Added ST-Safe server side PK callback example for key gen. Added helper API's for setting up the PK callbacks and custom context.

2018-08-23 15:57:14 -07:00 · 2018-08-23 15:57:14 -07:00 · 88e6bd2915
parent c7dde6c682
commit 88e6bd2915
2 changed files with 62 additions and 0 deletions
--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@ -58,6 +58,41 @@ int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate,
 }

 #ifdef HAVE_PK_CALLBACKS
+
+/**
+ * \brief Key Gen Callback (used by TLS server)
+ */
+int SSL_STSAFE_CreateKeyCb(WOLFSSL* ssl, ecc_key* key, word32 keySz,
+    int ecc_curve, void* ctx)
+{
+    int err;
+    byte pubKeyRaw[STSAFE_MAX_PUBKEY_RAW_LEN];
+    StSafeA_KeySlotNumber slot;
+    StSafeA_CurveId curve_id;
+
+    (void)ssl;
+    (void)ctx;
+
+#ifdef USE_STSAFE_VERBOSE
+    WOLFSSL_MSG("CreateKeyCb: STSAFE");
+#endif
+
+    /* get curve */
+    curve_id = stsafe_get_ecc_curve_id(ecc_curve);
+
+    /* generate new ephemeral key on device */
+    err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]);
+    if (err != 0) {
+        return err;
+    }
+
+    /* load generated public key into key, used by wolfSSL */
+    err = wc_ecc_import_unsigned(key, &pubKeyRaw[0], &pubKeyRaw[keySz],
+        NULL, ecc_curve);
+
+    return err;
+}
+
 /**
 * \brief Verify Peer Cert Callback.
 */
@ -267,6 +302,27 @@ int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey,

    return err;
 }
+
+int SSL_STSAFE_SetupPkCallbacks(WOLFSSL_CTX* ctx)
+{
+    wolfSSL_CTX_SetEccKeyGenCb(ctx, SSL_STSAFE_CreateKeyCb);
+    wolfSSL_CTX_SetEccSignCb(ctx, SSL_STSAFE_SignCertificateCb);
+    wolfSSL_CTX_SetEccVerifyCb(ctx, SSL_STSAFE_VerifyPeerCertCb);
+    wolfSSL_CTX_SetEccSharedSecretCb(ctx, SSL_STSAFE_SharedSecretCb);
+    wolfSSL_CTX_SetDevId(ctx, 0);
+    return 0;
+}
+
+int SSL_STSAFE_SetupPkCallbackCtx(WOLFSSL* ssl, void* user_ctx)
+{
+    wolfSSL_SetEccKeyGenCtx(ssl, user_ctx);
+    wolfSSL_SetEccSharedSecretCtx(ssl, user_ctx);
+    wolfSSL_SetEccSignCtx(ssl, user_ctx);
+    wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
+    return 0;
+}
+
+
 #endif /* HAVE_PK_CALLBACKS */

 #endif /* WOLFSSL_STSAFEA100 */
--- a/wolfssl/wolfcrypt/port/st/stsafe.h
+++ b/wolfssl/wolfcrypt/port/st/stsafe.h
@ -45,6 +45,8 @@ WOLFSSL_API int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate,
    word32* pRawCertificateLen);

 #ifdef HAVE_PK_CALLBACKS
+WOLFSSL_API int SSL_STSAFE_CreateKeyCb(WOLFSSL* ssl, ecc_key* key, word32 keySz,
+    int ecc_curve, void* ctx);
 WOLFSSL_API int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
   const unsigned char* sig, unsigned int sigSz,
   const unsigned char* hash, unsigned int hashSz,
@ -59,6 +61,10 @@ WOLFSSL_API int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl,
    unsigned char* pubKeyDer, unsigned int* pubKeySz,
    unsigned char* out, unsigned int* outlen,
    int side, void* ctx);
+
+/* Helper API's for setting up callbacks */
+WOLFSSL_API int SSL_STSAFE_SetupPkCallbacks(WOLFSSL_CTX* ctx);
+WOLFSSL_API int SSL_STSAFE_SetupPkCallbackCtx(WOLFSSL* ssl, void* user_ctx);
 #endif

 #endif /* WOLFSSL_STSAFEA100 */