mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-29 18:27:29 +02:00
Improvements for PKCS#11 library
This commit is contained in:
Sean Parkinson
@ -3291,6 +3291,34 @@ int wc_ecc_get_curve_id_from_params(int fieldSize,
|
||||
return ecc_sets[idx].id;
|
||||
}
|
||||
|
||||
/* Returns the curve id that corresponds to a given OID,
|
||||
* as listed in ecc_sets[] of ecc.c.
|
||||
*
|
||||
* oid OID, from ecc_sets[].name in ecc.c
|
||||
* len OID len, from ecc_sets[].name in ecc.c
|
||||
* return curve id, from ecc_sets[] on success, negative on error
|
||||
*/
|
||||
int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len)
|
||||
{
|
||||
int curve_idx;
|
||||
|
||||
if (oid == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) {
|
||||
if (ecc_sets[curve_idx].oid && ecc_sets[curve_idx].oidSz == len &&
|
||||
XMEMCMP(ecc_sets[curve_idx].oid, oid, len) == 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ecc_sets[curve_idx].size == 0) {
|
||||
WOLFSSL_MSG("ecc_set curve name not found");
|
||||
return ECC_CURVE_INVALID;
|
||||
}
|
||||
|
||||
return ecc_sets[curve_idx].id;
|
||||
}
|
||||
|
||||
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
static WC_INLINE int wc_ecc_alloc_mpint(ecc_key* key, mp_int** mp)
|
||||
@ -4003,6 +4031,17 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id)
|
||||
#endif /* WOLFSSL_SP_MATH */
|
||||
}
|
||||
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->k, &key->k.raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(key->pubkey.x, &key->pubkey.x->raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(key->pubkey.y, &key->pubkey.y->raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(key->pubkey.z, &key->pubkey.z->raw);
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_ATECC508A */
|
||||
|
||||
return err;
|
||||
|
||||
@ -3109,6 +3109,25 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
|
||||
if (err == MP_OKAY)
|
||||
key->type = RSA_PRIVATE;
|
||||
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->n, &key->n.raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->e, &key->e.raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->d, &key->d.raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->p, &key->p.raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->q, &key->q.raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->dP, &key->dP.raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->dQ, &key->dQ.raw);
|
||||
if (err == MP_OKAY)
|
||||
err = wc_mp_to_bigint(&key->u, &key->u.raw);
|
||||
#endif
|
||||
|
||||
mp_clear(&tmp1);
|
||||
mp_clear(&tmp2);
|
||||
mp_clear(&tmp3);
|
||||
|
||||
@ -84,8 +84,10 @@ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library)
|
||||
|
||||
if (ret == 0) {
|
||||
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
|
||||
if (dev->dlHandle == NULL)
|
||||
if (dev->dlHandle == NULL) {
|
||||
WOLFSSL_MSG(dlerror());
|
||||
ret = BAD_PATH_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
@ -148,10 +150,10 @@ void wc_Pkcs11_Finalize(Pkcs11Dev* dev)
|
||||
int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
|
||||
const char* tokenName, const unsigned char* userPin, int userPinSz)
|
||||
{
|
||||
int ret = 0;
|
||||
CK_RV rv;
|
||||
CK_SLOT_ID slot;
|
||||
CK_ULONG slotCnt = 1;
|
||||
int ret = 0;
|
||||
CK_RV rv;
|
||||
CK_SLOT_ID* slot = NULL;
|
||||
CK_ULONG slotCnt = 0;
|
||||
|
||||
if (token == NULL || dev == NULL || tokenName == NULL)
|
||||
ret = BAD_FUNC_ARG;
|
||||
@ -159,14 +161,25 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
|
||||
if (ret == 0) {
|
||||
if (slotId < 0) {
|
||||
/* Use first available slot with a token. */
|
||||
rv = dev->func->C_GetSlotList(CK_TRUE, &slot, &slotCnt);
|
||||
rv = dev->func->C_GetSlotList(CK_TRUE, NULL, &slotCnt);
|
||||
if (rv != CKR_OK)
|
||||
ret = WC_HW_E;
|
||||
if (ret == 0) {
|
||||
slot = XMALLOC(slotCnt * sizeof(*slot), NULL,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (slot == NULL)
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
if (ret == 0) {
|
||||
rv = dev->func->C_GetSlotList(CK_TRUE, slot, &slotCnt);
|
||||
if (rv != CKR_OK)
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
if (ret == 0) {
|
||||
if (slotCnt > 0)
|
||||
slotId = (int)slot;
|
||||
slotId = (int)slot[0];
|
||||
else
|
||||
ret = -1;
|
||||
ret = WC_HW_E;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -178,6 +191,9 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
|
||||
token->userPinSz = (CK_ULONG)userPinSz;
|
||||
}
|
||||
|
||||
if (slot != NULL)
|
||||
XFREE(slot, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -947,6 +963,7 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
|
||||
{ CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
|
||||
};
|
||||
int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
|
||||
CK_ATTRIBUTE privKeyTmpl[] = {
|
||||
{CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
|
||||
{CKA_SIGN, &ckTrue, sizeof(ckTrue) },
|
||||
@ -979,8 +996,9 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
mech.pParameter = NULL;
|
||||
|
||||
rv = session->func->C_GenerateKeyPair(session->handle, &mech,
|
||||
pubKeyTmpl, 4, privKeyTmpl,
|
||||
privTmplCnt, &pubKey, &privKey);
|
||||
pubKeyTmpl, pubTmplCnt,
|
||||
privKeyTmpl, privTmplCnt,
|
||||
&pubKey, &privKey);
|
||||
if (rv != CKR_OK)
|
||||
ret = -1;
|
||||
}
|
||||
@ -1216,7 +1234,7 @@ static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session,
|
||||
* @return WC_HW_E when a PKCS#11 library call fails.
|
||||
* 0 on success.
|
||||
*/
|
||||
static int Pkcs11EC_KeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
{
|
||||
int ret = 0;
|
||||
ecc_key* key = info->pk.eckg.key;
|
||||
@ -1229,6 +1247,7 @@ static int Pkcs11EC_KeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
|
||||
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
|
||||
};
|
||||
int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
|
||||
CK_ATTRIBUTE privKeyTmpl[] = {
|
||||
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
|
||||
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
|
||||
@ -1255,8 +1274,9 @@ static int Pkcs11EC_KeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
|
||||
mech.pParameter = NULL;
|
||||
|
||||
rv = session->func->C_GenerateKeyPair(session->handle, &mech,
|
||||
pubKeyTmpl, 2, privKeyTmpl,
|
||||
privTmplCnt, &pubKey, &privKey);
|
||||
pubKeyTmpl, pubTmplCnt,
|
||||
privKeyTmpl, privTmplCnt,
|
||||
&pubKey, &privKey);
|
||||
if (rv != CKR_OK)
|
||||
ret = -1;
|
||||
}
|
||||
@ -1931,7 +1951,7 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
case WC_PK_TYPE_EC_KEYGEN:
|
||||
ret = Pkcs11EC_KeyGen(&session, info);
|
||||
ret = Pkcs11EcKeyGen(&session, info);
|
||||
break;
|
||||
case WC_PK_TYPE_ECDH:
|
||||
ret = Pkcs11ECDH(&session, info);
|
||||
|
||||
@ -501,6 +501,8 @@ int wc_ecc_get_curve_id_from_params(int fieldSize,
|
||||
const byte* Bf, word32 BfSz, const byte* order, word32 orderSz,
|
||||
const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor);
|
||||
|
||||
WOLFSSL_API
|
||||
int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len);
|
||||
|
||||
WOLFSSL_API
|
||||
ecc_point* wc_ecc_new_point(void);
|
||||
|
||||
Reference in New Issue
Block a user