WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add supprt for storage of token data 

Add test of storage.

WOLFPKCS11_KEYPAIR_GEN_COMMON_LABEL
Sets the private key's label against the public key when generating
key pairs.
Sean Parkinson 2022-03-30 15:44:36 +10:00
parent c59f6d7de0
commit b03a8d365b
11 changed files with 2766 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -32,6 +32,8 @@ coverage
coverage.info
tests/pkcs11test
tests/pkcs11mtt
tests/pkcs11str
test/*
*.gcda
*.gcno

25
README.md
View File

@ -13,7 +13,7 @@ Build wolfSSL:
git clone https://github.com/wolfSSL/wolfssl.git
cd wolfssl
./autogen.sh
./configure --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT"
./configure --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DWOLFSSL_DH_EXTRA"
make
make check
sudo make install
@ -35,6 +35,29 @@ make check
### Build options and defines
#### Define WOLFPKCS11_NO_STORE
Disables storage of tokens.
#### Define WOLFPKCS11_CUSTOM_STORE
Removes default implementation of storage functions.
See wolfpkcs11/store.h for prototypes of functions to implement.
#### Define WOLFPKCS11_KEYPAIR_GEN_COMMON_LABEL
Sets the private key's label against the public key when generating key pairs.
## Environment variables
### WOLFPKCS11_TOKEN_PATH
Path into which files are stored that contain token data.
When not set, defaults to: /tmp
### WOLFPKCS11_NO_STORE
Set to any value to stop storage of token data.
## Release Notes

55
src/crypto.c
View File

@ -776,7 +776,7 @@ CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession,
return CKR_ATTRIBUTE_TYPE_INVALID;
else if (ret == BUFFER_E)
return CKR_BUFFER_TOO_SMALL;
else if (ret == NOT_AVAILABE_E)
else if (ret == NOT_AVAILABLE_E)
return CK_UNAVAILABLE_INFORMATION;
else if (ret != 0)
return CKR_FUNCTION_FAILED;
@ -3548,15 +3548,6 @@ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
if (ret != 0)
rv = CKR_FUNCTION_FAILED;
}
if (rv == CKR_OK) {
rv = AddObject(session, pub, pPublicKeyTemplate,
ulPublicKeyAttributeCount, phPublicKey);
}
if (rv == CKR_OK) {
rv = AddObject(session, priv, pPrivateKeyTemplate,
ulPrivateKeyAttributeCount, phPrivateKey);
}
break;
#endif
#ifdef HAVE_ECC
@ -3581,15 +3572,6 @@ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
if (ret != 0)
rv = CKR_FUNCTION_FAILED;
}
if (rv == CKR_OK) {
rv = AddObject(session, pub, pPublicKeyTemplate,
ulPublicKeyAttributeCount, phPublicKey);
}
if (rv == CKR_OK) {
rv = AddObject(session, priv, pPrivateKeyTemplate,
ulPrivateKeyAttributeCount, phPrivateKey);
}
break;
#endif
#ifndef NO_DH
@ -3614,15 +3596,6 @@ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
if (ret != 0)
rv = CKR_FUNCTION_FAILED;
}
if (rv == CKR_OK) {
rv = AddObject(session, pub, pPublicKeyTemplate,
ulPublicKeyAttributeCount, phPublicKey);
}
if (rv == CKR_OK) {
rv = AddObject(session, priv, pPrivateKeyTemplate,
ulPrivateKeyAttributeCount, phPrivateKey);
}
break;
#endif
default:
@ -3632,6 +3605,32 @@ CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
return CKR_MECHANISM_INVALID;
}
if (rv == CKR_OK) {
rv = AddObject(session, pub, pPublicKeyTemplate,
ulPublicKeyAttributeCount, phPublicKey);
}
if (rv == CKR_OK) {
rv = AddObject(session, priv, pPrivateKeyTemplate,
ulPrivateKeyAttributeCount, phPrivateKey);
}
#ifdef WOLFPKCS11_KEYPAIR_GEN_COMMON_LABEL
if (rv == CKR_OK) {
CK_ULONG len;
ret = WP11_Object_GetAttr(pub, CKA_LABEL, NULL, &len);
if (ret == NOT_AVAILABLE_E) {
CK_ULONG i;
for (i = 0; i < ulPrivateKeyAttributeCount; i++) {
CK_ATTRIBUTE* attr = &pPrivateKeyTemplate[i];
if (attr->type == CKA_LABEL) {
WP11_Object_SetAttr(pub, CKA_LABEL, attr->pValue,
attr->ulValueLen);
break;
}
}
}
}
#endif
if (rv != CKR_OK && pub != NULL)
WP11_Object_Free(pub);
if (rv != CKR_OK && priv != NULL)

1645
src/internal.c
View File

File diff suppressed because it is too large Load Diff

10
tests/include.am
View File

@ -4,18 +4,22 @@
check_PROGRAMS += tests/pkcs11test
noinst_PROGRAMS += tests/pkcs11test
tests_pkcs11test_SOURCES = tests/pkcs11test.c
tests_pkcs11test_LDADD = -lwolfssl -ldl -lm
check_PROGRAMS += tests/pkcs11mtt
noinst_PROGRAMS += tests/pkcs11mtt
tests_pkcs11mtt_SOURCES = tests/pkcs11mtt.c
tests_pkcs11mtt_LDADD = -lwolfssl -ldl -lm
check_PROGRAMS += tests/pkcs11str
noinst_PROGRAMS += tests/pkcs11str
tests_pkcs11str_SOURCES = tests/pkcs11str.c
tests_pkcs11str_LDADD = -lwolfssl -ldl -lm
if BUILD_STATIC
tests_pkcs11test_LDADD +=src/libwolfpkcs11.la
tests_pkcs11mtt_LDADD += src/libwolfpkcs11.la
tests_pkcs11mtt_LDADD += src/libwolfpkcs11.la
tests_pkcs11str_LDADD += src/libwolfpkcs11.la
endif
EXTRA_DIST += tests/unit.h \

2
tests/pkcs11mtt.c
View File

@ -6488,6 +6488,8 @@ int main(int argc, char* argv[])
int closeDl = 1;
int i;
setenv("WOLFPKCS11_NO_STORE", "1", 1);
argc--;
argv++;
while (argc > 0) {

972
tests/pkcs11str.c 100644
View File

@ -0,0 +1,972 @@
/* pkcs11str.c - unit tests
*
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfPKCS11.
*
* wolfPKCS11 is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfPKCS11 is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef HAVE_PKCS11_STATIC
#include <dlfcn.h>
#endif
#ifdef HAVE_CONFIG_H
#include <wolfpkcs11/config.h>
#endif
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/misc.h>
#include <wolfpkcs11/options.h>
#include <wolfpkcs11/pkcs11.h>
#include "testdata.h"
#ifdef DEBUG_WOLFPKCS11
#define CHECK_COND(cond, ret, msg) \
do { \
if (verbose) { \
fprintf(stderr, "%s:%d - %s - ", __FILE__, __LINE__, msg); \
if (!(cond)) { \
fprintf(stderr, "FAIL\n"); \
ret = -1; \
} \
else \
fprintf(stderr, "PASS\n"); \
} \
else if (!(cond)) { \
fprintf(stderr, "\n%s:%d - %s - FAIL\n", \
__FILE__, __LINE__, msg); \
ret = -1; \
} \
} \
while (0)
#define CHECK_CKR(rv, msg) \
do { \
if (verbose) { \
fprintf(stderr, "%s:%d - %s", __FILE__, __LINE__, msg); \
if (rv != CKR_OK) \
fprintf(stderr, ": %lx - FAIL\n", rv); \
else \
fprintf(stderr, " - PASS\n"); \
} \
else if (rv != CKR_OK) { \
fprintf(stderr, "\n%s:%d - %s: %lx - FAIL\n", \
__FILE__, __LINE__, msg, rv); \
} \
} \
while (0)
#define CHECK_CKR_FAIL(rv, exp, msg) \
do { \
if (verbose) { \
fprintf(stderr, "%s:%d - %s", __FILE__, __LINE__, msg); \
if (rv != exp) { \
fprintf(stderr, " RETURNED %lx - FAIL\n", rv); \
if (rv == CKR_OK) \
rv = -1; \
} \
else { \
fprintf(stderr, " - PASS\n"); \
rv = CKR_OK; \
} \
} \
else if (rv != exp) { \
fprintf(stderr, "\n%s:%d - %s RETURNED %lx - FAIL\n", \
__FILE__, __LINE__, msg, rv); \
if (rv == CKR_OK) \
rv = -1; \
} \
else \
rv = CKR_OK; \
} \
while (0)
#else
#define CHECK_COND(cond, ret, msg) \
do { \
if (!(cond)) { \
fprintf(stderr, "\n%s:%d - %s - FAIL\n", \
__FILE__, __LINE__, msg); \
ret = -1; \
} \
} \
while (0)
#define CHECK_CKR(rv, msg) \
do { \
if (rv != CKR_OK) { \
fprintf(stderr, "\n%s:%d - %s: %lx - FAIL\n", \
__FILE__, __LINE__, msg, rv); \
} \
} \
while (0)
#define CHECK_CKR_FAIL(rv, exp, msg) \
do { \
if (rv != exp) { \
fprintf(stderr, "\n%s:%d - %s RETURNED %lx - FAIL\n", \
__FILE__, __LINE__, msg, rv); \
if (rv == CKR_OK) \
rv = -1; \
} \
else \
rv = CKR_OK; \
} \
while (0)
#endif
#ifndef HAVE_PKCS11_STATIC
static void* dlib;
#endif
static CK_FUNCTION_LIST* funcList;
static int slot = 0;
const char* tokenName = "wolfpkcs11";
/* FIPS requires pin to be at least 14 characters, since it is used for
* the HMAC key */
static byte* soPin = (byte*)"password123456";
static int soPinLen = 14;
byte* userPin = (byte*)"wolfpkcs11-test";
int userPinLen;
#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DH)
static CK_OBJECT_CLASS pubKeyClass = CKO_PUBLIC_KEY;
#endif
static CK_OBJECT_CLASS privKeyClass = CKO_PRIVATE_KEY;
static CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY;
static CK_BBOOL ckTrue = CK_TRUE;
#ifndef NO_RSA
static CK_KEY_TYPE rsaKeyType = CKK_RSA;
#endif
#ifdef HAVE_ECC
static CK_KEY_TYPE eccKeyType = CKK_EC;
#endif
#ifndef NO_DH
static CK_KEY_TYPE dhKeyType = CKK_DH;
#endif
#ifndef NO_AES
static CK_KEY_TYPE aesKeyType = CKK_AES;
#endif
static CK_KEY_TYPE genericKeyType = CKK_GENERIC_SECRET;
static CK_RV pkcs11_lib_init()
{
CK_RV ret;
CK_C_INITIALIZE_ARGS args;
XMEMSET(&args, 0x00, sizeof(args));
args.flags = CKF_OS_LOCKING_OK;
ret = funcList->C_Initialize(NULL);
CHECK_CKR(ret, "Initialize");
return ret;
}
static CK_RV pkcs11_init_token()
{
CK_RV ret;
unsigned char label[32];
XMEMSET(label, ' ', sizeof(label));
XMEMCPY(label, tokenName, XSTRLEN(tokenName));
ret = funcList->C_InitToken(slot, soPin, soPinLen, label);
CHECK_CKR(ret, "Init Token");
return ret;
}
static void pkcs11_final(int closeDl)
{
funcList->C_Finalize(NULL);
if (closeDl) {
#ifndef HAVE_PKCS11_STATIC
dlclose(dlib);
#endif
}
}
static CK_RV pkcs11_set_user_pin(int slotId)
{
CK_RV ret;
CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
int flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
ret = funcList->C_OpenSession(slotId, flags, NULL, NULL, &session);
CHECK_CKR(ret, "Set User PIN - Open Session");
if (ret == CKR_OK) {
ret = funcList->C_Login(session, CKU_SO, soPin, soPinLen);
CHECK_CKR(ret, "Set User PIN - Login");
if (ret == CKR_OK) {
ret = funcList->C_InitPIN(session, userPin, userPinLen);
CHECK_CKR(ret, "Set User PIN - Init PIN");
}
funcList->C_CloseSession(session);
}
if (ret != CKR_OK)
fprintf(stderr, "FAILED: Setting user PIN\n");
return ret;
}
static CK_RV pkcs11_open_session(CK_SESSION_HANDLE* session)
{
CK_RV ret;
int sessFlags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
ret = funcList->C_OpenSession(slot, sessFlags, NULL, NULL, session);
CHECK_CKR(ret, "Open Session");
if (ret == CKR_OK && userPinLen != 0) {
ret = funcList->C_Login(*session, CKU_USER, userPin, userPinLen);
CHECK_CKR(ret, "Login");
}
return ret;
}
static void pkcs11_close_session(CK_SESSION_HANDLE session)
{
if (userPinLen != 0)
funcList->C_Logout(session);
funcList->C_CloseSession(session);
}
#ifndef NO_RSA
static CK_RV create_rsa_priv_key(CK_SESSION_HANDLE session,
unsigned char* privId, int privIdLen, CK_OBJECT_HANDLE* obj)
{
CK_RV ret;
CK_ATTRIBUTE rsa_2048_priv_key[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_MODULUS, rsa_2048_modulus, sizeof(rsa_2048_modulus) },
{ CKA_PRIVATE_EXPONENT, rsa_2048_priv_exp, sizeof(rsa_2048_priv_exp) },
{ CKA_PRIME_1, rsa_2048_p, sizeof(rsa_2048_p) },
{ CKA_PRIME_2, rsa_2048_q, sizeof(rsa_2048_q) },
{ CKA_EXPONENT_1, rsa_2048_dP, sizeof(rsa_2048_dP) },
{ CKA_EXPONENT_2, rsa_2048_dQ, sizeof(rsa_2048_dQ) },
{ CKA_COEFFICIENT, rsa_2048_u, sizeof(rsa_2048_u) },
{ CKA_PUBLIC_EXPONENT, rsa_2048_pub_exp, sizeof(rsa_2048_pub_exp) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_ID, privId, privIdLen },
};
int cnt = sizeof(rsa_2048_priv_key)/sizeof(*rsa_2048_priv_key);
if (privId == NULL)
cnt -= 2;
ret = funcList->C_CreateObject(session, rsa_2048_priv_key, cnt, obj);
CHECK_CKR(ret, "RSA Private Key Create Object");
return ret;
}
static CK_RV create_rsa_pub_key(CK_SESSION_HANDLE session, unsigned char* pubId,
int pubIdLen, CK_OBJECT_HANDLE* obj)
{
CK_RV ret;
CK_ATTRIBUTE rsa_2048_pub_key[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_MODULUS, rsa_2048_modulus, sizeof(rsa_2048_modulus) },
{ CKA_PUBLIC_EXPONENT, rsa_2048_pub_exp, sizeof(rsa_2048_pub_exp) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_ID, pubId, pubIdLen },
};
int cnt = sizeof(rsa_2048_pub_key)/sizeof(*rsa_2048_pub_key);
if (pubId == NULL)
cnt -= 2;
ret = funcList->C_CreateObject(session, rsa_2048_pub_key, cnt, obj);
CHECK_CKR(ret, "RSA Public Key Create Object");
return ret;
}
static CK_RV find_rsa_pub_key(CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE* pubKey, unsigned char* id, int idLen)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE pubKeyTmpl[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_ID, id, idLen }
};
CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, pubKeyTmpl, pubKeyTmplCnt);
CHECK_CKR(ret, "RSA Public Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, pubKey, 1, &count);
CHECK_CKR(ret, "RSA Public Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "RSA Public Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "RSA Public Key Find Objects Count");
}
return ret;
}
static CK_RV find_rsa_priv_key(CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE* privKey, unsigned char* id, int idLen)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE privKeyTmpl[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_ID, id, idLen }
};
CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, privKeyTmpl, privKeyTmplCnt);
CHECK_CKR(ret, "RSA Private Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, privKey, 1, &count);
CHECK_CKR(ret, "RSA Private Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "RSA Private Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "RSA Private Key Find Objects Count");
}
return ret;
}
#endif
#ifdef HAVE_ECC
static CK_OBJECT_HANDLE create_ecc_priv_key(CK_SESSION_HANDLE session,
unsigned char* privId, int privIdLen, CK_OBJECT_HANDLE* obj)
{
CK_RV ret;
CK_ATTRIBUTE ecc_p256_priv_key[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_EC_PARAMS, ecc_p256_params, sizeof(ecc_p256_params) },
{ CKA_VALUE, ecc_p256_priv, sizeof(ecc_p256_priv) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_ID, privId, privIdLen },
};
int ecc_p256_priv_key_cnt =
sizeof(ecc_p256_priv_key)/sizeof(*ecc_p256_priv_key);
ret = funcList->C_CreateObject(session, ecc_p256_priv_key,
ecc_p256_priv_key_cnt, obj);
CHECK_CKR(ret, "EC Private Key Create Object");
return ret;
}
static CK_OBJECT_HANDLE create_ecc_pub_key(CK_SESSION_HANDLE session,
unsigned char* pubId, int pubIdLen, CK_OBJECT_HANDLE* obj)
{
CK_RV ret;
CK_ATTRIBUTE ecc_p256_pub_key[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ CKA_EC_PARAMS, ecc_p256_params, sizeof(ecc_p256_params) },
{ CKA_EC_POINT, ecc_p256_pub, sizeof(ecc_p256_pub) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_ID, pubId, pubIdLen },
};
static int ecc_p256_pub_key_cnt =
sizeof(ecc_p256_pub_key)/sizeof(*ecc_p256_pub_key);
ret = funcList->C_CreateObject(session, ecc_p256_pub_key,
ecc_p256_pub_key_cnt, obj);
CHECK_CKR(ret, "EC Public Key Create Object");
return ret;
}
static CK_RV find_ecc_priv_key(CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE* privKey, unsigned char* id, int idLen)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE privKeyTmpl[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) },
{ CKA_ID, id, idLen }
};
CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, privKeyTmpl, privKeyTmplCnt);
CHECK_CKR(ret, "EC Private Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, privKey, 1, &count);
CHECK_CKR(ret, "EC Private Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "EC Private Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "EC Private Key Find Objects Count");
}
return ret;
}
static CK_RV find_ecc_pub_key(CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE* pubKey, unsigned char* id, int idLen)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE pubKeyTmpl[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &eccKeyType, sizeof(eccKeyType) },
{ CKA_ID, id, idLen }
};
CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, pubKeyTmpl, pubKeyTmplCnt);
CHECK_CKR(ret, "EC Public Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, pubKey, 1, &count);
CHECK_CKR(ret, "EC Public Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "EC Public Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "EC Public Key Find Objects Count");
}
return ret;
}
#endif
#ifndef NO_DH
static CK_OBJECT_HANDLE create_dh_priv_key(CK_SESSION_HANDLE session,
unsigned char* id, int idLen,
CK_OBJECT_HANDLE* obj)
{
CK_RV ret;
CK_ATTRIBUTE dh_2048_priv_key[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &dhKeyType, sizeof(dhKeyType) },
{ CKA_DERIVE, &ckTrue, sizeof(ckTrue) },
{ CKA_PRIME, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p) },
{ CKA_BASE, dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g) },
{ CKA_VALUE, dh_2048_priv, sizeof(dh_2048_priv) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_ID, id, idLen }
};
int dh_2048_priv_key_cnt =
sizeof(dh_2048_priv_key)/sizeof(*dh_2048_priv_key);
ret = funcList->C_CreateObject(session, dh_2048_priv_key,
dh_2048_priv_key_cnt, obj);
CHECK_CKR(ret, "DH Private Key Create Object");
return ret;
}
static CK_OBJECT_HANDLE create_dh_pub_key(CK_SESSION_HANDLE session,
unsigned char* id, int idLen,
CK_OBJECT_HANDLE* obj)
{
CK_RV ret;
CK_ATTRIBUTE dh_2048_pub_key[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &dhKeyType, sizeof(dhKeyType) },
{ CKA_PRIME, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p) },
{ CKA_BASE, dh_ffdhe2048_g, sizeof(dh_ffdhe2048_g) },
{ CKA_VALUE, dh_2048_pub, sizeof(dh_2048_pub) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_ID, id, idLen }
};
static int dh_2048_pub_key_cnt =
sizeof(dh_2048_pub_key)/sizeof(*dh_2048_pub_key);
ret = funcList->C_CreateObject(session, dh_2048_pub_key,
dh_2048_pub_key_cnt, obj);
CHECK_CKR(ret, "DH Public Key Create Object");
return ret;
}
static CK_RV find_dh_priv_key(CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE* privKey, unsigned char* id, int idLen)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE privKeyTmpl[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &dhKeyType, sizeof(dhKeyType) },
{ CKA_ID, id, idLen }
};
CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, privKeyTmpl, privKeyTmplCnt);
CHECK_CKR(ret, "DH Private Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, privKey, 1, &count);
CHECK_CKR(ret, "DH Private Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "DH Private Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "DH Private Key Find Objects Count");
}
return ret;
}
static CK_RV find_dh_pub_key(CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE* pubKey, unsigned char* id, int idLen)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE pubKeyTmpl[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &dhKeyType, sizeof(dhKeyType) },
{ CKA_ID, id, idLen }
};
CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, pubKeyTmpl, pubKeyTmplCnt);
CHECK_CKR(ret, "DH Public Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, pubKey, 1, &count);
CHECK_CKR(ret, "DH Public Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "DH Public Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "DH Public Key Find Objects Count");
}
return ret;
}
#endif
static CK_RV create_aes_128_key(CK_SESSION_HANDLE session, unsigned char* id,
int idLen, CK_OBJECT_HANDLE* key)
{
CK_RV ret;
CK_ATTRIBUTE aes_key[] = {
{ CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) },
#ifndef NO_AES
{ CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType) },
#else
{ CKA_KEY_TYPE, &genericKeyType, sizeof(genericKeyType) },
#endif
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_VALUE, aes_128_key, sizeof(aes_128_key) },
{ CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
{ CKA_ID, id, idLen },
};
int cnt = sizeof(aes_key)/sizeof(*aes_key);
if (id == NULL)
cnt -= 2;
ret = funcList->C_CreateObject(session, aes_key, cnt, key);
CHECK_CKR(ret, "AES-128 Key Create Object");
return ret;
}
#ifndef NO_AES
static CK_RV find_aes_key(CK_SESSION_HANDLE session, unsigned char* id,
int idLen, CK_OBJECT_HANDLE* key)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE keyTmpl[] = {
{ CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) },
{ CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType) },
{ CKA_ID, id, idLen }
};
CK_ULONG keyTmplCnt = sizeof(keyTmpl) / sizeof(*keyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, keyTmpl, keyTmplCnt);
CHECK_CKR(ret, "AES Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, key, 1, &count);
CHECK_CKR(ret, "AES Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "AES Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "AES Key Find Objects Count");
}
return ret;
}
#endif
static CK_RV pkcs11_test(int slotId, int setPin, int closeDl)
{
CK_RV ret;
int inited = 0;
CK_SESSION_HANDLE session = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE priv = CK_INVALID_HANDLE;
unsigned char* privId = (unsigned char *)"123rsafixedpriv";
int privIdLen = (int)strlen((char*)privId);
unsigned char* pubId = (unsigned char *)"123rsafixedpub";
int pubIdLen = (int)strlen((char*)pubId);
unsigned char* eccPrivId = (unsigned char *)"123eccfixedpriv";
int eccPrivIdLen = (int)strlen((char*)eccPrivId);
unsigned char* eccPubId = (unsigned char *)"123eccfixedpub";
int eccPubIdLen = (int)strlen((char*)eccPubId);
unsigned char* dhPrivId = (unsigned char *)"123dhfixedpriv";
int dhPrivIdLen = (int)strlen((char*)dhPrivId);
unsigned char* dhPubId = (unsigned char *)"123dhfixedpub";
int dhPubIdLen = (int)strlen((char*)dhPubId);
unsigned char* aesKeyId = (unsigned char *)"123aes128key";
int aesKeyIdLen = (int)strlen((char*)aesKeyId);
/* Set it global. */
slot = slotId;
printf("Initialize library ... ");
ret = pkcs11_lib_init();
if (ret == CKR_OK) {
printf("Done\n");
}
if (ret == CKR_OK) {
printf("Initialize token ... ");
ret = pkcs11_init_token();
if (ret == CKR_OK) {
printf("Done\n");
}
}
if (ret == CKR_OK) {
inited = 1;
/* Set user PIN. */
if (setPin) {
printf("Set user pin ... ");
ret = pkcs11_set_user_pin(slotId);
if (ret == CKR_OK)
printf("Done\n");
}
if (ret == CKR_OK) {
ret = pkcs11_open_session(&session);
#ifndef NO_RSA
if (ret == CKR_OK) {
printf("Create RSA key pair ... ");
ret = create_rsa_priv_key(session, privId, privIdLen, &priv);
if (ret == CKR_OK) {
ret = create_rsa_pub_key(session, pubId, pubIdLen, &pub);
}
if (ret == CKR_OK) {
printf("Done\n");
}
}
#endif
#ifdef HAVE_ECC
(void)ecc_p256_point;
if (ret == CKR_OK) {
printf("Create ECC key pair ... ");
ret = create_ecc_priv_key(session, eccPrivId, eccPrivIdLen,
&priv);
if (ret == CKR_OK) {
ret = create_ecc_pub_key(session, eccPubId, eccPubIdLen,
&pub);
}
if (ret == CKR_OK) {
printf("Done\n");
}
}
#endif
#ifndef NO_DH
(void)dh_2048_peer;
if (ret == CKR_OK) {
printf("Create DH key pair ... ");
priv = CK_INVALID_HANDLE;
ret = create_dh_priv_key(session, dhPrivId, dhPrivIdLen,
&priv);
if (ret == CKR_OK) {
pub = CK_INVALID_HANDLE;
ret = create_dh_pub_key(session, dhPubId, dhPubIdLen,
&pub);
}
if (ret == CKR_OK) {
printf("Done\n");
}
}
#endif
(void)genericKeyType;
#ifndef NO_AES
(void)aes_128_gcm_exp_tag;
(void)aes_128_gcm_exp;
(void)aes_128_cbc_pad_exp;
(void)aes_128_cbc_exp;
if (ret == CKR_OK) {
printf("Create AES key ... ");
priv = CK_INVALID_HANDLE;
ret = create_aes_128_key(session, aesKeyId, aesKeyIdLen,
&priv);
if (ret == CKR_OK) {
printf("Done\n");
}
}
#endif
pkcs11_close_session(session);
}
}
if (inited) {
printf("Finalize library\n");
pkcs11_final(0);
inited = 0;
priv = CK_INVALID_HANDLE;
pub = CK_INVALID_HANDLE;
}
if (ret == CKR_OK) {
printf("Initialize library ... ");
ret = pkcs11_lib_init();
if (ret == CKR_OK) {
printf("Done\n");
}
}
if (ret == CKR_OK) {
inited = 1;
ret = pkcs11_open_session(&session);
if (ret == CKR_OK) {
#ifndef NO_RSA
printf("Find RSA key ... ");
if (ret == CKR_OK) {
ret = find_rsa_priv_key(session, &priv, privId, privIdLen);
}
if (ret == CKR_OK) {
ret = find_rsa_pub_key(session, &pub, pubId, pubIdLen);
}
if (ret == CKR_OK) {
printf("Done\n");
}
#endif
#ifdef HAVE_ECC
printf("Find ECC key ... ");
if (ret == CKR_OK) {
ret = find_ecc_priv_key(session, &priv, eccPrivId,
eccPrivIdLen);
}
if (ret == CKR_OK) {
ret = find_ecc_pub_key(session, &pub, eccPubId, eccPubIdLen);
}
if (ret == CKR_OK) {
printf("Done\n");
}
#endif
#ifndef NO_DH
printf("Find DH key ... ");
if (ret == CKR_OK) {
ret = find_dh_priv_key(session, &priv, dhPrivId, dhPrivIdLen);
}
if (ret == CKR_OK) {
ret = find_dh_pub_key(session, &pub, dhPubId, dhPubIdLen);
}
if (ret == CKR_OK) {
printf("Done\n");
}
#endif
#ifndef NO_AES
printf("Find AES key ... ");
if (ret == CKR_OK) {
ret = find_aes_key(session, aesKeyId, aesKeyIdLen, &priv);
}
if (ret == CKR_OK) {
printf("Done\n");
}
#endif
pkcs11_close_session(session);
}
}
if (inited) {
printf("Finalize library\n");
pkcs11_final(closeDl);
}
return ret;
}
static CK_RV pkcs11_init(const char* library)
{
CK_RV ret = CKR_OK;
#ifndef HAVE_PKCS11_STATIC
void* func;
dlib = dlopen(library, RTLD_NOW | RTLD_LOCAL);
if (dlib == NULL) {
fprintf(stderr, "dlopen error: %s\n", dlerror());
ret = -1;
}
if (ret == CKR_OK) {
func = (CK_C_GetFunctionList)dlsym(dlib, "C_GetFunctionList");
if (func == NULL) {
fprintf(stderr, "Failed to get function list function\n");
ret = -1;
}
}
if (ret == CKR_OK) {
ret = ((CK_C_GetFunctionList)func)(&funcList);
CHECK_CKR(ret, "Get Function List call");
}
if (ret != CKR_OK && dlib != NULL)
dlclose(dlib);
#else
ret = C_GetFunctionList(&funcList);
(void)library;
#endif
return ret;
}
/* Display the usage options of the benchmark program. */
static void Usage(void)
{
printf("pkcs11test\n");
printf("-? Help, print this usage\n");
printf("-lib <file> PKCS#11 library to test\n");
printf("-slot <num> Slot number to use\n");
printf("-token <string> Name of token\n");
printf("-soPin <string> Security Officer PIN\n");
printf("-userPin <string> User PIN\n");
printf("-no-close Do not close the PKCS#11 library before exit\n");
}
/* Match the command line argument with the string.
*
* arg Command line argument.
* str String to check for.
* return 1 if the command line argument matches the string, 0 otherwise.
*/
static int string_matches(const char* arg, const char* str)
{
int len = (int)XSTRLEN(str) + 1;
return XSTRNCMP(arg, str, len) == 0;
}
int main(int argc, char* argv[])
{
int ret;
CK_RV rv;
int slotId = WOLFPKCS11_DLL_SLOT;
const char* libName = WOLFPKCS11_DLL_FILENAME;
int setPin = 1;
int closeDl = 1;
setenv("WOLFPKCS11_TOKEN_PATH", "./test", 1);
argc--;
argv++;
while (argc > 0) {
if (string_matches(*argv, "-?")) {
Usage();
return 0;
}
else if (string_matches(*argv, "-lib")) {
argc--;
argv++;
if (argc == 0) {
fprintf(stderr, "Library name not supplied\n");
return 1;
}
libName = *argv;
}
else if (string_matches(*argv, "-token")) {
argc--;
argv++;
if (argc == 0) {
fprintf(stderr, "Token name not supplied\n");
return 1;
}
tokenName = *argv;
}
else if (string_matches(*argv, "-soPin")) {
argc--;
argv++;
if (argc == 0) {
fprintf(stderr, "SO PIN not supplied\n");
return 1;
}
soPin = (byte*)*argv;
soPinLen = (int)XSTRLEN((const char*)soPin);
}
else if (string_matches(*argv, "-userPin")) {
argc--;
argv++;
if (argc == 0) {
fprintf(stderr, "User PIN not supplied\n");
return 1;
}
userPin = (byte*)*argv;
}
else if (string_matches(*argv, "-no-close")) {
closeDl = 0;
}
argc--;
argv++;
}
userPinLen = (int)XSTRLEN((const char*)userPin);
rv = pkcs11_init(libName);
if (rv == CKR_OK) {
rv = pkcs11_test(slotId, setPin, closeDl);
}
if (rv == CKR_OK)
ret = 0;
else
ret = 1;
return ret;
}

77
tests/pkcs11test.c
View File

@ -93,6 +93,7 @@ static CK_KEY_TYPE aesKeyType = CKK_AES;
#endif
static CK_KEY_TYPE genericKeyType = CKK_GENERIC_SECRET;
static CK_RV test_get_function_list(void* args)
{
CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args;
@ -2916,15 +2917,17 @@ static CK_RV gen_rsa_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE* pubKey,
{ CKA_MODULUS_BITS, &bits, sizeof(bits) },
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_PUBLIC_EXPONENT, pub_exp, sizeof(pub_exp) }
{ CKA_PUBLIC_EXPONENT, pub_exp, sizeof(pub_exp) },
{ CKA_LABEL, (unsigned char*)"", 0 },
};
int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
CK_ATTRIBUTE privKeyTmpl[] = {
{CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{CKA_ID, id, idLen }
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ CKA_LABEL, (unsigned char*)"priv_label", 10 },
{ CKA_ID, id, idLen }
};
int privTmplCnt = 2;
int privTmplCnt = 3;
if (idLen > 0)
privTmplCnt++;
@ -3022,6 +3025,64 @@ static CK_RV find_rsa_priv_key(CK_SESSION_HANDLE session,
return ret;
}
static CK_RV find_rsa_pub_key_label(CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE* pubKey)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE pubKeyTmpl[] = {
{ CKA_LABEL, (unsigned char*)"", 0 },
};
CK_ULONG pubKeyTmplCnt = sizeof(pubKeyTmpl) / sizeof(*pubKeyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, pubKeyTmpl, pubKeyTmplCnt);
CHECK_CKR(ret, "RSA Public Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, pubKey, 1, &count);
CHECK_CKR(ret, "RSA Public Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "RSA Public Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "RSA Public Key Find Objects Count");
}
return ret;
}
static CK_RV find_rsa_priv_key_label(CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE* privKey)
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE privKeyTmpl[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_LABEL, (unsigned char*)"priv_label", 10 },
};
CK_ULONG privKeyTmplCnt = sizeof(privKeyTmpl) / sizeof(*privKeyTmpl);
CK_ULONG count;
ret = funcList->C_FindObjectsInit(session, privKeyTmpl, privKeyTmplCnt);
CHECK_CKR(ret, "RSA Private Key Find Objects Init");
if (ret == CKR_OK) {
ret = funcList->C_FindObjects(session, privKey, 1, &count);
CHECK_CKR(ret, "RSA Private Key Find Objects");
}
if (ret == CKR_OK) {
ret = funcList->C_FindObjectsFinal(session);
CHECK_CKR(ret, "RSA Private Key Find Objects Final");
}
if (ret == CKR_OK && count == 0) {
ret = -1;
CHECK_CKR(ret, "RSA Private Key Find Objects Count");
}
return ret;
}
static CK_RV test_attributes_rsa(void* args)
{
CK_SESSION_HANDLE session = *(CK_SESSION_HANDLE*)args;
@ -4160,6 +4221,10 @@ static CK_RV test_rsa_gen_keys(void* args)
CK_OBJECT_HANDLE pub = CK_INVALID_HANDLE;
ret = gen_rsa_key(session, &pub, &priv, NULL, 0);
if (ret == CKR_OK)
ret = find_rsa_pub_key_label(session, &pub);
if (ret == CKR_OK)
ret = find_rsa_priv_key_label(session, &priv);
if (ret == CKR_OK)
ret = rsa_raw_test(session, priv, pub);
if (ret == CKR_OK)
@ -7835,6 +7900,8 @@ int main(int argc, char* argv[])
int closeDl = 1;
int i;
setenv("WOLFPKCS11_NO_STORE", "1", 1);
argc--;
argv++;
while (argc > 0) {

1
wolfpkcs11/include.am
View File

@ -4,6 +4,7 @@
nobase_include_HEADERS += \
wolfpkcs11/pkcs11.h \
wolfpkcs11/store.h \
wolfpkcs11/internal.h \
wolfpkcs11/visibility.h \
wolfpkcs11/version.h \

2
wolfpkcs11/internal.h
View File

@ -163,7 +163,7 @@ extern "C" {
#define PIN_INVALID_E -1
#define PIN_NOT_SET_E -2
#define READ_ONLY_E -3
#define NOT_AVAILABE_E -4
#define NOT_AVAILABLE_E -4
#define FIND_FULL_E -5
#define FIND_NO_MORE_E -6
#define SESSION_EXISTS_E -7

78
wolfpkcs11/store.h 100644
View File

@ -0,0 +1,78 @@
/* store.h
*
* Copyright (C) 2006-2022 wolfSSL Inc.
*
* This file is part of wolfPKCS11.
*
* wolfPKCS11 is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfPKCS11 is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFPKCS11_STORE
#define WOLFPKCS11_STORE
#define WOLFPKCS11_STORE_TOKEN 0x00
#define WOLFPKCS11_STORE_OBJECT 0x01
#define WOLFPKCS11_STORE_SYMMKEY 0x10
#define WOLFPKCS11_STORE_RSAKEY 0x11
#define WOLFPKCS11_STORE_ECCKEY 0x12
#define WOLFPKCS11_STORE_DHKEY 0x13
/*
* Opens access to location to read/write token data.
*
* @param [in] type Type of data to be stored. See WOLFPKCS11_STORE_* above.
* @param [in] id1 Numeric identifier 1.
* @param [in] id2 Numeric identifier 2.
* @param [in] read 1 when opening for read and 0 for write.
* @param [out] store Return pointer to context data.
* @return 0 on success.
* @return -4 when data not available.
* @return Other value to indicate failure.
*/
int wolfPKCS11_Store_Open(int type, CK_ULONG id1, CK_ULONG id2, int read,
void** store);
/*
* Closes access to location being read or written.
* Any dynamic memory associated with the store is freed here.
*
* @param [in] store Context for operation.
*/
void wolfPKCS11_Store_Close(void* store);
/*
* Reads a specific number of bytes into buffer.
*
* @param [in] store Context for operation.
* @param [in, out] buffer Buffer to hold data read.
* @param [in] len Length of data required.
* @return Length of data read into buffer.
* @return -ve to indicate failure.
*/
int wolfPKCS11_Store_Read(void* store, unsigned char* buffer, int len);
/*
* Writes a specific number of bytes from buffer.
*
* @param [in] store Context for operation.
* @param [in] buffer Data to write.
* @param [in] len Length of data to write.
* @return Length of data written into buffer.
* @return -ve to indicate failure.
*/
int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len);
#endif /* WOLFPKCS11_STORE */