mirror of https://github.com/wolfSSL/wolfBoot.git
TZ: PKCS11 wrappers via wolfPKCS11 in S world
parent
c849ddfebb
commit
f7d6c17685
|
@ -4,3 +4,6 @@
|
|||
[submodule "lib/wolfTPM"]
|
||||
path = lib/wolfTPM
|
||||
url = https://github.com/wolfssl/wolfTPM
|
||||
[submodule "lib/wolfPKCS11"]
|
||||
path = lib/wolfPKCS11
|
||||
url = https://github.com/wolfSSL/wolfPKCS11.git
|
||||
|
|
|
@ -166,7 +166,7 @@ static void sau_init_region(uint32_t region, uint32_t start_addr,
|
|||
void hal_tz_sau_init(void)
|
||||
{
|
||||
/* Non-secure callable: NSC functions area */
|
||||
sau_init_region(0, 0x0C020000, 0x0C040000, 1);
|
||||
sau_init_region(0, 0x0C038000, 0x0C040000, 1);
|
||||
|
||||
/* Non-secure: application flash area */
|
||||
sau_init_region(1, 0x08040000, 0x0804FFFF, 0);
|
||||
|
|
|
@ -3,7 +3,8 @@ MEMORY
|
|||
FLASH (rx) : ORIGIN = @WOLFBOOT_ORIGIN@, LENGTH = @BOOTLOADER_PARTITION_SIZE@
|
||||
RAM (rwx) : ORIGIN = 0x30000000, LENGTH = 0x00016000
|
||||
RAM_KV (rw): ORIGIN = 0x30016000, LENGTH = 0x2000
|
||||
FLASH_NSC(rx): ORIGIN = @WOLFBOOT_ORIGIN@ + 0x20000, LENGTH = 0x20000
|
||||
FLASH_KEYVAULT(rw): ORIGIN = @WOLFBOOT_ORIGIN@ + 0x20000, LENGTH = 0x18000
|
||||
FLASH_NSC(rx): ORIGIN = @WOLFBOOT_ORIGIN@ + 0x38000, LENGTH = 0x8000
|
||||
}
|
||||
|
||||
SECTIONS
|
||||
|
@ -62,3 +63,7 @@ END_STACK = ORIGIN(RAM) + LENGTH(RAM);
|
|||
_keyvault_origin = ORIGIN(RAM_KV);
|
||||
_keyvault_size = LENGTH(RAM_KV);
|
||||
|
||||
_flash_keyvault = ORIGIN(FLASH_KEYVAULT);
|
||||
_flash_keyvault_size = LENGTH(FLASH_KEYVAULT);
|
||||
|
||||
|
||||
|
|
|
@ -243,7 +243,7 @@ int hal_trng_get_entropy(unsigned char *out, unsigned len);
|
|||
# endif
|
||||
#endif
|
||||
|
||||
#ifdef EXT_ENCRYPTED
|
||||
#if defined(EXT_ENCRYPTED) || defined(SECURE_PKCS11)
|
||||
# define HAVE_PWDBASED
|
||||
#else
|
||||
# define NO_PWDBASED
|
||||
|
@ -308,6 +308,16 @@ int hal_trng_get_entropy(unsigned char *out, unsigned len);
|
|||
#define NO_ECC_KEY_EXPORT
|
||||
#endif
|
||||
|
||||
/* Disables - For minimum wolfCrypt build */
|
||||
#ifndef WOLFBOOT_TPM
|
||||
# if !defined(ENCRYPT_WITH_AES128) && !defined(ENCRYPT_WITH_AES256) && !defined(WOLFCRYPT_SECURE_MODE)
|
||||
# define NO_AES
|
||||
# endif
|
||||
# if !defined(SECURE_PKCS11)
|
||||
# define NO_HMAC
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#define NO_CMAC
|
||||
#define NO_CODING
|
||||
#define WOLFSSL_NO_PEM
|
||||
|
@ -382,4 +392,10 @@ int hal_trng_get_entropy(unsigned char *out, unsigned len);
|
|||
#define XPRINTF uart_printf
|
||||
#endif
|
||||
|
||||
#ifdef SECURE_PKCS11
|
||||
typedef unsigned long time_t;
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* !H_USER_SETTINGS_ */
|
||||
|
|
|
@ -0,0 +1,322 @@
|
|||
#include "wolfpkcs11/pkcs11.h"
|
||||
|
||||
#ifndef WOLFBOOT_PKCS11_H
|
||||
#define WOLFBOOT_PKCS11_H
|
||||
|
||||
struct C_SetPIN_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_UTF8CHAR_PTR pOldPin;
|
||||
CK_ULONG ulOldLen;
|
||||
CK_UTF8CHAR_PTR pNewPin;
|
||||
CK_ULONG ulNewLen;
|
||||
};
|
||||
|
||||
struct C_OpenSession_nsc_args {
|
||||
CK_SLOT_ID slotID;
|
||||
CK_FLAGS flags;
|
||||
CK_VOID_PTR pApplication;
|
||||
CK_NOTIFY Notify;
|
||||
CK_SESSION_HANDLE_PTR phSession;
|
||||
};
|
||||
struct C_SetOperationState_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pOperationState;
|
||||
CK_ULONG ulOperationStateLen;
|
||||
CK_OBJECT_HANDLE hEncryptionKey;
|
||||
CK_OBJECT_HANDLE hAuthenticationKey;
|
||||
};
|
||||
struct C_CopyObject_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_OBJECT_HANDLE hObject;
|
||||
CK_ATTRIBUTE_PTR pTemplate;
|
||||
CK_ULONG ulCount;
|
||||
CK_OBJECT_HANDLE_PTR phNewObject;
|
||||
};
|
||||
struct C_Encrypt_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pData;
|
||||
CK_ULONG ulDataLen;
|
||||
CK_BYTE_PTR pEncryptedData;
|
||||
CK_ULONG_PTR pulEncryptedDataLen;
|
||||
};
|
||||
struct C_EncryptUpdate_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pPart;
|
||||
CK_ULONG ulPartLen;
|
||||
CK_BYTE_PTR pEncryptedPart;
|
||||
CK_ULONG_PTR pulEncryptedPartLen;
|
||||
};
|
||||
struct C_Decrypt_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pEncryptedData;
|
||||
CK_ULONG ulEncryptedDataLen;
|
||||
CK_BYTE_PTR pData;
|
||||
CK_ULONG_PTR pulDataLen;
|
||||
};
|
||||
struct C_DecryptUpdate_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pEncryptedPart;
|
||||
CK_ULONG ulEncryptedPartLen;
|
||||
CK_BYTE_PTR pPart;
|
||||
CK_ULONG_PTR pulPartLen;
|
||||
};
|
||||
struct C_Digest_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pData;
|
||||
CK_ULONG ulDataLen;
|
||||
CK_BYTE_PTR pDigest;
|
||||
CK_ULONG_PTR pulDigestLen;
|
||||
};
|
||||
struct C_Sign_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pData;
|
||||
CK_ULONG ulDataLen;
|
||||
CK_BYTE_PTR pSignature;
|
||||
CK_ULONG_PTR pulSignatureLen;
|
||||
};
|
||||
struct C_SignRecover_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pData;
|
||||
CK_ULONG ulDataLen;
|
||||
CK_BYTE_PTR pSignature;
|
||||
CK_ULONG_PTR pulSignatureLen;
|
||||
};
|
||||
struct C_Verify_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pData;
|
||||
CK_ULONG ulDataLen;
|
||||
CK_BYTE_PTR pSignature;
|
||||
CK_ULONG ulSignatureLen;
|
||||
};
|
||||
struct C_VerifyRecover_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pSignature;
|
||||
CK_ULONG ulSignatureLen;
|
||||
CK_BYTE_PTR pData;
|
||||
CK_ULONG_PTR pulDataLen;
|
||||
};
|
||||
struct C_DigestEncryptUpdate_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pPart;
|
||||
CK_ULONG ulPartLen;
|
||||
CK_BYTE_PTR pEncryptedPart;
|
||||
CK_ULONG_PTR pulEncryptedPartLen;
|
||||
};
|
||||
struct C_DecryptDigestUpdate_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pEncryptedPart;
|
||||
CK_ULONG ulEncryptedPartLen;
|
||||
CK_BYTE_PTR pPart;
|
||||
CK_ULONG_PTR pulPartLen;
|
||||
};
|
||||
struct C_SignEncryptUpdate_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pPart;
|
||||
CK_ULONG ulPartLen;
|
||||
CK_BYTE_PTR pEncryptedPart;
|
||||
CK_ULONG_PTR pulEncryptedPartLen;
|
||||
};
|
||||
struct C_DecryptVerifyUpdate_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_BYTE_PTR pEncryptedPart;
|
||||
CK_ULONG ulEncryptedPartLen;
|
||||
CK_BYTE_PTR pPart;
|
||||
CK_ULONG_PTR pulPartLen;
|
||||
};
|
||||
struct C_GenerateKey_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_MECHANISM_PTR pMechanism;
|
||||
CK_ATTRIBUTE_PTR pTemplate;
|
||||
CK_ULONG ulCount;
|
||||
CK_OBJECT_HANDLE_PTR phKey;
|
||||
};
|
||||
struct C_GenerateKeyPair_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_MECHANISM_PTR pMechanism;
|
||||
CK_ATTRIBUTE_PTR pPublicKeyTemplate;
|
||||
CK_ULONG ulPublicKeyAttributeCount;
|
||||
CK_ATTRIBUTE_PTR pPrivateKeyTemplate;
|
||||
CK_ULONG ulPrivateKeyAttributeCount;
|
||||
CK_OBJECT_HANDLE_PTR phPublicKey;
|
||||
CK_OBJECT_HANDLE_PTR phPrivateKey;
|
||||
};
|
||||
struct C_WrapKey_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_MECHANISM_PTR pMechanism;
|
||||
CK_OBJECT_HANDLE hWrappingKey;
|
||||
CK_OBJECT_HANDLE hKey;
|
||||
CK_BYTE_PTR pWrappedKey;
|
||||
CK_ULONG_PTR pulWrappedKeyLen;
|
||||
};
|
||||
struct C_UnwrapKey_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_MECHANISM_PTR pMechanism;
|
||||
CK_OBJECT_HANDLE hUnwrappingKey;
|
||||
CK_BYTE_PTR pWrappedKey;
|
||||
CK_ULONG ulWrappedKeyLen;
|
||||
CK_ATTRIBUTE_PTR pTemplate;
|
||||
CK_ULONG ulAttributeCount;
|
||||
CK_OBJECT_HANDLE_PTR phKey;
|
||||
};
|
||||
struct C_DeriveKey_nsc_args {
|
||||
CK_SESSION_HANDLE hSession;
|
||||
CK_MECHANISM_PTR pMechanism;
|
||||
CK_OBJECT_HANDLE hBaseKey;
|
||||
CK_ATTRIBUTE_PTR pTemplate;
|
||||
CK_ULONG ulAttributeCount;
|
||||
CK_OBJECT_HANDLE_PTR phKey;
|
||||
};
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Initialize_nsc_call(CK_VOID_PTR pInitArgs);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Finalize_nsc_call(CK_VOID_PTR pReserved);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetInfo_nsc_call(CK_INFO_PTR pInfo);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetFunctionList_nsc_call(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetSlotList_nsc_call(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetSlotInfo_nsc_call(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetTokenInfo_nsc_call(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetMechanismList_nsc_call(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetMechanismInfo_nsc_call(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_InitToken_nsc_call(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_InitPIN_nsc_call(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SetPIN_nsc_call(struct C_SetPIN_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_OpenSession_nsc_call(struct C_OpenSession_nsc_args *args);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CloseSession_nsc_call(CK_SESSION_HANDLE hSession);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CloseAllSessions_nsc_call(CK_SLOT_ID slotID);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetSessionInfo_nsc_call(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetOperationState_nsc_call(
|
||||
CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pOperationState,
|
||||
CK_ULONG_PTR pulOperationStateLen);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SetOperationState_nsc_call(struct C_SetOperationState_nsc_args *args);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Login_nsc_call(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
|
||||
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Logout_nsc_call(CK_SESSION_HANDLE hSession);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CreateObject_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
CK_OBJECT_HANDLE_PTR phObject);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DestroyObject_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetObjectSize_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetAttributeValue_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SetAttributeValue_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_FindObjectsInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_FindObjects_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE_PTR phObject,
|
||||
CK_ULONG ulMaxObjectCount,
|
||||
CK_ULONG_PTR pulObjectCount);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CopyObject_nsc_call(struct C_CopyObject_nsc_args *args);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_FindObjectsFinal_nsc_call(CK_SESSION_HANDLE hSession);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_EncryptInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Encrypt_nsc_call(struct C_Encrypt_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_EncryptUpdate_nsc_call(struct C_EncryptUpdate_nsc_args *args);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_EncryptFinal_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pLastEncryptedPart,
|
||||
CK_ULONG_PTR pulLastEncryptedPartLen);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Decrypt_nsc_call(struct C_Decrypt_nsc_args *args);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptUpdate_nsc_call(struct C_DecryptUpdate_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptFinal_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
|
||||
CK_ULONG_PTR pulLastPartLen);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Digest_nsc_call(struct C_Digest_nsc_args *args);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestUpdate_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestKey_nsc_call(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestFinal_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignInit_nsc_call(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Sign_nsc_call(struct C_Sign_nsc_args *args);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignUpdate_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignFinal_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignRecoverInit_nsc_call(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignRecover_nsc_call(struct C_SignRecover_nsc_args *args);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Verify_nsc_call(struct C_Verify_nsc_args *args);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyUpdate_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyFinal_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyRecoverInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyRecover_nsc_call(struct C_VerifyRecover_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestEncryptUpdate_nsc_call(struct C_DigestEncryptUpdate_nsc_args *args);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptDigestUpdate_nsc_call(struct C_DecryptDigestUpdate_nsc_args *args);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignEncryptUpdate_nsc_call(struct C_SignEncryptUpdate_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptVerifyUpdate_nsc_call(struct C_DecryptVerifyUpdate_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateKey_nsc_call(struct C_GenerateKey_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateKeyPair_nsc_call(struct C_GenerateKeyPair_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_WrapKey_nsc_call(struct C_WrapKey_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_UnwrapKey_nsc_call(struct C_UnwrapKey_nsc_args *args);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DeriveKey_nsc_call(struct C_DeriveKey_nsc_args *args);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SeedRandom_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen);
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateRandom_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetFunctionStatus_nsc_call(CK_SESSION_HANDLE hSession);
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CancelFunction_nsc_call(CK_SESSION_HANDLE hSession);
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_WaitForSlotEvent_nsc_call(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved);
|
||||
|
||||
#endif
|
|
@ -0,0 +1 @@
|
|||
Subproject commit eca242ea16d77d698a61eb4a9b20dca0853da20e
|
26
options.mk
26
options.mk
|
@ -536,6 +536,32 @@ ifeq ($(WOLFBOOT_HUGE_STACK),1)
|
|||
CFLAGS+=-DWOLFBOOT_HUGE_STACK
|
||||
endif
|
||||
|
||||
ifeq ($(SECURE_PKCS11),1)
|
||||
CFLAGS+=-DSECURE_PKCS11
|
||||
CFLAGS+=-DCK_CALLABLE="__attribute__((cmse_nonsecure_entry))"
|
||||
CFLAGS+=-DHAVE_PBKDF2
|
||||
CFLAGS+=-DWOLFPKCS11_CUSTOM_STORE
|
||||
CFLAGS+=-DWOLFBOOT_SECURE_PKCS11 -Ilib/wolfPKCS11
|
||||
CFLAGS+=-DWOLFPKCS11_USER_SETTINGS
|
||||
CFLAGS+=-DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_AES_GCM
|
||||
CFLAGS+=-DENCRYPT_WITH_AES128 -DWOLFSSL_AES_128
|
||||
CFLAGS+=-DHAVE_SCRYPT
|
||||
CFLAGS+=-DHAVE_AESGCM
|
||||
CFLAGS+=-DNO_PKCS11_TIME
|
||||
OBJS+=src/pkcs11_store.o
|
||||
OBJS+=src/pkcs11_callable.o
|
||||
WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/aes.o
|
||||
WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/pwdbased.o
|
||||
WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/hmac.o
|
||||
WOLFCRYPT_OBJS+=./lib/wolfPKCS11/src/crypto.o \
|
||||
./lib/wolfPKCS11/src/internal.o \
|
||||
./lib/wolfPKCS11/src/slot.o \
|
||||
./lib/wolfPKCS11/src/wolfpkcs11.o
|
||||
endif
|
||||
|
||||
OBJS+=$(PUBLIC_KEY_OBJS)
|
||||
OBJS+=$(UPDATE_OBJS)
|
||||
|
||||
ifeq ($(WOLFTPM),1)
|
||||
OBJS+=\
|
||||
./src/tpm.o \
|
||||
|
|
|
@ -0,0 +1,393 @@
|
|||
#include "wolfpkcs11/pkcs11.h"
|
||||
#include "wolfboot/wcs_pkcs11.h"
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Initialize_nsc_call(CK_VOID_PTR pInitArgs)
|
||||
{
|
||||
return C_Initialize(pInitArgs);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Finalize_nsc_call(CK_VOID_PTR pReserved)
|
||||
{
|
||||
return C_Finalize(pReserved);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetInfo_nsc_call(CK_INFO_PTR pInfo)
|
||||
{
|
||||
return C_GetInfo(pInfo);
|
||||
}
|
||||
|
||||
WP11_API CK_RV __attribute__((cmse_nonsecure_entry)) C_GetFunctionList_nsc_call(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
|
||||
{
|
||||
return C_GetFunctionList(ppFunctionList);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetSlotList_nsc_call(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
|
||||
{
|
||||
return C_GetSlotList(tokenPresent, pSlotList, pulCount);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetSlotInfo_nsc_call(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
|
||||
{
|
||||
return C_GetSlotInfo(slotID, pInfo);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetTokenInfo_nsc_call(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
||||
{
|
||||
return C_GetTokenInfo(slotID, pInfo);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetMechanismList_nsc_call(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)
|
||||
{
|
||||
return C_GetMechanismList(slotID, pMechanismList, pulCount);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetMechanismInfo_nsc_call(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)
|
||||
{
|
||||
return C_GetMechanismInfo(slotID, type, pInfo);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_InitToken_nsc_call(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel)
|
||||
{
|
||||
return C_InitToken(slotID, pPin, ulPinLen, pLabel);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_InitPIN_nsc_call(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
|
||||
{
|
||||
return C_InitPIN(hSession, pPin, ulPinLen);
|
||||
}
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SetPIN_nsc_call(struct C_SetPIN_nsc_args *args)
|
||||
|
||||
{
|
||||
return C_SetPIN(args->hSession, args->pOldPin, args->ulOldLen, args->pNewPin,
|
||||
args->ulNewLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_OpenSession_nsc_call(struct C_OpenSession_nsc_args *args) {
|
||||
|
||||
return C_OpenSession(args->slotID, args->flags, args->pApplication, args->Notify, args->phSession);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CloseSession_nsc_call(CK_SESSION_HANDLE hSession)
|
||||
{
|
||||
return C_CloseSession(hSession);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CloseAllSessions_nsc_call(CK_SLOT_ID slotID)
|
||||
{
|
||||
return C_CloseAllSessions(slotID);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetSessionInfo_nsc_call(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
|
||||
{
|
||||
return C_GetSessionInfo(hSession, pInfo);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetOperationState_nsc_call(
|
||||
CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pOperationState,
|
||||
CK_ULONG_PTR pulOperationStateLen) {
|
||||
return C_GetOperationState(hSession, pOperationState, pulOperationStateLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SetOperationState_nsc_call(struct C_SetOperationState_nsc_args *args) {
|
||||
|
||||
return C_SetOperationState(args->hSession, args->pOperationState, args->ulOperationStateLen, args->hEncryptionKey, args->hAuthenticationKey);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Login_nsc_call(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
|
||||
CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) {
|
||||
return C_Login(hSession, userType, pPin, ulPinLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Logout_nsc_call(CK_SESSION_HANDLE hSession) {
|
||||
return C_Logout(hSession);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CreateObject_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
||||
CK_OBJECT_HANDLE_PTR phObject) {
|
||||
return C_CreateObject(hSession, pTemplate, ulCount, phObject);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DestroyObject_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject) {
|
||||
return C_DestroyObject(hSession, hObject);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetObjectSize_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) {
|
||||
return C_GetObjectSize(hSession, hObject, pulSize);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetAttributeValue_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) {
|
||||
return C_GetAttributeValue(hSession, hObject, pTemplate, ulCount);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SetAttributeValue_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE hObject,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) {
|
||||
return C_SetAttributeValue(hSession, hObject, pTemplate, ulCount);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_FindObjectsInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) {
|
||||
return C_FindObjectsInit(hSession, pTemplate, ulCount);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_FindObjects_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_OBJECT_HANDLE_PTR phObject,
|
||||
CK_ULONG ulMaxObjectCount,
|
||||
CK_ULONG_PTR pulObjectCount) {
|
||||
return C_FindObjects(hSession, phObject, ulMaxObjectCount, pulObjectCount);
|
||||
}
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CopyObject_nsc_call(struct C_CopyObject_nsc_args *args) {
|
||||
|
||||
return C_CopyObject(args->hSession, args->hObject, args->pTemplate, args->ulCount, args->phNewObject);
|
||||
}
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_FindObjectsFinal_nsc_call(CK_SESSION_HANDLE hSession)
|
||||
{
|
||||
return C_FindObjectsFinal(hSession);
|
||||
}
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_EncryptInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
|
||||
{
|
||||
return C_EncryptInit(hSession, pMechanism, hKey);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Encrypt_nsc_call(struct C_Encrypt_nsc_args *args) {
|
||||
|
||||
return C_Encrypt(args->hSession, args->pData, args->ulDataLen, args->pEncryptedData, args->pulEncryptedDataLen);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_EncryptUpdate_nsc_call(struct C_EncryptUpdate_nsc_args *args) {
|
||||
|
||||
return C_EncryptUpdate(args->hSession, args->pPart, args->ulPartLen, args->pEncryptedPart, args->pulEncryptedPartLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_EncryptFinal_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pLastEncryptedPart,
|
||||
CK_ULONG_PTR pulLastEncryptedPartLen)
|
||||
{
|
||||
return C_EncryptFinal(hSession, pLastEncryptedPart, pulLastEncryptedPartLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
|
||||
{
|
||||
return C_DecryptInit(hSession, pMechanism, hKey);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Decrypt_nsc_call(struct C_Decrypt_nsc_args *args) {
|
||||
|
||||
return C_Decrypt(args->hSession, args->pEncryptedData, args->ulEncryptedDataLen, args->pData, args->pulDataLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptUpdate_nsc_call(struct C_DecryptUpdate_nsc_args *args) {
|
||||
|
||||
return C_DecryptUpdate(args->hSession, args->pEncryptedPart, args->ulEncryptedPartLen, args->pPart, args->pulPartLen);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptFinal_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
|
||||
CK_ULONG_PTR pulLastPartLen)
|
||||
{
|
||||
return C_DecryptFinal(hSession, pLastPart, pulLastPartLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism)
|
||||
{
|
||||
return C_DigestInit(hSession, pMechanism);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Digest_nsc_call(struct C_Digest_nsc_args *args) {
|
||||
|
||||
return C_Digest(args->hSession, args->pData, args->ulDataLen, args->pDigest, args->pulDigestLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestUpdate_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
|
||||
{
|
||||
return C_DigestUpdate(hSession, pPart, ulPartLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestKey_nsc_call(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
|
||||
{
|
||||
return C_DigestKey(hSession, hKey);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestFinal_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
|
||||
{
|
||||
return C_DigestFinal(hSession, pDigest, pulDigestLen);
|
||||
}
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignInit_nsc_call(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
|
||||
{
|
||||
return C_SignInit(hSession, pMechanism, hKey);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Sign_nsc_call(struct C_Sign_nsc_args *args) {
|
||||
|
||||
return C_Sign(args->hSession, args->pData, args->ulDataLen, args->pSignature, args->pulSignatureLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignUpdate_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
|
||||
{
|
||||
return C_SignUpdate(hSession, pPart, ulPartLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignFinal_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
|
||||
{
|
||||
return C_SignFinal(hSession, pSignature, pulSignatureLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignRecoverInit_nsc_call(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
|
||||
{
|
||||
return C_SignRecoverInit(hSession, pMechanism, hKey);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignRecover_nsc_call(struct C_SignRecover_nsc_args *args) {
|
||||
|
||||
return C_SignRecover(args->hSession, args->pData, args->ulDataLen, args->pSignature, args->pulSignatureLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
|
||||
{
|
||||
return C_VerifyInit(hSession, pMechanism, hKey);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_Verify_nsc_call(struct C_Verify_nsc_args *args) {
|
||||
|
||||
return C_Verify(args->hSession, args->pData, args->ulDataLen, args->pSignature, args->ulSignatureLen);
|
||||
}
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyUpdate_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
|
||||
CK_ULONG ulPartLen)
|
||||
{
|
||||
return C_VerifyUpdate(hSession, pPart, ulPartLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyFinal_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
|
||||
{
|
||||
return C_VerifyFinal(hSession, pSignature, ulSignatureLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyRecoverInit_nsc_call(CK_SESSION_HANDLE hSession,
|
||||
CK_MECHANISM_PTR pMechanism,
|
||||
CK_OBJECT_HANDLE hKey)
|
||||
{
|
||||
return C_VerifyRecoverInit(hSession, pMechanism, hKey);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyRecover_nsc_call(struct C_VerifyRecover_nsc_args *args) {
|
||||
|
||||
return C_VerifyRecover(args->hSession, args->pSignature, args->ulSignatureLen, args->pData, args->pulDataLen);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestEncryptUpdate_nsc_call(struct C_DigestEncryptUpdate_nsc_args *args) {
|
||||
|
||||
return C_DigestEncryptUpdate(args->hSession, args->pPart, args->ulPartLen, args->pEncryptedPart, args->pulEncryptedPartLen);
|
||||
}
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptDigestUpdate_nsc_call(struct C_DecryptDigestUpdate_nsc_args *args) {
|
||||
|
||||
return C_DecryptDigestUpdate(args->hSession, args->pEncryptedPart, args->ulEncryptedPartLen, args->pPart, args->pulPartLen);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SignEncryptUpdate_nsc_call(struct C_SignEncryptUpdate_nsc_args *args) {
|
||||
|
||||
return C_SignEncryptUpdate(args->hSession, args->pPart, args->ulPartLen, args->pEncryptedPart, args->pulEncryptedPartLen);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptVerifyUpdate_nsc_call(struct C_DecryptVerifyUpdate_nsc_args *args) {
|
||||
|
||||
return C_DecryptVerifyUpdate(args->hSession, args->pEncryptedPart, args->ulEncryptedPartLen, args->pPart, args->pulPartLen);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateKey_nsc_call(struct C_GenerateKey_nsc_args *args) {
|
||||
|
||||
return C_GenerateKey(args->hSession, args->pMechanism, args->pTemplate, args->ulCount, args->phKey);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateKeyPair_nsc_call(struct C_GenerateKeyPair_nsc_args *args) {
|
||||
|
||||
return C_GenerateKeyPair(args->hSession, args->pMechanism, args->pPublicKeyTemplate, args->ulPublicKeyAttributeCount, args->pPrivateKeyTemplate, args->ulPrivateKeyAttributeCount, args->phPublicKey, args->phPrivateKey);
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_WrapKey_nsc_call(struct C_WrapKey_nsc_args *args) {
|
||||
|
||||
return C_WrapKey(args->hSession, args->pMechanism, args->hWrappingKey, args->hKey, args->pWrappedKey, args->pulWrappedKeyLen);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_UnwrapKey_nsc_call(struct C_UnwrapKey_nsc_args *args) {
|
||||
|
||||
return C_UnwrapKey(args->hSession, args->pMechanism, args->hUnwrappingKey, args->pWrappedKey, args->ulWrappedKeyLen, args->pTemplate, args->ulAttributeCount, args->phKey);
|
||||
}
|
||||
|
||||
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_DeriveKey_nsc_call(struct C_DeriveKey_nsc_args *args) {
|
||||
|
||||
return C_DeriveKey(args->hSession, args->pMechanism, args->hBaseKey, args->pTemplate, args->ulAttributeCount, args->phKey);
|
||||
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_SeedRandom_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
|
||||
{
|
||||
return C_SeedRandom(hSession, pSeed, ulSeedLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateRandom_nsc_call(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
|
||||
{
|
||||
return C_GenerateRandom(hSession, pRandomData, ulRandomLen);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_GetFunctionStatus_nsc_call(CK_SESSION_HANDLE hSession)
|
||||
{
|
||||
return C_GetFunctionStatus(hSession);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_CancelFunction_nsc_call(CK_SESSION_HANDLE hSession)
|
||||
{
|
||||
return C_CancelFunction(hSession);
|
||||
}
|
||||
|
||||
CK_RV __attribute__((cmse_nonsecure_entry)) C_WaitForSlotEvent_nsc_call(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
|
||||
{
|
||||
return C_WaitForSlotEvent(flags, pSlot, pReserved);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
/* pkcs11_store.c
|
||||
*
|
||||
* Copyright (C) 2023 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfBoot.
|
||||
*
|
||||
* wolfBoot is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfBoot is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
|
||||
#include "wolfpkcs11/pkcs11.h"
|
||||
#include "wolfpkcs11/store.h"
|
||||
|
||||
int wolfPKCS11_Store_Open(int type, CK_ULONG id1, CK_ULONG id2, int read,
|
||||
void** store)
|
||||
{
|
||||
/* Stub */
|
||||
return -1;
|
||||
}
|
||||
|
||||
void wolfPKCS11_Store_Close(void* store)
|
||||
{
|
||||
/* Stub */
|
||||
|
||||
}
|
||||
|
||||
int wolfPKCS11_Store_Read(void* store, unsigned char* buffer, int len)
|
||||
{
|
||||
/* Stub */
|
||||
return -1;
|
||||
}
|
||||
|
||||
int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len)
|
||||
{
|
||||
/* Stub */
|
||||
return -1;
|
||||
}
|
|
@ -9,6 +9,9 @@
|
|||
#include "hal.h"
|
||||
#include <stdint.h>
|
||||
|
||||
|
||||
#ifdef CRYPTO_CB_HSM
|
||||
|
||||
/* From linker script, dedicated RAM area in secure mode */
|
||||
extern uint32_t _keyvault_origin, _keyvault_size;
|
||||
|
||||
|
@ -481,17 +484,6 @@ wcs_ecdh_shared(int privkey_slot_id, int pubkey_slot_id, word32 outlen)
|
|||
return shared_slot_id;
|
||||
}
|
||||
|
||||
int __attribute__((cmse_nonsecure_entry))
|
||||
wcs_get_random(uint8_t *rand, uint32_t size)
|
||||
{
|
||||
int ret;
|
||||
WC_RNG wcs_rng;
|
||||
wc_InitRng(&wcs_rng);
|
||||
ret = wc_RNG_GenerateBlock(&wcs_rng, rand, size);
|
||||
wc_FreeRng(&wcs_rng);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int __attribute__((cmse_nonsecure_entry))
|
||||
wcs_slot_read(int slot_id, uint8_t *buffer, uint32_t len)
|
||||
{
|
||||
|
@ -524,11 +516,26 @@ wcs_slot_read(int slot_id, uint8_t *buffer, uint32_t len)
|
|||
XMEMCPY(buffer, &item->key.raw, len);
|
||||
return len;
|
||||
}
|
||||
#endif /* CRYPTO_CB_HSM */
|
||||
|
||||
int __attribute__((cmse_nonsecure_entry))
|
||||
wcs_get_random(uint8_t *rand, uint32_t size)
|
||||
{
|
||||
int ret;
|
||||
WC_RNG wcs_rng;
|
||||
wc_InitRng(&wcs_rng);
|
||||
ret = wc_RNG_GenerateBlock(&wcs_rng, rand, size);
|
||||
wc_FreeRng(&wcs_rng);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
void wcs_Init(void)
|
||||
{
|
||||
hal_trng_init();
|
||||
#ifdef CRYPTO_CB_HSM
|
||||
keyvault_init();
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
@ -112,8 +112,6 @@ void main(void)
|
|||
for (i = 0; i < (rand / 100000000); i++)
|
||||
;
|
||||
|
||||
wcs_slot_read(0, (unsigned char *)CaBuf, 2048);
|
||||
|
||||
#endif
|
||||
hal_init();
|
||||
uart_init(115200, 8, 'N', 1);
|
||||
|
|
|
@ -69,6 +69,7 @@ ifeq ($(ARCH),)
|
|||
DELTA_UPDATES?=0
|
||||
DELTA_BLOCK_SIZE?=256
|
||||
WOLFBOOT_HUGE_STACK?=0
|
||||
SECURE_PKCS11?=0
|
||||
ARMORED?=0
|
||||
ELF?=0
|
||||
FORCE_32BIT=0
|
||||
|
|
Loading…
Reference in New Issue