw);
if (err == MP_OKAY)
err = wc_mp_to_bigint(&key->u, &key->u.raw);
#endif
mp_clear(&tmp1); mp_clear(&tmp1);
mp_clear(&tmp2); mp_clear(&tmp2);
mp_clear(&tmp3); mp_clear(&tmp3);

58
wolfcrypt/src/wc_pkcs11.c
View File

@ -36,6 +36,12 @@
#ifndef NO_RSA #ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
#endif #endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#define MAX_EC_PARAM_LEN 16 #define MAX_EC_PARAM_LEN 16
@ -73,7 +79,7 @@ static CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY;
* WC_HW_E when unable to get PKCS#11 function list. * WC_HW_E when unable to get PKCS#11 function list.
* 0 on success. * 0 on success.
*/ */
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library) int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
{ {
int ret = 0; int ret = 0;
void* func; void* func;
@ -83,9 +89,12 @@ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library)
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
if (ret == 0) { if (ret == 0) {
dev->heap = heap;
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL); dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
if (dev->dlHandle == NULL) if (dev->dlHandle == NULL) {
WOLFSSL_MSG(dlerror());
ret = BAD_PATH_ERROR; ret = BAD_PATH_ERROR;
}
} }
if (ret == 0) { if (ret == 0) {
@ -148,10 +157,10 @@ void wc_Pkcs11_Finalize(Pkcs11Dev* dev)
int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId, int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
const char* tokenName, const unsigned char* userPin, int userPinSz) const char* tokenName, const unsigned char* userPin, int userPinSz)
{ {
int ret = 0; int ret = 0;
CK_RV rv; CK_RV rv;
CK_SLOT_ID slot; CK_SLOT_ID* slot = NULL;
CK_ULONG slotCnt = 1; CK_ULONG slotCnt = 0;
if (token == NULL || dev == NULL || tokenName == NULL) if (token == NULL || dev == NULL || tokenName == NULL)
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
@ -159,14 +168,25 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
if (ret == 0) { if (ret == 0) {
if (slotId < 0) { if (slotId < 0) {
/* Use first available slot with a token. */ /* Use first available slot with a token. */
rv = dev->func->C_GetSlotList(CK_TRUE, &slot, &slotCnt); rv = dev->func->C_GetSlotList(CK_TRUE, NULL, &slotCnt);
if (rv != CKR_OK) if (rv != CKR_OK)
ret = WC_HW_E; ret = WC_HW_E;
if (ret == 0) {
slot = (CK_SLOT_ID*)XMALLOC(slotCnt * sizeof(*slot), dev->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (slot == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
rv = dev->func->C_GetSlotList(CK_TRUE, slot, &slotCnt);
if (rv != CKR_OK)
ret = WC_HW_E;
}
if (ret == 0) { if (ret == 0) {
if (slotCnt > 0) if (slotCnt > 0)
slotId = (int)slot; slotId = (int)slot[0];
else else
ret = -1; ret = WC_HW_E;
} }
} }
} }
@ -178,6 +198,9 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
token->userPinSz = (CK_ULONG)userPinSz; token->userPinSz = (CK_ULONG)userPinSz;
} }
if (slot != NULL)
XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret; return ret;
} }
@ -192,6 +215,7 @@ void wc_Pkcs11Token_Final(Pkcs11Token* token)
if (token != NULL && token->func != NULL) { if (token != NULL && token->func != NULL) {
token->func->C_CloseAllSessions(token->slotId); token->func->C_CloseAllSessions(token->slotId);
token->handle = NULL_PTR; token->handle = NULL_PTR;
ForceZero(token->userPin, token->userPinSz);
} }
} }
@ -947,6 +971,7 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) } { CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
}; };
CK_ULONG pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
CK_ATTRIBUTE privKeyTmpl[] = { CK_ATTRIBUTE privKeyTmpl[] = {
{CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, {CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{CKA_SIGN, &ckTrue, sizeof(ckTrue) }, {CKA_SIGN, &ckTrue, sizeof(ckTrue) },
@ -979,8 +1004,9 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
mech.pParameter = NULL; mech.pParameter = NULL;
rv = session->func->C_GenerateKeyPair(session->handle, &mech, rv = session->func->C_GenerateKeyPair(session->handle, &mech,
pubKeyTmpl, 4, privKeyTmpl, pubKeyTmpl, pubTmplCnt,
privTmplCnt, &pubKey, &privKey); privKeyTmpl, privTmplCnt,
&pubKey, &privKey);
if (rv != CKR_OK) if (rv != CKR_OK)
ret = -1; ret = -1;
} }
@ -1216,7 +1242,7 @@ static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session,
* @return WC_HW_E when a PKCS#11 library call fails. * @return WC_HW_E when a PKCS#11 library call fails.
* 0 on success. * 0 on success.
*/ */
static int Pkcs11EC_KeyGen(Pkcs11Session* session, wc_CryptoInfo* info) static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
{ {
int ret = 0; int ret = 0;
ecc_key* key = info->pk.eckg.key; ecc_key* key = info->pk.eckg.key;
@ -1229,6 +1255,7 @@ static int Pkcs11EC_KeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
}; };
int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
CK_ATTRIBUTE privKeyTmpl[] = { CK_ATTRIBUTE privKeyTmpl[] = {
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, { CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) }, { CKA_SIGN, &ckTrue, sizeof(ckTrue) },
@ -1255,8 +1282,9 @@ static int Pkcs11EC_KeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
mech.pParameter = NULL; mech.pParameter = NULL;
rv = session->func->C_GenerateKeyPair(session->handle, &mech, rv = session->func->C_GenerateKeyPair(session->handle, &mech,
pubKeyTmpl, 2, privKeyTmpl, pubKeyTmpl, pubTmplCnt,
privTmplCnt, &pubKey, &privKey); privKeyTmpl, privTmplCnt,
&pubKey, &privKey);
if (rv != CKR_OK) if (rv != CKR_OK)
ret = -1; ret = -1;
} }
@ -1931,7 +1959,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
case WC_PK_TYPE_EC_KEYGEN: case WC_PK_TYPE_EC_KEYGEN:
ret = Pkcs11EC_KeyGen(&session, info); ret = Pkcs11EcKeyGen(&session, info);
break; break;
case WC_PK_TYPE_ECDH: case WC_PK_TYPE_ECDH:
ret = Pkcs11ECDH(&session, info); ret = Pkcs11ECDH(&session, info);

2
wolfssl/wolfcrypt/ecc.h
View File

@ -501,6 +501,8 @@ int wc_ecc_get_curve_id_from_params(int fieldSize,
const byte* Bf, word32 BfSz, const byte* order, word32 orderSz, const byte* Bf, word32 BfSz, const byte* order, word32 orderSz,
const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor); const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor);
WOLFSSL_API
int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len);
WOLFSSL_API WOLFSSL_API
ecc_point* wc_ecc_new_point(void); ecc_point* wc_ecc_new_point(void);

24
wolfssl/wolfcrypt/wc_pkcs11.h
View File

@ -30,22 +30,23 @@
#include <wolfssl/wolfcrypt/pkcs11.h> #include <wolfssl/wolfcrypt/pkcs11.h>
typedef struct Pkcs11Dev { typedef struct Pkcs11Dev {
void* dlHandle; void* dlHandle; /* Handle to library */
CK_FUNCTION_LIST* func; /* Array of functions */ CK_FUNCTION_LIST* func; /* Array of functions */
void* heap;
} Pkcs11Dev; } Pkcs11Dev;
typedef struct Pkcs11Token { typedef struct Pkcs11Token {
CK_FUNCTION_LIST* func; CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
CK_SLOT_ID slotId; CK_SLOT_ID slotId; /* Id of slot to use */
CK_SESSION_HANDLE handle; CK_SESSION_HANDLE handle; /* Handle to active session */
CK_UTF8CHAR_PTR userPin; CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */
CK_ULONG userPinSz; CK_ULONG userPinSz; /* Size of user's PIN in bytes */
} Pkcs11Token; } Pkcs11Token;
typedef struct Pkcs11Session { typedef struct Pkcs11Session {
CK_FUNCTION_LIST* func; CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
CK_SLOT_ID slotId; CK_SLOT_ID slotId; /* Id of slot to use */
CK_SESSION_HANDLE handle; CK_SESSION_HANDLE handle; /* Handle to active session */
} Pkcs11Session; } Pkcs11Session;
#ifdef __cplusplus #ifdef __cplusplus
@ -60,7 +61,8 @@ enum Pkcs11KeyType {
}; };
WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library); WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library,
void* heap);
WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev); WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev,