WolfSSL
/
wolfssl-freertos
mirror of https://github.com/wolfSSL/wolfssl-freertos.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix for loading the client certificate/key used for TLS.

pull/2/head
David Garske 2018-04-30 11:08:52 -07:00
parent 34e57ce3c6
commit f8f5d6aa1a
3 changed files with 79 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
FreeRTOS-AWS/lib/include/aws_pkcs11.h
View File

@ -53,4 +53,12 @@
/* Bring in the public header. */ /* Bring in the public header. */
#include "pkcs11.h" #include "pkcs11.h"
#ifdef WOLF_AWSTLS
/* key der, wolf vendor specific */
typedef struct vedCliKey {
unsigned char* der;
unsigned int derLen;
} vedCliKey;
#endif
#endif /* ifndef _AWS_PKCS11_H_ */ #endif /* ifndef _AWS_PKCS11_H_ */

50
FreeRTOS-AWS/lib/pkcs11/portable/pc/windows/wolf_pkcs11.c
View File

@ -97,6 +97,8 @@ typedef struct wolfSSL_pk_context {
} key; } key;
int type; /* wolfSSL_pk_type_t */ int type; /* wolfSSL_pk_type_t */
int keyBits; int keyBits;
byte* der;
word32 derLen;
} wolfSSL_pk_context; } wolfSSL_pk_context;
@ -121,6 +123,26 @@ size_t wolfSSL_pk_get_bitlen( const wolfSSL_pk_context *pk )
return 0; return 0;
} }
void* wolfSSL_pk_get_key( const wolfSSL_pk_context *pk )
{
if (pk)
return pk->key.ptr;
return NULL;
}
int wolfSSL_pk_get_key_der( const wolfSSL_pk_context *pk, byte* der, word32* derLen )
{
int ret = -1;
if (pk && der && derLen) {
if (*derLen >= pk->derLen)
return BUFFER_E;
memcpy(der, pk->der, pk->derLen);
*derLen = pk->derLen;
ret = 0;
}
return ret;
}
void wolfSSL_pk_key_free( wolfSSL_pk_context *pk ) void wolfSSL_pk_key_free( wolfSSL_pk_context *pk )
{ {
/* cleanup keys */ /* cleanup keys */
@ -224,6 +246,12 @@ int wolfSSL_pk_parse_key( wolfSSL_pk_context *pk,
derLen = ret; derLen = ret;
} }
pk->derLen = derLen;
pk->der = (byte*)pvPortMalloc(derLen);
if (pk->der) {
memcpy(pk->der, der, derLen);
}
/* try RSA */ /* try RSA */
pk->type = WOLFSSL_PK_RSA; pk->type = WOLFSSL_PK_RSA;
ret = wolfSSL_pk_create_key(pk, der, derLen); ret = wolfSSL_pk_create_key(pk, der, derLen);
@ -366,8 +394,16 @@ int wolfSSL_pk_verify(wolfSSL_pk_context *pk,
void wolfSSL_pk_free( wolfSSL_pk_context *pk ) void wolfSSL_pk_free( wolfSSL_pk_context *pk )
{ {
if (pk == NULL)
return;
/* cleanup keys */ /* cleanup keys */
wolfSSL_pk_key_free(pk); wolfSSL_pk_key_free(pk);
if (pk->der) {
vPortFree(pk->der);
pk->der = NULL;
}
} }
@ -1062,6 +1098,7 @@ CK_DEFINE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE xSession,
CK_ULONG ulAttrLength = 0; CK_ULONG ulAttrLength = 0;
wolfSSL_pk_type_t xWolfPkType; wolfSSL_pk_type_t xWolfPkType;
CK_ULONG xP11KeyType, iAttrib, xKeyBitLen; CK_ULONG xP11KeyType, iAttrib, xKeyBitLen;
vedCliKey cliKey;
( void ) ( xObject ); ( void ) ( xObject );
@ -1132,6 +1169,19 @@ CK_DEFINE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE xSession,
pvAttr = &xKeyBitLen; pvAttr = &xKeyBitLen;
break; break;
case CKA_VENDOR_DEFINED:
{
/*
* Return the key context for application-layer use.
*/
memset(&cliKey, 0, sizeof(cliKey));
cliKey.der = pxSession->pxCurrentKey->xWolfPkCtx.der;
cliKey.derLen = pxSession->pxCurrentKey->xWolfPkCtx.derLen;
ulAttrLength = sizeof(cliKey);
pvAttr = &cliKey;
break;
}
default: default:
xResult = CKR_ATTRIBUTE_TYPE_INVALID; xResult = CKR_ATTRIBUTE_TYPE_INVALID;
break; break;

22
FreeRTOS-AWS/lib/tls/wolf_tls.c
View File

@ -169,6 +169,7 @@ static int prvInitializeClientCredential( TLSContext_t * pCtx )
CK_OBJECT_CLASS xObjClass = 0; CK_OBJECT_CLASS xObjClass = 0;
CK_OBJECT_HANDLE xCertObj = 0; CK_OBJECT_HANDLE xCertObj = 0;
CK_BYTE * pucCertificate = NULL; CK_BYTE * pucCertificate = NULL;
vedCliKey cliKey;
/* Ensure that the PKCS#11 module is initialized. */ /* Ensure that the PKCS#11 module is initialized. */
if( 0 == xResult ) if( 0 == xResult )
@ -218,6 +219,16 @@ static int prvInitializeClientCredential( TLSContext_t * pCtx )
xResult = ( BaseType_t ) pCtx->pxP11FunctionList->C_FindObjectsFinal( pCtx->xP11Session ); xResult = ( BaseType_t ) pCtx->pxP11FunctionList->C_FindObjectsFinal( pCtx->xP11Session );
} }
/* Get the internal key context. */
if( 0 == xResult )
{
xTemplate.type = CKA_VENDOR_DEFINED;
xTemplate.ulValueLen = sizeof( cliKey );
xTemplate.pValue = &cliKey;
xResult = ( BaseType_t ) pCtx->pxP11FunctionList->C_GetAttributeValue(
pCtx->xP11Session, pCtx->xP11PrivateKey, &xTemplate, 1 );
}
/* Get the key size. */ /* Get the key size. */
if( 0 == xResult ) if( 0 == xResult )
{ {
@ -281,11 +292,18 @@ static int prvInitializeClientCredential( TLSContext_t * pCtx )
/* Decode the client certificate. */ /* Decode the client certificate. */
if( 0 == xResult ) if( 0 == xResult )
{ {
xResult = wolfSSL_CTX_load_verify_buffer(pCtx->ctx, xResult = wolfSSL_CTX_use_certificate_buffer(pCtx->ctx,
(const byte*)pucCertificate, xTemplate.ulValueLen, (const byte*)pucCertificate, xTemplate.ulValueLen,
WOLFSSL_FILETYPE_ASN1); WOLFSSL_FILETYPE_ASN1);
if (xResult == WOLFSSL_SUCCESS) if (xResult == WOLFSSL_SUCCESS)
xResult = 0; xResult = 0;
/* Load certificate private key */
xResult = wolfSSL_CTX_use_PrivateKey_buffer(pCtx->ctx,
(const byte*)cliKey.der, cliKey.derLen,
WOLFSSL_FILETYPE_ASN1);
if (xResult == WOLFSSL_SUCCESS)
xResult = 0;
} }
if( NULL != pucCertificate ) if( NULL != pucCertificate )
@ -449,6 +467,8 @@ BaseType_t TLS_Connect( void * pvContext )
break; break;
} }
} }
if (xResult == WOLFSSL_SUCCESS)
xResult = 0;
} }
return xResult; return xResult;