wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

PKCS#11: User PIN can be NULL_PTR

Browse Source 
Allow TokenInit to store NULL for User Pin.
New APIs to handle not setting User PIN.
This commit is contained in:
Sean Parkinson
2022-10-28 08:52:18 +10:00
parent 319901a85c
commit 4b648e7e08
2 changed files with 75 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
wolfcrypt/src/wc_pkcs11.c
View File

@ -519,8 +519,7 @@ static int Pkcs11Slot_FindByTokenName(Pkcs11Dev* dev,
/* lookup by slotId or tokenName */
static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
const char* tokenName, size_t tokenNameSz,
const unsigned char* userPin, size_t userPinSz)
const char* tokenName, size_t tokenNameSz)
{
int ret = 0;
CK_RV rv;
@ -577,8 +576,9 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
token->func = dev->func;
token->slotId = (CK_SLOT_ID)slotId;
token->handle = NULL_PTR;
token->userPin = (CK_UTF8CHAR_PTR)userPin;
token->userPinSz = (CK_ULONG)userPinSz;
token->userPin = NULL_PTR;
token->userPinSz = 0;
token->userPinLogin = 0;
}
if (slot != NULL) {
@ -589,7 +589,7 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
}
/**
* Set up a token for use. Lookup by slotId or tokenName
* Set up a token for use. Lookup by slotId or tokenName. Set User PIN.
*
* @param [in] token Token object.
* @param [in] dev PKCS#11 device object.
@ -605,17 +605,48 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
*/
int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
const char* tokenName, const unsigned char* userPin, int userPinSz)
{
int ret;
size_t tokenNameSz = 0;
if (tokenName != NULL) {
tokenNameSz = XSTRLEN(tokenName);
}
ret = Pkcs11Token_Init(token, dev, slotId, tokenName, tokenNameSz);
if (ret == 0) {
token->userPin = (CK_UTF8CHAR_PTR)userPin;
token->userPinSz = (CK_ULONG)userPinSz;
token->userPinLogin = 1;
}
return ret;
}
/**
* Set up a token for use. Lookup by slotId or tokenName.
*
* @param [in] token Token object.
* @param [in] dev PKCS#11 device object.
* @param [in] slotId Slot number of the token.<br>
* Passing -1 uses the first available slot.
* @param [in] tokenName Name of token to initialize (optional)
* @return BAD_FUNC_ARG when token, dev and/or tokenName is NULL.
* @return WC_INIT_E when initializing token fails.
* @return WC_HW_E when another PKCS#11 library call fails.
* @return 0 on success.
*/
int wc_Pkcs11Token_Init_NoLogin(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
const char* tokenName)
{
size_t tokenNameSz = 0;
if (tokenName != NULL) {
tokenNameSz = XSTRLEN(tokenName);
}
return Pkcs11Token_Init(token, dev, slotId, tokenName, tokenNameSz,
userPin, (size_t)userPinSz);
return Pkcs11Token_Init(token, dev, slotId, tokenName, tokenNameSz);
}
/**
* Set up a token for use. Lookup by slotId or tokenName/size
* Set up a token for use. Lookup by slotId or tokenName/size. Set User PIN.
*
* @param [in] token Token object.
* @param [in] dev PKCS#11 device object.
@ -629,11 +660,37 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
* @return 0 on success.
*/
int wc_Pkcs11Token_InitName(Pkcs11Token* token, Pkcs11Dev* dev,
const char* tokenName, int tokenNameSz,
const unsigned char* userPin, int userPinSz)
const char* tokenName, int tokenNameSz,
const unsigned char* userPin, int userPinSz)
{
return Pkcs11Token_Init(token, dev, -1, tokenName, (size_t)tokenNameSz,
userPin, (size_t)userPinSz);
int ret = Pkcs11Token_Init(token, dev, -1, tokenName, (size_t)tokenNameSz);
if (ret == 0) {
token->userPin = (CK_UTF8CHAR_PTR)userPin;
token->userPinSz = (CK_ULONG)userPinSz;
token->userPinLogin = 1;
}
return ret;
}
/**
* Set up a token for use. Lookup by slotId or tokenName/size.
*
* @param [in] token Token object.
* @param [in] dev PKCS#11 device object.
* @param [in] tokenName Name of token to initialize.
* @param [in] tokenNameSz Name size for token
* @param [in] userPin PIN to use to login as user.
* @param [in] userPinSz Number of bytes in PIN.
* @return BAD_FUNC_ARG when token, dev and/or tokenName is NULL.
* @return WC_INIT_E when initializing token fails.
* @return WC_HW_E when another PKCS#11 library call fails.
* @return 0 on success.
*/
int wc_Pkcs11Token_InitName_NoLogin(Pkcs11Token* token, Pkcs11Dev* dev,
const char* tokenName, int tokenNameSz)
{
return Pkcs11Token_Init(token, dev, -1, tokenName, (size_t)tokenNameSz);
}
/**
@ -687,7 +744,7 @@ static int Pkcs11OpenSession(Pkcs11Token* token, Pkcs11Session* session,
if (rv != CKR_OK) {
ret = WC_HW_E;
}
if (ret == 0 && token->userPin != NULL) {
if (ret == 0 && token->userPinLogin) {
rv = token->func->C_Login(session->handle, CKU_USER,
token->userPin, token->userPinSz);
PKCS11_RV("C_Login", rv);

5
wolfssl/wolfcrypt/wc_pkcs11.h
View File

@ -52,6 +52,7 @@ typedef struct Pkcs11Token {
CK_SESSION_HANDLE handle; /* Handle to active session */
CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */
CK_ULONG userPinSz; /* Size of user's PIN in bytes */
byte userPinLogin:1; /* Login with User's PIN */
} Pkcs11Token;
typedef struct Pkcs11Session {
@ -76,9 +77,13 @@ WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev,
int slotId, const char* tokenName, const unsigned char *userPin,
int userPinSz);
WOLFSSL_API int wc_Pkcs11Token_Init_NoLogin(Pkcs11Token* token, Pkcs11Dev* dev,
int slotId, const char* tokenName);
WOLFSSL_API int wc_Pkcs11Token_InitName(Pkcs11Token* token, Pkcs11Dev* dev,
const char* tokenName, int tokenSz,
const unsigned char* userPin, int userPinSz);
WOLFSSL_API int wc_Pkcs11Token_InitName_NoLogin(Pkcs11Token* token,
Pkcs11Dev* dev, const char* tokenName, int tokenSz);
WOLFSSL_API void wc_Pkcs11Token_Final(Pkcs11Token* token);
WOLFSSL_API int wc_Pkcs11Token_Open(Pkcs11Token* token, int readWrite);