wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Review comment changes

Browse Source 
Add heap as a device initialization parameter.
Allocate slot info pointer wiht device heap pointer.
ForceZero user pin on token finalization.
Add comments to structure definitions.
This commit is contained in:
Sean Parkinson
2018-10-30 15:41:25 +10:00
parent 7551e49fed
commit ab458db504
2 changed files with 25 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
wolfcrypt/src/wc_pkcs11.c
View File

@@ -36,6 +36,12 @@
#ifndef NO_RSA #ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
#endif #endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#define MAX_EC_PARAM_LEN 16 #define MAX_EC_PARAM_LEN 16
@@ -73,7 +79,7 @@ static CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY;
* WC_HW_E when unable to get PKCS#11 function list. * WC_HW_E when unable to get PKCS#11 function list.
* 0 on success. * 0 on success.
*/ */
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library) int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
{ {
int ret = 0; int ret = 0;
void* func; void* func;
@@ -83,6 +89,7 @@ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library)
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
if (ret == 0) { if (ret == 0) {
dev->heap = heap;
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL); dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
if (dev->dlHandle == NULL) { if (dev->dlHandle == NULL) {
WOLFSSL_MSG(dlerror()); WOLFSSL_MSG(dlerror());
@@ -165,7 +172,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
if (rv != CKR_OK) if (rv != CKR_OK)
ret = WC_HW_E; ret = WC_HW_E;
if (ret == 0) { if (ret == 0) {
slot = XMALLOC(slotCnt * sizeof(*slot), NULL, slot = (CK_SLOT_ID*)XMALLOC(slotCnt * sizeof(*slot), dev->heap,
DYNAMIC_TYPE_TMP_BUFFER); DYNAMIC_TYPE_TMP_BUFFER);
if (slot == NULL) if (slot == NULL)
ret = MEMORY_E; ret = MEMORY_E;
@@ -192,7 +199,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
} }
if (slot != NULL) if (slot != NULL)
XFREE(slot, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret; return ret;
} }
@@ -208,6 +215,7 @@ void wc_Pkcs11Token_Final(Pkcs11Token* token)
if (token != NULL && token->func != NULL) { if (token != NULL && token->func != NULL) {
token->func->C_CloseAllSessions(token->slotId); token->func->C_CloseAllSessions(token->slotId);
token->handle = NULL_PTR; token->handle = NULL_PTR;
ForceZero(token->userPin, token->userPinSz);
} }
} }
@@ -963,7 +971,7 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) } { CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
}; };
int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl); CK_ULONG pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
CK_ATTRIBUTE privKeyTmpl[] = { CK_ATTRIBUTE privKeyTmpl[] = {
{CKA_DECRYPT, &ckTrue, sizeof(ckTrue) }, {CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{CKA_SIGN, &ckTrue, sizeof(ckTrue) }, {CKA_SIGN, &ckTrue, sizeof(ckTrue) },

22
wolfssl/wolfcrypt/wc_pkcs11.h
View File

@@ -30,22 +30,23 @@
#include <wolfssl/wolfcrypt/pkcs11.h> #include <wolfssl/wolfcrypt/pkcs11.h>
typedef struct Pkcs11Dev { typedef struct Pkcs11Dev {
void* dlHandle; void* dlHandle; /* Handle to library */
CK_FUNCTION_LIST* func; /* Array of functions */ CK_FUNCTION_LIST* func; /* Array of functions */
void* heap;
} Pkcs11Dev; } Pkcs11Dev;
typedef struct Pkcs11Token { typedef struct Pkcs11Token {
CK_FUNCTION_LIST* func; CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
CK_SLOT_ID slotId; CK_SLOT_ID slotId; /* Id of slot to use */
CK_SESSION_HANDLE handle; CK_SESSION_HANDLE handle; /* Handle to active session */
CK_UTF8CHAR_PTR userPin; CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */
CK_ULONG userPinSz; CK_ULONG userPinSz; /* Size of user's PIN in bytes */
} Pkcs11Token; } Pkcs11Token;
typedef struct Pkcs11Session { typedef struct Pkcs11Session {
CK_FUNCTION_LIST* func; CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
CK_SLOT_ID slotId; CK_SLOT_ID slotId; /* Id of slot to use */
CK_SESSION_HANDLE handle; CK_SESSION_HANDLE handle; /* Handle to active session */
} Pkcs11Session; } Pkcs11Session;
#ifdef __cplusplus #ifdef __cplusplus
@@ -60,7 +61,8 @@ enum Pkcs11KeyType {
}; };
WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library); WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library,
void* heap);
WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev); WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev,