WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
wolfssl/wolfcrypt/src/wc_pkcs11.c

3729 lines
126 KiB
C
Raw Blame History

/* wc_pkcs11.c
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_PKCS11
#include <dlfcn.h>
#include <wolfssl/wolfcrypt/wc_pkcs11.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#if defined(NO_PKCS11_RSA) && !defined(NO_RSA)
#define NO_RSA
#endif
#if defined(NO_PKCS11_ECC) && defined(HAVE_ECC)
#undef HAVE_ECC
#endif
#if defined(NO_PKCS11_AES) && !defined(NO_AES)
#define NO_AES
#endif
#if defined(NO_PKCS11_AESGCM) && defined(HAVE_AESGCM)
#undef HAVE_AESGCM
#endif
#if defined(NO_PKCS11_AESCBC) && defined(HAVE_AES_CBC)
#undef HAVE_AES_CBC
#endif
#if defined(NO_PKCS11_HMAC) && !defined(NO_HMAC)
#define NO_HMAC
#endif
#if defined(NO_PKCS11_RNG) && !defined(WC_NO_RNG)
#define WC_NO_RNG
#endif
/* Maximim length of the EC parameter string. */
#define MAX_EC_PARAM_LEN 16
#if defined(HAVE_ECC) && !defined(NO_PKCS11_ECDH)
/* Pointer to false required for templates. */
static CK_BBOOL ckFalse = CK_FALSE;
#endif
#if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
(defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || !defined(NO_HMAC)
/* Pointer to true required for templates. */
static CK_BBOOL ckTrue = CK_TRUE;
#endif
#ifndef NO_RSA
/* Pointer to RSA key type required for templates. */
static CK_KEY_TYPE rsaKeyType = CKK_RSA;
#endif
#ifdef HAVE_ECC
/* Pointer to EC key type required for templates. */
static CK_KEY_TYPE ecKeyType = CKK_EC;
#endif
#if !defined(NO_RSA) || defined(HAVE_ECC)
/* Pointer to public key class required for templates. */
static CK_OBJECT_CLASS pubKeyClass = CKO_PUBLIC_KEY;
/* Pointer to private key class required for templates. */
static CK_OBJECT_CLASS privKeyClass = CKO_PRIVATE_KEY;
#endif
#if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \
!defined(NO_HMAC) || (defined(HAVE_ECC) && !defined(NO_PKCS11_ECDH))
/* Pointer to secret key class required for templates. */
static CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY;
#endif
#ifdef WOLFSSL_DEBUG_PKCS11
/* Formats of template items - used to instruct how to log information. */
enum PKCS11_TYPE_FORMATS {
PKCS11_FMT_BOOLEAN,
PKCS11_FMT_CLASS,
PKCS11_FMT_KEY_TYPE,
PKCS11_FMT_STRING,
PKCS11_FMT_NUMBER,
PKCS11_FMT_DATA,
PKCS11_FMT_POINTER
};
/* Information for logging a template item. */
static struct PKCS11_TYPE_STR {
/** Attribute type in template. */
CK_ATTRIBUTE_TYPE type;
/** String to log corresponding to attribute type. */
const char* str;
/** Format of data associated with template item. */
int format;
} typeStr[] = {
{ CKA_CLASS, "CKA_CLASS", PKCS11_FMT_CLASS },
{ CKA_TOKEN, "CKA_TOKEN", PKCS11_FMT_POINTER },
{ CKA_PRIVATE, "CKA_PRIVATE", PKCS11_FMT_BOOLEAN },
{ CKA_LABEL, "CKA_LABEL", PKCS11_FMT_STRING },
{ CKA_VALUE, "CKA_VALUE", PKCS11_FMT_DATA },
{ CKA_OBJECT_ID, "CKA_OBJECT_ID", PKCS11_FMT_POINTER },
{ CKA_KEY_TYPE, "CKA_KEY_TYPE", PKCS11_FMT_KEY_TYPE },
{ CKA_ID, "CKA_ID", PKCS11_FMT_DATA },
{ CKA_SENSITIVE, "CKA_SENSITIVE", PKCS11_FMT_BOOLEAN },
{ CKA_ENCRYPT, "CKA_ENCRYPT", PKCS11_FMT_BOOLEAN },
{ CKA_DECRYPT, "CKA_DECRYPT", PKCS11_FMT_BOOLEAN },
{ CKA_SIGN, "CKA_SIGN", PKCS11_FMT_BOOLEAN },
{ CKA_VERIFY, "CKA_VERIFY", PKCS11_FMT_BOOLEAN },
{ CKA_DERIVE, "CKA_DERIVE", PKCS11_FMT_BOOLEAN },
{ CKA_MODULUS_BITS, "CKA_MODULUS_BITS", PKCS11_FMT_NUMBER },
{ CKA_MODULUS, "CKA_MODULUS", PKCS11_FMT_DATA },
{ CKA_PUBLIC_EXPONENT, "CKA_PUBLIC_EXPONENT", PKCS11_FMT_DATA },
{ CKA_PRIVATE_EXPONENT, "CKA_PRIVATE_EXPONENT", PKCS11_FMT_DATA },
{ CKA_PRIME_1, "CKA_PRIME_1", PKCS11_FMT_DATA },
{ CKA_PRIME_2, "CKA_PRIME_2", PKCS11_FMT_DATA },
{ CKA_EXPONENT_1, "CKA_EXPONENT_1", PKCS11_FMT_DATA },
{ CKA_EXPONENT_2, "CKA_EXPONENT_2", PKCS11_FMT_DATA },
{ CKA_VALUE_LEN, "CKA_VALUE_LEN", PKCS11_FMT_NUMBER },
{ CKA_COEFFICIENT, "CKA_COEFFICIENT", PKCS11_FMT_DATA },
{ CKA_EXTRACTABLE, "CKA_EXTRACTABLE", PKCS11_FMT_BOOLEAN },
{ CKA_EC_PARAMS, "CKA_EC_PARAMS", PKCS11_FMT_DATA },
{ CKA_EC_POINT, "CKA_EC_POINT", PKCS11_FMT_DATA },
};
/* Count of known attribute types for logging. */
#define PKCS11_TYPE_STR_CNT ((int)(sizeof(typeStr) / sizeof(*typeStr)))
/*
* Dump/log the PKCS #11 template.
*
* This is only for debugging purposes. Only the values needed are recognised.
*
* @param [in] templ PKCS #11 template to dump.
* @param [in] cnt Count of template entries.
*/
static void pkcs11_dump_template(CK_ATTRIBUTE* templ, CK_ULONG cnt)
{
CK_ULONG i;
int j;
char line[80];
char type[25];
int format;
CK_KEY_TYPE keyType;
CK_OBJECT_CLASS keyClass;
for (i = 0; i < cnt; i++) {
format = PKCS11_FMT_POINTER;
for (j = 0; j < PKCS11_TYPE_STR_CNT; j++) {
if (templ[i].type == typeStr[j].type) {
XSNPRINTF(type, sizeof(type), "%s", typeStr[j].str);
format = typeStr[j].format;
break;
}
}
if (j == PKCS11_TYPE_STR_CNT) {
XSNPRINTF(type, sizeof(type), "%08lxUL", templ[i].type);
}
switch (format) {
case PKCS11_FMT_BOOLEAN:
#if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
(defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || !defined(NO_HMAC)
if (templ[i].pValue == &ckTrue) {
XSNPRINTF(line, sizeof(line), "%25s: TRUE", type);
WOLFSSL_MSG(line);
}
else
#endif
#if defined(HAVE_ECC) && !defined(NO_PKCS11_ECDH)
if (templ[i].pValue == &ckFalse) {
XSNPRINTF(line, sizeof(line), "%25s: FALSE", type);
WOLFSSL_MSG(line);
}
else
#endif
{
XSNPRINTF(line, sizeof(line), "%25s: INVALID (%p)", type,
templ[i].pValue);
WOLFSSL_MSG(line);
}
break;
case PKCS11_FMT_CLASS:
keyClass = *(CK_OBJECT_CLASS*)templ[i].pValue;
if (keyClass == CKO_PUBLIC_KEY) {
XSNPRINTF(line, sizeof(line), "%25s: PUBLIC", type);
WOLFSSL_MSG(line);
}
else if (keyClass == CKO_PRIVATE_KEY) {
XSNPRINTF(line, sizeof(line), "%25s: PRIVATE", type);
WOLFSSL_MSG(line);
}
else if (keyClass == CKO_SECRET_KEY) {
XSNPRINTF(line, sizeof(line), "%25s: SECRET", type);
WOLFSSL_MSG(line);
}
else
{
XSNPRINTF(line, sizeof(line), "%25s: UNKNOWN (%p)", type,
templ[i].pValue);
WOLFSSL_MSG(line);
}
break;
case PKCS11_FMT_KEY_TYPE:
keyType = *(CK_KEY_TYPE*)templ[i].pValue;
switch (keyType) {
case CKK_RSA:
XSNPRINTF(line, sizeof(line), "%25s: RSA", type);
break;
case CKK_DH:
XSNPRINTF(line, sizeof(line), "%25s: DH", type);
break;
case CKK_EC:
XSNPRINTF(line, sizeof(line), "%25s: EC", type);
break;
case CKK_GENERIC_SECRET:
XSNPRINTF(line, sizeof(line), "%25s: GENERIC_SECRET", type);
break;
case CKK_AES:
XSNPRINTF(line, sizeof(line), "%25s: AES", type);
break;
case CKK_MD5_HMAC:
XSNPRINTF(line, sizeof(line), "%25s: MD5_HMAC", type);
break;
case CKK_SHA_1_HMAC:
XSNPRINTF(line, sizeof(line), "%25s: SHA_1_HMAC", type);
break;
case CKK_SHA256_HMAC:
XSNPRINTF(line, sizeof(line), "%25s: SHA256_HMAC", type);
break;
case CKK_SHA384_HMAC:
XSNPRINTF(line, sizeof(line), "%25s: SHA384_HMAC", type);
break;
case CKK_SHA512_HMAC:
XSNPRINTF(line, sizeof(line), "%25s: SHA512_HMAC", type);
break;
case CKK_SHA224_HMAC:
XSNPRINTF(line, sizeof(line), "%25s: SHA224_HMAC", type);
break;
default:
XSNPRINTF(line, sizeof(line), "%25s: UNKNOWN (%08lx)", type,
keyType);
break;
}
WOLFSSL_MSG(line);
break;
case PKCS11_FMT_STRING:
XSNPRINTF(line, sizeof(line), "%25s: %s", type,
(char*)templ[i].pValue);
WOLFSSL_MSG(line);
break;
case PKCS11_FMT_NUMBER:
if (templ[i].ulValueLen <= 1) {
XSNPRINTF(line, sizeof(line), "%25s: 0x%02x (%d)", type,
*(byte*)templ[i].pValue, *(byte*)templ[i].pValue);
}
else if (templ[i].ulValueLen <= 2) {
XSNPRINTF(line, sizeof(line), "%25s: 0x%04x (%d)", type,
*(word16*)templ[i].pValue, *(word16*)templ[i].pValue);
}
else if (templ[i].ulValueLen <= 4) {
XSNPRINTF(line, sizeof(line), "%25s: 0x%08x (%d)", type,
*(word32*)templ[i].pValue, *(word32*)templ[i].pValue);
}
else if (templ[i].ulValueLen <= 8) {
XSNPRINTF(line, sizeof(line), "%25s: 0x%016lx (%ld)", type,
*(word64*)templ[i].pValue, *(word64*)templ[i].pValue);
}
else {
XSNPRINTF(line, sizeof(line), "%25s: INVALID (%ld)", type,
templ[i].ulValueLen);
}
WOLFSSL_MSG(line);
break;
case PKCS11_FMT_DATA:
XSNPRINTF(line, sizeof(line), "%25s: %ld", type,
templ[i].ulValueLen);
WOLFSSL_MSG(line);
if (templ[i].pValue == NULL) {
XSNPRINTF(line, sizeof(line), "%27s(nil)", "");
WOLFSSL_MSG(line);
break;
}
XSNPRINTF(line, sizeof(line), "%27s", "");
for (j = 0; j < (int)templ[i].ulValueLen && j < 80; j++) {
char hex[6];
XSNPRINTF(hex, sizeof(hex), "0x%02x,",
((byte*)templ[i].pValue)[j]);
XSTRNCAT(line, hex, 5);
if ((j % 8) == 7) {
WOLFSSL_MSG(line);
XSNPRINTF(line, sizeof(line), "%27s", "");
}
}
if (j == (int)templ[i].ulValueLen) {
if ((j % 8) != 0) {
WOLFSSL_MSG(line);
}
}
else if (j < (int)templ[i].ulValueLen) {
XSNPRINTF(line, sizeof(line), "%27s...", "");
WOLFSSL_MSG(line);
}
break;
case PKCS11_FMT_POINTER:
XSNPRINTF(line, sizeof(line), "%25s: %p %ld", type, templ[i].pValue,
templ[i].ulValueLen);
WOLFSSL_MSG(line);
break;
}
}
}
/*
* Log a PKCS #11 return value with the name of function called.
*
* This is only for debugging purposes. Only the values needed are recognised.
*
* @param [in] op PKCS #11 operation that was attempted.
* @param [in] rv PKCS #11 return value.
*/
static void pkcs11_rv(const char* op, CK_RV rv)
{
char line[80];
if (rv == CKR_OK) {
XSNPRINTF(line, 80, "%s: OK", op);
}
else if (rv == CKR_MECHANISM_INVALID) {
XSNPRINTF(line, 80, "%s: MECHANISM_INVALID", op);
}
else if (rv == CKR_SIGNATURE_INVALID) {
XSNPRINTF(line, 80, "%s: SIGNATURE_INVALID", op);
}
else {
XSNPRINTF(line, 80, "%s: %08lxUL (FAILED)", op, rv);
}
WOLFSSL_MSG(line);
}
/*
* Log a value from a PKCS #11 operation.
*
* This is only for debugging purposes.
*
* @param [in] op PKCS #11 operation that was attempted.
* @param [in] val Value to log.
*/
static void pkcs11_val(const char* op, CK_ULONG val)
{
char line[80];
XSNPRINTF(line, 80, "%s: %ld", op, val);
WOLFSSL_MSG(line);
}
#endif
/**
* Load library, get function list and initialize PKCS#11.
*
* @param [in] dev Device object.
* @param [in] library Library name including path.
* @return BAD_FUNC_ARG when dev or library are NULL pointers.
* @return BAD_PATH_ERROR when dynamic library cannot be opened.
* @return WC_INIT_E when the initialization PKCS#11 fails.
* @return WC_HW_E when unable to get PKCS#11 function list.
* @return 0 on success.
*/
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
{
int ret = 0;
void* func;
CK_C_INITIALIZE_ARGS args;
if (dev == NULL || library == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
dev->heap = heap;
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
if (dev->dlHandle == NULL) {
WOLFSSL_MSG(dlerror());
ret = BAD_PATH_ERROR;
}
}
if (ret == 0) {
dev->func = NULL;
func = dlsym(dev->dlHandle, "C_GetFunctionList");
if (func == NULL)
ret = WC_HW_E;
}
if (ret == 0) {
if (((CK_C_GetFunctionList)func)(&dev->func) != CKR_OK)
ret = WC_HW_E;
}
if (ret == 0) {
XMEMSET(&args, 0x00, sizeof(args));
args.flags = CKF_OS_LOCKING_OK;
if (dev->func->C_Initialize(&args) != CKR_OK)
ret = WC_INIT_E;
}
if (ret != 0)
wc_Pkcs11_Finalize(dev);
return ret;
}
/**
* Close the Pkcs#11 library.
*
* @param [in] dev Device object.
*/
void wc_Pkcs11_Finalize(Pkcs11Dev* dev)
{
if (dev != NULL && dev->dlHandle != NULL) {
if (dev->func != NULL) {
dev->func->C_Finalize(NULL);
dev->func = NULL;
}
dlclose(dev->dlHandle);
dev->dlHandle = NULL;
}
}
/**
* Set up a token for use.
*
* @param [in] token Token object.
* @param [in] dev PKCS#11 device object.
* @param [in] slotId Slot number of the token.<br>
* Passing -1 uses the first available slot.
* @param [in] tokenName Name of token to initialize.
* @param [in] userPin PIN to use to login as user.
* @param [in] userPinSz Number of bytes in PIN.
* @return BAD_FUNC_ARG when token, dev and/or tokenName is NULL.
* @return WC_INIT_E when initializing token fails.
* @return WC_HW_E when another PKCS#11 library call fails.
* @return -1 when no slot available.
* 0 on success.
*/
int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
const char* tokenName, const unsigned char* userPin, int userPinSz)
{
int ret = 0;
CK_RV rv;
CK_SLOT_ID* slot = NULL;
CK_ULONG slotCnt = 0;
if (token == NULL || dev == NULL || tokenName == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
if (slotId < 0) {
/* Use first available slot with a token. */
rv = dev->func->C_GetSlotList(CK_TRUE, NULL, &slotCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetSlotList", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
if (ret == 0) {
slot = (CK_SLOT_ID*)XMALLOC(slotCnt * sizeof(*slot), dev->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (slot == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
rv = dev->func->C_GetSlotList(CK_TRUE, slot, &slotCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetSlotList", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
if (slotCnt > 0)
slotId = (int)slot[0];
else
ret = WC_HW_E;
}
}
}
if (ret == 0) {
token->func = dev->func;
token->slotId = (CK_SLOT_ID)slotId;
token->handle = NULL_PTR;
token->userPin = (CK_UTF8CHAR_PTR)userPin;
token->userPinSz = (CK_ULONG)userPinSz;
}
if (slot != NULL)
XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
/**
* Finalize token.
* Closes all sessions on token.
*
* @param [in] token Token object.
*/
void wc_Pkcs11Token_Final(Pkcs11Token* token)
{
if (token != NULL && token->func != NULL) {
token->func->C_CloseAllSessions(token->slotId);
token->handle = NULL_PTR;
ForceZero(token->userPin, (word32)token->userPinSz);
}
}
/**
* Open a session on a token.
*
* @param [in] token Token object.
* @param [in] session Session object.
* @param [in] readWrite Boolean indicating to open session for Read/Write.
* @return BAD_FUNC_ARG when token or session is NULL.
* @return WC_HW_E when opening the session fails.
* @return 0 on success.
*/
static int Pkcs11OpenSession(Pkcs11Token* token, Pkcs11Session* session,
int readWrite)
{
int ret = 0;
CK_RV rv;
if (token == NULL || session == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
if (token->handle != NULL_PTR)
session->handle = token->handle;
else {
/* Create a new session. */
CK_FLAGS flags = CKF_SERIAL_SESSION;
if (readWrite)
flags |= CKF_RW_SESSION;
rv = token->func->C_OpenSession(token->slotId, flags,
(CK_VOID_PTR)NULL, (CK_NOTIFY)NULL,
&session->handle);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_OpenSession", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
if (ret == 0 && token->userPin != NULL) {
rv = token->func->C_Login(session->handle, CKU_USER,
token->userPin, token->userPinSz);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_Login", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
}
}
if (ret == 0) {
session->func = token->func;
session->slotId = token->slotId;
}
return ret;
}
/**
* Close a session on a token.
* Won't close a session created externally.
*
* @param [in] token Token object.
* @param [in] session Session object.
*/
static void Pkcs11CloseSession(Pkcs11Token* token, Pkcs11Session* session)
{
if (token != NULL && session != NULL && token->handle != session->handle) {
if (token->userPin != NULL)
session->func->C_Logout(session->handle);
session->func->C_CloseSession(session->handle);
}
}
/**
* Open a session on the token to be used for all operations.
*
* @param [in] token Token object.
* @param [in] readWrite Boolean indicating to open session for Read/Write.
* @return BAD_FUNC_ARG when token is NULL.
* @return WC_HW_E when opening the session fails.
* @return 0 on success.
*/
int wc_Pkcs11Token_Open(Pkcs11Token* token, int readWrite)
{
int ret = 0;
Pkcs11Session session;
if (token == NULL)
ret = BAD_FUNC_ARG;
if (ret == 0) {
ret = Pkcs11OpenSession(token, &session, readWrite);
token->handle = session.handle;
}
return ret;
}
/**
* Close the token's session.
* All object, like keys, will be destroyed.
*
* @param [in] token Token object.
*/
void wc_Pkcs11Token_Close(Pkcs11Token* token)
{
Pkcs11Session session;
if (token != NULL) {
session.func = token->func;
session.handle = token->handle;
token->handle = NULL_PTR;
Pkcs11CloseSession(token, &session);
}
}
#if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \
!defined(NO_HMAC)
/*
* Create a secret key.
*
* @param [out] key Handle to key object.
* @param [in] session Session object.
* @param [in] keyType Type of secret key to create.
* @param [in] data Data of the secret key.
* @param [in] len Length of data in bytes.
* @param [in] id Identifier to set against key.
* @param [in] idLen Length of identifier.
* @param [in] label Label to set against key.
* @param [in] labelLen Length of label.
* @param [in] op Operation to support with key.
* @return WC_HW_E when another PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11CreateSecretKey(CK_OBJECT_HANDLE* key, Pkcs11Session* session,
CK_KEY_TYPE keyType, unsigned char* data,
int len, unsigned char* id, int idLen,
char* label, int labelLen, int op)
{
int ret = 0;
CK_RV rv;
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE keyTemplateEncDec[] = {
{ CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_VALUE, NULL, 0 },
{ 0, NULL, 0 },
{ 0, NULL, 0 }
};
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE keyTemplateSignVfy[] = {
{ CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_VALUE, NULL, 0 },
{ 0, NULL, 0 },
{ 0, NULL, 0 }
};
CK_ATTRIBUTE* keyTemplate = NULL;
/* 5 mandatory entries + 2 optional. */
int keyTmplCnt = 5;
WOLFSSL_MSG("PKCS#11: Create Secret Key");
if (op == CKA_ENCRYPT || op == CKA_DECRYPT) {
keyTemplate = keyTemplateEncDec;
}
else if (op == CKA_SIGN) {
keyTemplate = keyTemplateSignVfy;
}
else {
WOLFSSL_MSG("PKCS#11: Invalid operation type");
ret = WC_HW_E;
}
if (ret == 0) {
/* Set the secret to store. */
keyTemplate[keyTmplCnt-1].pValue = data;
keyTemplate[keyTmplCnt-1].ulValueLen = (CK_ULONG)len;
if (labelLen > 0) {
keyTemplate[keyTmplCnt].type = CKA_LABEL;
keyTemplate[keyTmplCnt].pValue = label;
keyTemplate[keyTmplCnt].ulValueLen = labelLen;
keyTmplCnt++;
}
if (idLen > 0) {
keyTemplate[keyTmplCnt].type = CKA_ID;
keyTemplate[keyTmplCnt].pValue = id;
keyTemplate[keyTmplCnt].ulValueLen = idLen;
keyTmplCnt++;
}
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Secret Key");
pkcs11_dump_template(keyTemplate, keyTmplCnt);
#endif
/* Create an object containing key data for device to use. */
rv = session->func->C_CreateObject(session->handle, keyTemplate,
keyTmplCnt, key);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_CreateObject", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
return ret;
}
#endif
#ifndef NO_RSA
/**
* Create a PKCS#11 object containing the RSA private key data.
*
* @param [out] privateKey Handle to private key object.
* @param [in] session Session object.
* @param [in] rsaKey RSA key with private key data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11CreateRsaPrivateKey(CK_OBJECT_HANDLE* privateKey,
Pkcs11Session* session,
RsaKey* rsaKey, int permanent)
{
int ret = 0;
CK_RV rv;
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ CKA_MODULUS, NULL, 0 },
{ CKA_PRIVATE_EXPONENT, NULL, 0 },
{ CKA_PRIME_1, NULL, 0 },
{ CKA_PRIME_2, NULL, 0 },
{ CKA_EXPONENT_1, NULL, 0 },
{ CKA_EXPONENT_2, NULL, 0 },
{ CKA_COEFFICIENT, NULL, 0 },
{ CKA_PUBLIC_EXPONENT, NULL, 0 },
{ 0, NULL, 0 },
{ 0, NULL, 0 }
};
/* Mandatory entries + 2 optional. */
CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate) - 2;
/* Set the modulus and private key data. */
keyTemplate[ 4].pValue = rsaKey->n.raw.buf;
keyTemplate[ 4].ulValueLen = rsaKey->n.raw.len;
keyTemplate[ 5].pValue = rsaKey->d.raw.buf;
keyTemplate[ 5].ulValueLen = rsaKey->d.raw.len;
keyTemplate[ 6].pValue = rsaKey->p.raw.buf;
keyTemplate[ 6].ulValueLen = rsaKey->p.raw.len;
keyTemplate[ 7].pValue = rsaKey->q.raw.buf;
keyTemplate[ 7].ulValueLen = rsaKey->q.raw.len;
keyTemplate[ 8].pValue = rsaKey->dP.raw.buf;
keyTemplate[ 8].ulValueLen = rsaKey->dP.raw.len;
keyTemplate[ 9].pValue = rsaKey->dQ.raw.buf;
keyTemplate[ 9].ulValueLen = rsaKey->dQ.raw.len;
keyTemplate[10].pValue = rsaKey->u.raw.buf;
keyTemplate[10].ulValueLen = rsaKey->u.raw.len;
keyTemplate[11].pValue = rsaKey->e.raw.buf;
keyTemplate[11].ulValueLen = rsaKey->e.raw.len;
if (permanent && rsaKey->labelLen > 0) {
keyTemplate[keyTmplCnt].type = CKA_LABEL;
keyTemplate[keyTmplCnt].pValue = rsaKey->label;
keyTemplate[keyTmplCnt].ulValueLen = rsaKey->labelLen;
keyTmplCnt++;
}
if (permanent && rsaKey->idLen > 0) {
keyTemplate[keyTmplCnt].type = CKA_ID;
keyTemplate[keyTmplCnt].pValue = rsaKey->id;
keyTemplate[keyTmplCnt].ulValueLen = rsaKey->idLen;
keyTmplCnt++;
}
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("RSA Private Key");
pkcs11_dump_template(keyTemplate, keyTmplCnt);
#endif
rv = session->func->C_CreateObject(session->handle, keyTemplate, keyTmplCnt,
privateKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_CreateObject", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
return ret;
}
#endif
#ifdef HAVE_ECC
/**
* Set the ECC parameters into the template.
*
* @param [in] key ECC key.
* @param [in] tmpl PKCS#11 template.
* @param [in] idx Index of template to put parameters into.
* @return NOT_COMPILED_IN when the EC parameters are not known.
* @return 0 on success.
*/
static int Pkcs11EccSetParams(ecc_key* key, CK_ATTRIBUTE* tmpl, int idx)
{
int ret = 0;
if (key->dp != NULL && key->dp->oid != NULL) {
unsigned char* derParams = tmpl[idx].pValue;
/* ASN.1 encoding: OBJ + ecc parameters OID */
tmpl[idx].ulValueLen = key->dp->oidSz + 2;
derParams[0] = ASN_OBJECT_ID;
derParams[1] = key->dp->oidSz;
XMEMCPY(derParams + 2, key->dp->oid, key->dp->oidSz);
}
else
ret = NOT_COMPILED_IN;
return ret;
}
/**
* Create a PKCS#11 object containing the ECC public key data.
* Encode the public key as an OCTET_STRING of the encoded point.
*
* @param [out] publicKey Handle to public key object.
* @param [in] session Session object.
* @param [in] public_key ECC public key.
* @param [in] operation Cryptographic operation key is to be used for.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11CreateEccPublicKey(CK_OBJECT_HANDLE* publicKey,
Pkcs11Session* session,
ecc_key* public_key,
CK_ATTRIBUTE_TYPE operation)
{
int ret = 0;
int i;
unsigned char* ecPoint = NULL;
word32 len;
CK_RV rv;
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &ecKeyType, sizeof(ecKeyType) },
{ operation, &ckTrue, sizeof(ckTrue) },
{ CKA_EC_PARAMS, params, 0 },
{ CKA_EC_POINT, NULL, 0 },
{ 0, NULL, 0 },
{ 0, NULL, 0 }
};
/* Mandatory entries + 2 optional. */
CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate) - 2;
if (public_key->labelLen > 0) {
keyTemplate[keyTmplCnt].type = CKA_LABEL;
keyTemplate[keyTmplCnt].pValue = public_key->label;
keyTemplate[keyTmplCnt].ulValueLen = public_key->labelLen;
keyTmplCnt++;
}
if (public_key->idLen > 0) {
keyTemplate[keyTmplCnt].type = CKA_ID;
keyTemplate[keyTmplCnt].pValue = public_key->id;
keyTemplate[keyTmplCnt].ulValueLen = public_key->idLen;
keyTmplCnt++;
}
ret = Pkcs11EccSetParams(public_key, keyTemplate, 3);
if (ret == 0) {
/* ASN1 encoded: OCT + uncompressed point */
len = 3 + 1 + 2 * public_key->dp->size;
ecPoint = (unsigned char*)XMALLOC(len, public_key->heap,
DYNAMIC_TYPE_ECC);
if (ecPoint == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
len -= 3;
i = 0;
ecPoint[i++] = ASN_OCTET_STRING;
if (len >= ASN_LONG_LENGTH)
ecPoint[i++] = ASN_LONG_LENGTH | 1;
ecPoint[i++] = len;
if (public_key->type == 0)
public_key->type = ECC_PUBLICKEY;
ret = wc_ecc_export_x963(public_key, ecPoint + i, &len);
}
if (ret == 0) {
keyTemplate[4].pValue = ecPoint;
keyTemplate[4].ulValueLen = len + i;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Ec Public Key");
pkcs11_dump_template(keyTemplate, keyTmplCnt);
#endif
rv = session->func->C_CreateObject(session->handle, keyTemplate,
keyTmplCnt, publicKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_CreateObject", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ecPoint != NULL)
XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC);
return ret;
}
/**
* Create a PKCS#11 object containing the ECC private key data.
*
* @param privateKey [out] Handle to private key object.
* @param session [in] Session object.
* @param private_key [in] ECC private key.
* @param operation [in] Cryptographic operation key is to be used for.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11CreateEccPrivateKey(CK_OBJECT_HANDLE* privateKey,
Pkcs11Session* session,
ecc_key* private_key,
CK_ATTRIBUTE_TYPE operation)
{
int ret = 0;
CK_RV rv;
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &privKeyClass, sizeof(privKeyClass) },
{ CKA_KEY_TYPE, &ecKeyType, sizeof(ecKeyType) },
{ operation, &ckTrue, sizeof(ckTrue) },
{ CKA_EC_PARAMS, params, 0 },
{ CKA_VALUE, NULL, 0 },
{ 0, NULL, 0 },
{ 0, NULL, 0 }
};
/* Mandatory entries + 2 optional. */
CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate) - 2;
if (private_key->labelLen > 0) {
keyTemplate[keyTmplCnt].type = CKA_LABEL;
keyTemplate[keyTmplCnt].pValue = private_key->label;
keyTemplate[keyTmplCnt].ulValueLen = private_key->labelLen;
keyTmplCnt++;
}
if (private_key->idLen > 0) {
keyTemplate[keyTmplCnt].type = CKA_ID;
keyTemplate[keyTmplCnt].pValue = private_key->id;
keyTemplate[keyTmplCnt].ulValueLen = private_key->idLen;
keyTmplCnt++;
}
ret = Pkcs11EccSetParams(private_key, keyTemplate, 3);
if (ret == 0) {
keyTemplate[4].pValue = private_key->k.raw.buf;
keyTemplate[4].ulValueLen = private_key->k.raw.len;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Ec Private Key");
pkcs11_dump_template(keyTemplate, keyTmplCnt);
#endif
rv = session->func->C_CreateObject(session->handle, keyTemplate,
keyTmplCnt, privateKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_CreateObject", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
return ret;
}
#endif
#if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
(defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || !defined(NO_HMAC)
/**
* Check if mechanism is available in session on token.
*
* @param [in] session Session object.
* @param [in] mech Mechanism to look for.
* @return NOT_COMPILED_IN when mechanism not available.
* @return 0 when mechanism is available.
*/
static int Pkcs11MechAvail(Pkcs11Session* session, CK_MECHANISM_TYPE mech)
{
int ret = 0;
CK_RV rv;
CK_MECHANISM_INFO mechInfo;
rv = session->func->C_GetMechanismInfo(session->slotId, mech, &mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK) {
ret = NOT_COMPILED_IN;
}
return ret;
}
#endif
#ifndef NO_HMAC
/**
* Return the mechanism type and key type for the digest type when using HMAC.
*
* @param [in] macType Digest type - e.g. WC_SHA256.
* @param [in] mechType Mechanism type - e.g. CKM_SHA256_HMAC.
* @param [in] keyType Key type - e.g. CKK_SHA256_HMAC.
* @return NOT_COMPILED_IN if the digest algorithm isn't recognised.
* @return 0 otherwise.
*/
static int Pkcs11HmacTypes(int macType, int* mechType, int* keyType)
{
int ret = 0;
switch (macType)
{
#ifndef NO_MD5
case WC_MD5:
*mechType = CKM_MD5_HMAC;
*keyType = CKK_MD5_HMAC;
break;
#endif
#ifndef NO_SHA
case WC_SHA:
*mechType = CKM_SHA_1_HMAC;
*keyType = CKK_SHA_1_HMAC;
break;
#endif
#ifdef WOLFSSL_SHA224
case WC_SHA224:
*mechType = CKM_SHA224_HMAC;
*keyType = CKK_SHA224_HMAC;
break;
#endif
#ifndef NO_SHA256
case WC_SHA256:
*mechType = CKM_SHA256_HMAC;
*keyType = CKK_SHA256_HMAC;
break;
#endif
#ifdef WOLFSSL_SHA384
case WC_SHA384:
*mechType = CKM_SHA384_HMAC;
*keyType = CKK_SHA384_HMAC;
break;
#endif
#ifdef WOLFSSL_SHA512
case WC_SHA512:
*mechType = CKM_SHA512_HMAC;
*keyType = CKK_SHA512_HMAC;
break;
#endif
default:
ret = NOT_COMPILED_IN;
break;
}
return ret;
}
#endif
/**
* Store the private key on the token in the session.
*
* @param [in] token Token to store private key on.
* @param [in] type Key type.
* @param [in] clear Clear out the private data from software key.
* @param [in] key Key type specific object.
* @return NOT_COMPILED_IN when mechanism not available.
* @return 0 on success.
*/
int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key)
{
int ret = 0;
Pkcs11Session session;
CK_OBJECT_HANDLE privKey = NULL_PTR;
ret = Pkcs11OpenSession(token, &session, 1);
if (ret == 0) {
switch (type) {
#if !defined(NO_AES) && defined(HAVE_AESGCM)
case PKCS11_KEY_TYPE_AES_GCM: {
Aes* aes = (Aes*)key;
ret = Pkcs11MechAvail(&session, CKM_AES_GCM);
if (ret == 0) {
ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES,
(unsigned char*)aes->devKey,
aes->keylen,
(unsigned char*)aes->id,
aes->idLen, aes->label,
aes->labelLen, CKA_ENCRYPT);
}
if (ret == 0 && clear)
ForceZero(aes->devKey, aes->keylen);
break;
}
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
case PKCS11_KEY_TYPE_AES_CBC: {
Aes* aes = (Aes*)key;
ret = Pkcs11MechAvail(&session, CKM_AES_CBC);
if (ret == 0) {
ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES,
(unsigned char*)aes->devKey,
aes->keylen,
(unsigned char*)aes->id,
aes->idLen, aes->label,
aes->labelLen, CKA_ENCRYPT);
}
if (ret == 0 && clear)
ForceZero(aes->devKey, aes->keylen);
break;
}
#endif
#ifndef NO_HMAC
case PKCS11_KEY_TYPE_HMAC: {
Hmac* hmac = (Hmac*)key;
int mechType;
int keyType;
ret = Pkcs11HmacTypes(hmac->macType, &mechType, &keyType);
if (ret == NOT_COMPILED_IN)
break;
if (ret == 0)
ret = Pkcs11MechAvail(&session, mechType);
if (ret == 0) {
ret = Pkcs11CreateSecretKey(&privKey, &session, keyType,
(unsigned char*)hmac->keyRaw,
hmac->keyLen,
(unsigned char*)hmac->id,
hmac->idLen, hmac->label,
hmac->labelLen, CKA_SIGN);
if (ret == WC_HW_E) {
ret = Pkcs11CreateSecretKey(&privKey, &session,
CKK_GENERIC_SECRET,
(unsigned char*)hmac->keyRaw,
hmac->keyLen,
(unsigned char*)hmac->id,
hmac->idLen, hmac->label,
hmac->labelLen, CKA_SIGN);
}
}
break;
}
#endif
#ifndef NO_RSA
case PKCS11_KEY_TYPE_RSA: {
RsaKey* rsaKey = (RsaKey*)key;
ret = Pkcs11MechAvail(&session, CKM_RSA_X_509);
if (ret == 0)
ret = Pkcs11CreateRsaPrivateKey(&privKey, &session, rsaKey,
1);
if (ret == 0 && clear) {
mp_forcezero(&rsaKey->u);
mp_forcezero(&rsaKey->dQ);
mp_forcezero(&rsaKey->dP);
mp_forcezero(&rsaKey->q);
mp_forcezero(&rsaKey->p);
mp_forcezero(&rsaKey->d);
}
break;
}
#endif
#ifdef HAVE_ECC
case PKCS11_KEY_TYPE_EC: {
ecc_key* eccKey = (ecc_key*)key;
int ret2 = NOT_COMPILED_IN;
#ifndef NO_PKCS11_ECDH
if ((eccKey->flags & WC_ECC_FLAG_DEC_SIGN) == 0) {
/* Try ECDH mechanism first. */
ret = Pkcs11MechAvail(&session, CKM_ECDH1_DERIVE);
if (ret == 0) {
ret = Pkcs11CreateEccPrivateKey(&privKey, &session,
eccKey, CKA_DERIVE);
}
}
#endif
if (ret == 0 || ret == NOT_COMPILED_IN) {
/* Try ECDSA mechanism next. */
ret2 = Pkcs11MechAvail(&session, CKM_ECDSA);
if (ret2 == 0) {
ret2 = Pkcs11CreateEccPrivateKey(&privKey, &session,
eccKey, CKA_SIGN);
if (ret2 == 0) {
CK_OBJECT_HANDLE pubKey = NULL_PTR;
/* Store public key for validation with cert. */
ret2 = Pkcs11CreateEccPublicKey(&pubKey, &session,
eccKey, CKA_VERIFY);
}
}
/* OK for this to fail if set for ECDH. */
if (ret == NOT_COMPILED_IN)
ret = ret2;
}
if (ret == 0 && clear)
mp_forcezero(&eccKey->k);
break;
}
#endif
default:
ret = NOT_COMPILED_IN;
break;
}
Pkcs11CloseSession(token, &session);
}
(void)privKey;
(void)clear;
(void)key;
return ret;
}
#if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \
(defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || !defined(NO_HMAC)
/**
* Find the PKCS#11 object containing key data using template.
*
* @param [out] key Handle to key object.
* @param [in] session Session object.
* @param [in] keyTemplate PKCS #11 template to use in search.
* @param [in] keyTmplCnt Count of entries in PKCS #11 template.
* @param [out] count Number of keys matching template.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11FindKeyByTemplate(CK_OBJECT_HANDLE* key,
Pkcs11Session* session,
CK_ATTRIBUTE *keyTemplate,
CK_ULONG keyTmplCnt,
CK_ULONG *count)
{
int ret = 0;
CK_RV rv;
WOLFSSL_MSG("PKCS#11: Find Key By Template");
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Find Key");
pkcs11_dump_template(keyTemplate, keyTmplCnt);
#endif
rv = session->func->C_FindObjectsInit(session->handle, keyTemplate,
keyTmplCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_FindObjectsInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
if (ret == 0) {
rv = session->func->C_FindObjects(session->handle, key, 1, count);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_FindObjects", rv);
pkcs11_val("C_FindObjects Count", *count);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
rv = session->func->C_FindObjectsFinal(session->handle);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_FindObjectsFinal", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
return ret;
}
/**
* Find the PKCS#11 object containing the private key data by label.
*
* @param [out] key Handle to key object.
* @param [in] keyClass Public or private key class.
* @param [in] keyType Type of key.
* @param [in] session Session object.
* @param [in] id Identifier set against a key.
* @param [in] idLen Length of identifier.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11FindKeyByLabel(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
CK_KEY_TYPE keyType, Pkcs11Session* session,
char* label, int labelLen)
{
int ret = 0;
CK_ULONG count;
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_LABEL, label, (CK_ULONG)labelLen }
};
CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate);
WOLFSSL_MSG("PKCS#11: Find Key By Label");
ret = Pkcs11FindKeyByTemplate(key, session, keyTemplate, keyTmplCnt,
&count);
if (ret == 0 && count == 0)
ret = WC_HW_E;
return ret;
}
/**
* Find the PKCS#11 object containing the private key data by ID.
*
* @param [out] key Handle to key object.
* @param [in] keyClass Public or private key class.
* @param [in] keyType Type of key.
* @param [in] session Session object.
* @param [in] id Identifier set against a key.
* @param [in] idLen Length of identifier.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11FindKeyById(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
CK_KEY_TYPE keyType, Pkcs11Session* session,
byte* id, int idLen)
{
int ret = 0;
CK_ULONG count;
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_ID, id, (CK_ULONG)idLen }
};
CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate);
WOLFSSL_MSG("PKCS#11: Find Key By Id");
ret = Pkcs11FindKeyByTemplate(key, session, keyTemplate, keyTmplCnt,
&count);
if (ret == 0 && count == 0)
ret = WC_HW_E;
return ret;
}
#endif
#ifndef NO_RSA
/**
* Find the PKCS#11 object containing the RSA public or private key data with
* the modulus specified.
*
* @param [out] key Handle to key object.
* @param [in] keyClass Public or private key class.
* @param [in] session Session object.
* @param [in] rsaKey RSA key with modulus to search on.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11FindRsaKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
Pkcs11Session* session, RsaKey* rsaKey)
{
CK_ULONG count;
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_MODULUS, NULL, 0 },
};
CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate);
/* Set the modulus. */
keyTemplate[2].pValue = rsaKey->n.raw.buf;
keyTemplate[2].ulValueLen = rsaKey->n.raw.len;
return Pkcs11FindKeyByTemplate(key, session, keyTemplate, keyTmplCnt,
&count);
}
/**
* Exponentiate the input with the public part of the RSA key.
* Used in public encrypt and decrypt.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* 0 on success.
*/
static int Pkcs11RsaPublic(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
CK_MECHANISM mech;
CK_ULONG outLen;
CK_OBJECT_HANDLE publicKey = NULL_PTR;
int sessionKey = 0;
RsaKey* rsaKey = info->pk.rsa.key;
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) },
{ CKA_KEY_TYPE, &rsaKeyType, sizeof(rsaKeyType) },
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_MODULUS, NULL, 0 },
{ CKA_PUBLIC_EXPONENT, NULL, 0 }
};
CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate);
WOLFSSL_MSG("PKCS#11: RSA Public Key Operation");
if (info->pk.rsa.outLen == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
if ((sessionKey = !mp_iszero(&rsaKey->e))) {
/* Set the modulus and public exponent data. */
keyTemplate[3].pValue = rsaKey->n.raw.buf;
keyTemplate[3].ulValueLen = rsaKey->n.raw.len;
keyTemplate[4].pValue = rsaKey->e.raw.buf;
keyTemplate[4].ulValueLen = rsaKey->e.raw.len;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("RSA Public Key");
pkcs11_dump_template(keyTemplate, keyTmplCnt);
#endif
/* Create an object containing public key data for device to use. */
rv = session->func->C_CreateObject(session->handle, keyTemplate,
keyTmplCnt, &publicKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_CreateObject", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
else if (info->pk.rsa.key->labelLen > 0) {
ret = Pkcs11FindKeyByLabel(&publicKey, CKO_PUBLIC_KEY, CKK_RSA,
session, info->pk.rsa.key->label,
info->pk.rsa.key->labelLen);
}
else {
ret = Pkcs11FindKeyById(&publicKey, CKO_PUBLIC_KEY, CKK_RSA,
session, rsaKey->id, rsaKey->idLen);
}
}
if (ret == 0) {
/* Raw RSA encrypt/decrypt operation. */
mech.mechanism = CKM_RSA_X_509;
mech.ulParameterLen = 0;
mech.pParameter = NULL;
rv = session->func->C_EncryptInit(session->handle, &mech, publicKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_EncryptInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
outLen = (CK_ULONG)*info->pk.rsa.outLen;
rv = session->func->C_Encrypt(session->handle,
(CK_BYTE_PTR)info->pk.rsa.in, info->pk.rsa.inLen,
info->pk.rsa.out, &outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_Encrypt", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0)
*info->pk.rsa.outLen = (word32)outLen;
if (sessionKey)
session->func->C_DestroyObject(session->handle, publicKey);
return ret;
}
/**
* Get the RSA public key data from the PKCS#11 object.
*
* @param [in] key RSA key to put the data into.
* @param [in] session Session object.
* @param [in] pubkey Public key object.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session,
CK_OBJECT_HANDLE pubKey)
{
int ret = 0;
unsigned char* mod = NULL;
unsigned char* exp = NULL;
int modSz, expSz;
CK_ATTRIBUTE tmpl[] = {
{ CKA_MODULUS, NULL_PTR, 0 },
{ CKA_PUBLIC_EXPONENT, NULL_PTR, 0 }
};
CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
CK_RV rv;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Get RSA Public Key Length");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
rv = session->func->C_GetAttributeValue(session->handle, pubKey, tmpl,
tmplCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetAttributeValue", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("RSA Public Key Length");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
if (ret == 0) {
modSz = (int)tmpl[0].ulValueLen;
expSz = (int)tmpl[1].ulValueLen;
mod = (unsigned char*)XMALLOC(modSz, key->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (mod == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
exp = (unsigned char*)XMALLOC(expSz, key->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (exp == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
tmpl[0].pValue = mod;
tmpl[1].pValue = exp;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Get RSA Public Key");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
rv = session->func->C_GetAttributeValue(session->handle, pubKey,
tmpl, tmplCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetAttributeValue", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("RSA Public Key");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
}
if (ret == 0)
ret = wc_RsaPublicKeyDecodeRaw(mod, modSz, exp, expSz, key);
if (exp != NULL)
XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (mod != NULL)
XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
/**
* Exponentiate the input with the private part of the RSA key.
* Used in private encrypt and decrypt.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @param [in] func Function to perform - decrypt or sign.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11RsaPrivate(Pkcs11Session* session, wc_CryptoInfo* info,
int func)
{
int ret = 0;
CK_RV rv;
CK_MECHANISM mech;
CK_ULONG outLen;
CK_OBJECT_HANDLE privateKey = NULL_PTR;
int sessionKey = 0;
WOLFSSL_MSG("PKCS#11: RSA Private Key Operation");
if (info->pk.rsa.outLen == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
if ((sessionKey = !mp_iszero(&info->pk.rsa.key->d))) {
ret = Pkcs11CreateRsaPrivateKey(&privateKey, session,
info->pk.rsa.key, 0);
}
else if (info->pk.rsa.key->labelLen > 0) {
ret = Pkcs11FindKeyByLabel(&privateKey, CKO_PRIVATE_KEY, CKK_RSA,
session, info->pk.rsa.key->label,
info->pk.rsa.key->labelLen);
}
else if (info->pk.rsa.key->idLen > 0) {
ret = Pkcs11FindKeyById(&privateKey, CKO_PRIVATE_KEY, CKK_RSA,
session, info->pk.rsa.key->id,
info->pk.rsa.key->idLen);
}
else {
ret = Pkcs11FindRsaKey(&privateKey, CKO_PRIVATE_KEY, session,
info->pk.rsa.key);
}
}
if ((ret == 0) && (!sessionKey)) {
ret = Pkcs11GetRsaPublicKey(info->pk.rsa.key, session, privateKey);
}
if (ret == 0) {
/* Raw RSA encrypt/decrypt operation. */
mech.mechanism = CKM_RSA_X_509;
mech.ulParameterLen = 0;
mech.pParameter = NULL;
if (func == CKF_DECRYPT) {
rv = session->func->C_DecryptInit(session->handle, &mech,
privateKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_DecryptInit", rv);
#endif
}
else {
rv = session->func->C_SignInit(session->handle, &mech, privateKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_SignInit", rv);
#endif
}
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
if (func == CKF_DECRYPT) {
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_val("C_Decrypt inLen", info->pk.rsa.inLen);
pkcs11_val("C_Decrypt outLen", *info->pk.rsa.outLen);
#endif
outLen = (CK_ULONG)*info->pk.rsa.outLen;
rv = session->func->C_Decrypt(session->handle,
(CK_BYTE_PTR)info->pk.rsa.in, info->pk.rsa.inLen,
info->pk.rsa.out, &outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_Decrypt", rv);
#endif
}
else {
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_val("C_Sign inLen", info->pk.rsa.inLen);
pkcs11_val("C_Sign outLen", *info->pk.rsa.outLen);
#endif
outLen = (CK_ULONG)*info->pk.rsa.outLen;
rv = session->func->C_Sign(session->handle,
(CK_BYTE_PTR)info->pk.rsa.in, info->pk.rsa.inLen,
info->pk.rsa.out, &outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_Sign", rv);
#endif
}
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0)
*info->pk.rsa.outLen = (word32)outLen;
if (sessionKey)
session->func->C_DestroyObject(session->handle, privateKey);
return ret;
}
/**
* Perform an RSA operation.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
CK_MECHANISM_INFO mechInfo;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_RSA_X_509,
&mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK) {
ret = NOT_COMPILED_IN;
}
if (ret == 0) {
if (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT ||
info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
if ((mechInfo.flags & CKF_ENCRYPT) == 0)
ret = NOT_COMPILED_IN;
else
ret = Pkcs11RsaPublic(session, info);
}
else if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT ||
info->pk.rsa.type == RSA_PRIVATE_DECRYPT) {
if ((mechInfo.flags & CKF_DECRYPT) == 0 &&
(mechInfo.flags & CKF_SIGN) == 0) {
ret = NOT_COMPILED_IN;
}
else if ((info->pk.rsa.type == RSA_PRIVATE_ENCRYPT &&
(mechInfo.flags & CKF_SIGN) != 0) ||
(info->pk.rsa.type == RSA_PRIVATE_DECRYPT &&
(mechInfo.flags & CKF_DECRYPT) == 0)) {
ret = Pkcs11RsaPrivate(session, info, CKF_SIGN);
}
else
ret = Pkcs11RsaPrivate(session, info, CKF_DECRYPT);
}
else
ret = NOT_COMPILED_IN;
}
return ret;
}
#ifdef WOLFSSL_KEY_GEN
/**
* Perform an RSA key generation operation.
* The private key data stays on the device.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
RsaKey* key = info->pk.rsakg.key;
CK_RV rv;
CK_ULONG bits = info->pk.rsakg.size;
CK_OBJECT_HANDLE pubKey = NULL_PTR, privKey = NULL_PTR;
CK_MECHANISM mech;
static CK_BYTE pub_exp[] = { 0x01, 0x00, 0x01, 0x00 };
CK_ATTRIBUTE pubKeyTmpl[] = {
{ CKA_MODULUS_BITS, &bits, sizeof(bits) },
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
};
CK_ULONG pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE privKeyTmpl[] = {
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ 0, NULL, 0 },
{ 0, NULL, 0 }
};
/* 2 mandatory entries + 2 optional. */
int privTmplCnt = 2;
int i;
ret = Pkcs11MechAvail(session, CKM_RSA_PKCS_KEY_PAIR_GEN);
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: RSA Key Generation Operation");
/* Most commonly used public exponent value (array initialized). */
if (info->pk.rsakg.e != WC_RSA_EXPONENT) {
for (i = 0; i < (int)sizeof(pub_exp); i++)
pub_exp[i] = (info->pk.rsakg.e >> (8 * i)) & 0xff;
}
for (i = (int)sizeof(pub_exp) - 1; pub_exp[i] == 0; i--) {
}
pubKeyTmpl[3].ulValueLen = i + 1;
if (key->labelLen != 0) {
privKeyTmpl[privTmplCnt].type = CKA_LABEL;
privKeyTmpl[privTmplCnt].pValue = key->label;
privKeyTmpl[privTmplCnt].ulValueLen = key->labelLen;
privTmplCnt++;
}
if (key->idLen != 0) {
privKeyTmpl[privTmplCnt].type = CKA_ID;
privKeyTmpl[privTmplCnt].pValue = key->id;
privKeyTmpl[privTmplCnt].ulValueLen = key->idLen;
privTmplCnt++;
}
mech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
mech.ulParameterLen = 0;
mech.pParameter = NULL;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Public Key");
pkcs11_dump_template(pubKeyTmpl, pubTmplCnt);
WOLFSSL_MSG("Private Key");
pkcs11_dump_template(privKeyTmpl, privTmplCnt);
#endif
rv = session->func->C_GenerateKeyPair(session->handle, &mech,
pubKeyTmpl, pubTmplCnt,
privKeyTmpl, privTmplCnt,
&pubKey, &privKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GenerateKeyPair", rv);
#endif
if (rv != CKR_OK) {
ret = -1;
}
}
if (ret == 0)
ret = Pkcs11GetRsaPublicKey(key, session, pubKey);
if (pubKey != NULL_PTR)
ret = (int)session->func->C_DestroyObject(session->handle, pubKey);
if (ret != 0 && privKey != NULL_PTR)
ret = (int)session->func->C_DestroyObject(session->handle, privKey);
return ret;
}
#endif /* WOLFSSL_KEY_GEN */
#endif /* !NO_RSA */
#ifdef HAVE_ECC
/**
* Find the PKCS#11 object containing the ECC public or private key data.
* Search for public key by public point.
*
* @param [out] key Handle to key object.
* @param [in] keyClass Public or private key class.
* @param [in] session Session object.
* @param [in] eccKey ECC key with parameters.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass,
Pkcs11Session* session, ecc_key* eccKey,
int op)
{
int ret = 0;
int i;
unsigned char* ecPoint = NULL;
word32 len = 0;
CK_RV rv;
CK_ULONG count;
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
CK_ATTRIBUTE keyTemplate[] = {
{ CKA_CLASS, &keyClass, sizeof(keyClass) },
{ CKA_KEY_TYPE, &ecKeyType, sizeof(ecKeyType) },
{ CKA_EC_PARAMS, params, 0 },
{ op, &ckTrue, sizeof(ckTrue) },
{ CKA_EC_POINT, NULL, 0 },
};
CK_ULONG attrCnt = 4;
ret = Pkcs11EccSetParams(eccKey, keyTemplate, 2);
if (ret == 0 && keyClass == CKO_PUBLIC_KEY) {
/* ASN1 encoded: OCT + uncompressed point */
len = 3 + 1 + 2 * eccKey->dp->size;
ecPoint = (unsigned char*)XMALLOC(len, eccKey->heap, DYNAMIC_TYPE_ECC);
if (ecPoint == NULL)
ret = MEMORY_E;
}
if (ret == 0 && keyClass == CKO_PUBLIC_KEY) {
len -= 3;
i = 0;
ecPoint[i++] = ASN_OCTET_STRING;
if (len >= ASN_LONG_LENGTH)
ecPoint[i++] = (ASN_LONG_LENGTH | 1);
ecPoint[i++] = len;
if (eccKey->type == 0)
eccKey->type = ECC_PUBLICKEY;
ret = wc_ecc_export_x963(eccKey, ecPoint + i, &len);
}
if (ret == 0 && keyClass == CKO_PUBLIC_KEY) {
keyTemplate[attrCnt].pValue = ecPoint;
keyTemplate[attrCnt].ulValueLen = len + i;
attrCnt++;
}
if (ret == 0) {
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Find Ec Key");
pkcs11_dump_template(keyTemplate, attrCnt);
#endif
rv = session->func->C_FindObjectsInit(session->handle, keyTemplate,
attrCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_FindObjectsInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
rv = session->func->C_FindObjects(session->handle, key, 1, &count);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_FindObjects", rv);
pkcs11_val("C_FindObjects Count", count);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
rv = session->func->C_FindObjectsFinal(session->handle);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_FindObjectsFinal", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ecPoint != NULL)
XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC);
return ret;
}
/**
* Gets the public key data from the PKCS#11 object and puts into the ECC key.
*
* @param [in] key ECC public key.
* @param [in] session Session object.
* @param [in] pubKey ECC public key PKCS#11 object.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session,
CK_OBJECT_HANDLE pubKey)
{
int ret = 0;
word32 i = 0;
int curveIdx;
unsigned char* point = NULL;
int pointSz;
byte tag;
CK_RV rv;
CK_ATTRIBUTE tmpl[] = {
{ CKA_EC_POINT, NULL_PTR, 0 },
};
CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
rv = session->func->C_GetAttributeValue(session->handle, pubKey, tmpl,
tmplCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetAttributeValue", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
if (ret == 0) {
pointSz = (int)tmpl[0].ulValueLen;
point = (unsigned char*)XMALLOC(pointSz, key->heap, DYNAMIC_TYPE_ECC);
if (point == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
tmpl[0].pValue = point;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Get Ec Public Key");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
rv = session->func->C_GetAttributeValue(session->handle, pubKey,
tmpl, tmplCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetAttributeValue", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Ec Public Key");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
}
/* Make sure the data is big enough for ASN.1: OCT + uncompressed point */
if (ret == 0 && pointSz < key->dp->size * 2 + 1 + 2)
ret = ASN_PARSE_E;
/* Step over the OCTET_STRING wrapper. */
if (ret == 0 && GetASNTag(point, &i, &tag, pointSz) != 0)
ret = ASN_PARSE_E;
if (ret == 0 && tag != ASN_OCTET_STRING)
ret = ASN_PARSE_E;
if (ret == 0 && point[i] >= ASN_LONG_LENGTH) {
if (point[i++] != (ASN_LONG_LENGTH | 1))
ret = ASN_PARSE_E;
else if (pointSz < key->dp->size * 2 + 1 + 3)
ret = ASN_PARSE_E;
}
if (ret == 0 && point[i++] != key->dp->size * 2 + 1)
ret = ASN_PARSE_E;
if (ret == 0) {
curveIdx = wc_ecc_get_curve_idx(key->dp->id);
ret = wc_ecc_import_point_der(point + i, pointSz - i, curveIdx,
&key->pubkey);
}
if (point != NULL)
XFREE(point, key->heap, DYNAMIC_TYPE_ECC);
return ret;
}
#ifndef NO_PKCS11_EC_KEYGEN
/**
* Perform an ECC key generation operation.
* The private key data stays on the device.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11EcKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
ecc_key* key = info->pk.eckg.key;
CK_RV rv;
CK_OBJECT_HANDLE pubKey = NULL_PTR, privKey = NULL_PTR;
CK_MECHANISM mech;
CK_UTF8CHAR params[MAX_EC_PARAM_LEN];
CK_ATTRIBUTE pubKeyTmpl[] = {
{ CKA_EC_PARAMS, params, 0 },
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_ENCRYPT, &ckTrue, sizeof(ckTrue) },
};
int pubTmplCnt = 1;
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE privKeyTmplDerive[] = {
{ CKA_DERIVE, &ckTrue, sizeof(ckTrue) },
{ 0, NULL, 0 },
{ 0, NULL, 0 },
};
/* Empty entries for optional label/ID. */
CK_ATTRIBUTE privKeyTmplEncSign[] = {
{ CKA_SIGN, &ckTrue, sizeof(ckTrue) },
{ CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{ 0, NULL, 0 },
{ 0, NULL, 0 },
};
CK_ATTRIBUTE* privKeyTmpl = privKeyTmplDerive;
/* Mandatory entries + 2 optional. */
int privTmplCnt = 1;
ret = Pkcs11MechAvail(session, CKM_EC_KEY_PAIR_GEN);
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: EC Key Generation Operation");
ret = Pkcs11EccSetParams(key, pubKeyTmpl, 0);
}
if (ret == 0) {
/* Default is to use for derivation. */
if ((key->flags & WC_ECC_FLAG_DEC_SIGN) == WC_ECC_FLAG_DEC_SIGN) {
privKeyTmpl = privKeyTmplEncSign;
privTmplCnt = 2;
pubTmplCnt = 2;
}
if (key->labelLen != 0) {
privKeyTmpl[privTmplCnt].type = CKA_LABEL;
privKeyTmpl[privTmplCnt].pValue = key->label;
privKeyTmpl[privTmplCnt].ulValueLen = key->labelLen;
privTmplCnt++;
}
if (key->idLen != 0) {
privKeyTmpl[privTmplCnt].type = CKA_ID;
privKeyTmpl[privTmplCnt].pValue = key->id;
privKeyTmpl[privTmplCnt].ulValueLen = key->idLen;
privTmplCnt++;
}
mech.mechanism = CKM_EC_KEY_PAIR_GEN;
mech.ulParameterLen = 0;
mech.pParameter = NULL;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Ec Private");
pkcs11_dump_template(privKeyTmpl, privTmplCnt);
WOLFSSL_MSG("Ec Public");
pkcs11_dump_template(pubKeyTmpl, pubTmplCnt);
#endif
rv = session->func->C_GenerateKeyPair(session->handle, &mech,
pubKeyTmpl, pubTmplCnt,
privKeyTmpl, privTmplCnt,
&pubKey, &privKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GenerateKeyPair", rv);
#endif
if (rv != CKR_OK) {
ret = -1;
}
}
if (ret == 0)
ret = Pkcs11GetEccPublicKey(key, session, pubKey);
if (pubKey != NULL_PTR)
session->func->C_DestroyObject(session->handle, pubKey);
if (ret != 0 && privKey != NULL_PTR)
session->func->C_DestroyObject(session->handle, privKey);
return ret;
}
#endif
#ifndef NO_PKCS11_ECDH
/**
* Extracts the secret key data from the PKCS#11 object.
*
* @param [in] session Session object.
* @param [in] secret PKCS#11 object with the secret key data.
* @param [in] out Buffer to hold secret data.
* @param [in,out] outLen On in, length of buffer.
* On out, the length of data in buffer.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11ExtractSecret(Pkcs11Session* session, CK_OBJECT_HANDLE secret,
byte* out, word32* outLen)
{
int ret = 0;
CK_ATTRIBUTE tmpl[] = {
{CKA_VALUE, NULL_PTR, 0}
};
CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
CK_RV rv;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Get Secret Length");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
rv = session->func->C_GetAttributeValue(session->handle, secret, tmpl,
tmplCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetAttributeValue", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Secret Length");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
if (ret == 0) {
if (tmpl[0].ulValueLen > *outLen)
ret = BUFFER_E;
}
if (ret == 0) {
tmpl[0].pValue = out;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Get Secret");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
rv = session->func->C_GetAttributeValue(session->handle, secret,
tmpl, tmplCnt);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetAttributeValue", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Secret");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
*outLen = (word32)tmpl[0].ulValueLen;
}
return ret;
}
/**
* Performs the ECDH secret generation operation.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* 0 on success.
*/
static int Pkcs11ECDH(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
int sessionKey = 0;
unsigned char* point = NULL;
word32 pointLen;
CK_RV rv;
CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
CK_MECHANISM mech;
CK_ECDH1_DERIVE_PARAMS params;
CK_OBJECT_HANDLE privateKey = NULL_PTR;
CK_OBJECT_HANDLE secret = CK_INVALID_HANDLE;
CK_ULONG secSz;
CK_ATTRIBUTE tmpl[] = {
{ CKA_CLASS, &secretKeyClass, sizeof(secretKeyClass) },
{ CKA_KEY_TYPE, &keyType, sizeof(keyType) },
{ CKA_PRIVATE, &ckFalse, sizeof(ckFalse) },
{ CKA_SENSITIVE, &ckFalse, sizeof(ckFalse) },
{ CKA_EXTRACTABLE, &ckTrue, sizeof(ckTrue) },
{ CKA_VALUE_LEN, &secSz, sizeof(secSz) }
};
CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl);
ret = Pkcs11MechAvail(session, CKM_ECDH1_DERIVE);
if (ret == 0 && info->pk.ecdh.outlen == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: EC Key Derivation Operation");
if ((sessionKey = !mp_iszero(&info->pk.ecdh.private_key->k)))
ret = Pkcs11CreateEccPrivateKey(&privateKey, session,
info->pk.ecdh.private_key, CKA_DERIVE);
else if (info->pk.ecdh.private_key->labelLen > 0) {
ret = Pkcs11FindKeyByLabel(&privateKey, CKO_PRIVATE_KEY, CKK_EC,
session,
info->pk.ecdh.private_key->label,
info->pk.ecdh.private_key->labelLen);
}
else if (info->pk.ecdh.private_key->idLen > 0) {
ret = Pkcs11FindKeyById(&privateKey, CKO_PRIVATE_KEY, CKK_EC,
session, info->pk.ecdh.private_key->id,
info->pk.ecdh.private_key->idLen);
}
else {
ret = Pkcs11FindEccKey(&privateKey, CKO_PRIVATE_KEY, session,
info->pk.ecdh.public_key, CKA_DERIVE);
}
}
if (ret == 0) {
ret = wc_ecc_export_x963(info->pk.ecdh.public_key, NULL, &pointLen);
if (ret == LENGTH_ONLY_E) {
point = (unsigned char*)XMALLOC(pointLen,
info->pk.ecdh.public_key->heap,
DYNAMIC_TYPE_ECC_BUFFER);
ret = wc_ecc_export_x963(info->pk.ecdh.public_key, point,
&pointLen);
}
}
if (ret == 0) {
secSz = *info->pk.ecdh.outlen;
if (secSz > (CK_ULONG)info->pk.ecdh.private_key->dp->size)
secSz = info->pk.ecdh.private_key->dp->size;
params.kdf = CKD_NULL;
params.pSharedData = NULL;
params.ulSharedDataLen = 0;
params.pPublicData = point;
params.ulPublicDataLen = pointLen;
mech.mechanism = CKM_ECDH1_DERIVE;
mech.ulParameterLen = sizeof(params);
mech.pParameter = &params;
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("ECDH key");
pkcs11_dump_template(tmpl, tmplCnt);
#endif
rv = session->func->C_DeriveKey(session->handle, &mech, privateKey,
tmpl, tmplCnt, &secret);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_DeriveKey", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
ret = Pkcs11ExtractSecret(session, secret, info->pk.ecdh.out,
info->pk.ecdh.outlen);
}
if (sessionKey)
session->func->C_DestroyObject(session->handle, privateKey);
if (point != NULL)
XFREE(point, info->pk.ecdh.public_key->heap, DYNAMIC_TYPE_ECC_BUFFER);
return ret;
}
#endif
/**
* Encode, in place, the ECDSA signature.
* Two fixed width values into ASN.1 DER encoded SEQ { INT, INT }
*
* @param [in,out] sig Signature data.
* @param [in] sz Size of original signature data.
* @return Length of the ASN.1 DER encoded signature.
*/
static word32 Pkcs11ECDSASig_Encode(byte* sig, word32 sz)
{
word32 rHigh, sHigh, seqLen;
word32 rStart = 0, sStart = 0;
word32 sigSz, rSz, rLen, sSz, sLen;
word32 i;
/* Find first byte of data in r and s. */
while (rStart < sz - 1 && sig[rStart] == 0x00)
rStart++;
while (sStart < sz - 1 && sig[sz + sStart] == 0x00)
sStart++;
/* Check if 0 needs to be prepended to make integer a positive number. */
rHigh = sig[rStart] >> 7;
sHigh = sig[sz + sStart] >> 7;
/* Calculate length of integer to put into ASN.1 encoding. */
rLen = sz - rStart;
sLen = sz - sStart;
/* r and s: INT (2 bytes) + [ 0x00 ] + integer */
rSz = 2 + rHigh + rLen;
sSz = 2 + sHigh + sLen;
/* Calculate the complete ASN.1 DER encoded size. */
sigSz = rSz + sSz;
if (sigSz >= ASN_LONG_LENGTH)
seqLen = 3;
else
seqLen = 2;
/* Move s and then r integers into their final places. */
XMEMMOVE(sig + seqLen + rSz + (sSz - sLen), sig + sz + sStart, sLen);
XMEMMOVE(sig + seqLen + (rSz - rLen), sig + rStart, rLen);
/* Put the ASN.1 DER encoding around data. */
i = 0;
sig[i++] = ASN_CONSTRUCTED | ASN_SEQUENCE;
if (seqLen == 3)
sig[i++] = ASN_LONG_LENGTH | 0x01;
sig[i++] = sigSz;
sig[i++] = ASN_INTEGER;
sig[i++] = rHigh + (sz - rStart);
if (rHigh)
sig[i++] = 0x00;
i += sz - rStart;
sig[i++] = ASN_INTEGER;
sig[i++] = sHigh + (sz - sStart);
if (sHigh)
sig[i] = 0x00;
return seqLen + sigSz;
}
/**
* Decode the ECDSA signature.
* ASN.1 DER encode SEQ { INT, INT } converted to two fixed with values.
*
* @param [in] in ASN.1 DER encoded signature.
* @param [in] inSz Size of ASN.1 signature.
* @param [in] sig Output buffer.
* @param [in] sz Size of output buffer.
* @return ASN_PARSE_E when the ASN.1 encoding is invalid.
* @return 0 on success.
*/
static int Pkcs11ECDSASig_Decode(const byte* in, word32 inSz, byte* sig,
word32 sz)
{
int ret = 0;
word32 i = 0;
byte tag;
int len, seqLen = 2;
/* Make sure zeros in place when decoding short integers. */
XMEMSET(sig, 0, sz * 2);
/* Check min data for: SEQ + INT. */
if (inSz < 5)
ret = ASN_PARSE_E;
/* Check SEQ */
if (ret == 0 && in[i++] != (ASN_CONSTRUCTED | ASN_SEQUENCE))
ret = ASN_PARSE_E;
if (ret == 0 && in[i] >= ASN_LONG_LENGTH) {
if (in[i] != (ASN_LONG_LENGTH | 0x01))
ret = ASN_PARSE_E;
else {
i++;
seqLen++;
}
}
if (ret == 0 && in[i++] != inSz - seqLen)
ret = ASN_PARSE_E;
/* Check INT */
if (ret == 0 && GetASNTag(in, &i, &tag, inSz) != 0)
ret = ASN_PARSE_E;
if (ret == 0 && tag != ASN_INTEGER)
ret = ASN_PARSE_E;
if (ret == 0 && (len = in[i++]) > sz + 1)
ret = ASN_PARSE_E;
/* Check there is space for INT data */
if (ret == 0 && i + len > inSz)
ret = ASN_PARSE_E;
if (ret == 0) {
/* Skip leading zero */
if (in[i] == 0x00) {
i++;
len--;
}
/* Copy r into sig. */
XMEMCPY(sig + sz - len, in + i, len);
i += len;
}
/* Check min data for: INT. */
if (ret == 0 && i + 2 > inSz)
ret = ASN_PARSE_E;
/* Check INT */
if (ret == 0 && GetASNTag(in, &i, &tag, inSz) != 0)
ret = ASN_PARSE_E;
if (ret == 0 && tag != ASN_INTEGER)
ret = ASN_PARSE_E;
if (ret == 0 && (len = in[i++]) > sz + 1)
ret = ASN_PARSE_E;
/* Check there is space for INT data */
if (ret == 0 && i + len > inSz)
ret = ASN_PARSE_E;
if (ret == 0) {
/* Skip leading zero */
if (in[i] == 0x00) {
i++;
len--;
}
/* Copy s into sig. */
XMEMCPY(sig + sz + sz - len, in + i, len);
}
return ret;
}
/**
* Get the parameters from the private key on the device.
*
* @param [in] session Session object.
* @param [in] privKey PKCS #11 object handle of private key..
* @param [in] key Ecc key to set parameters against.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11GetEccParams(Pkcs11Session* session, CK_OBJECT_HANDLE privKey,
ecc_key* key)
{
int ret = 0;
int curveId;
CK_RV rv;
byte oid[16];
CK_ATTRIBUTE template[] = {
{ CKA_EC_PARAMS, (CK_VOID_PTR)oid, sizeof(oid) }
};
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Get Ec Params");
pkcs11_dump_template(template, 1);
#endif
rv = session->func->C_GetAttributeValue(session->handle, privKey, template,
1);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetAttributeValue", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
#ifdef WOLFSSL_DEBUG_PKCS11
WOLFSSL_MSG("Ec Params");
pkcs11_dump_template(template, 1);
#endif
if (ret == 0) {
/* PKCS #11 wraps the OID in ASN.1 */
curveId = wc_ecc_get_curve_id_from_oid(oid + 2,
(word32)template[0].ulValueLen - 2);
if (curveId == ECC_CURVE_INVALID)
ret = WC_HW_E;
}
if (ret == 0)
ret = wc_ecc_set_curve(key, 0, curveId);
return ret;
}
/**
* Performs the ECDSA signing operation.
*
* @param session [in] Session object.
* @param info [in] Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11ECDSA_Sign(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
int sessionKey = 0;
word32 sz;
CK_RV rv;
CK_ULONG outLen;
CK_MECHANISM mech;
CK_MECHANISM_INFO mechInfo;
CK_OBJECT_HANDLE privateKey = NULL_PTR;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_ECDSA,
&mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK || (mechInfo.flags & CKF_SIGN) == 0)
ret = NOT_COMPILED_IN;
if (ret == 0 && info->pk.eccsign.outlen == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: EC Signing Operation");
if ((sessionKey = !mp_iszero(&info->pk.eccsign.key->k)))
ret = Pkcs11CreateEccPrivateKey(&privateKey, session,
info->pk.eccsign.key, CKA_SIGN);
else if (info->pk.eccsign.key->labelLen > 0) {
ret = Pkcs11FindKeyByLabel(&privateKey, CKO_PRIVATE_KEY, CKK_EC,
session, info->pk.eccsign.key->label,
info->pk.eccsign.key->labelLen);
if (ret == 0 && info->pk.eccsign.key->dp == NULL) {
ret = Pkcs11GetEccParams(session, privateKey,
info->pk.eccsign.key);
}
}
else if (info->pk.eccsign.key->idLen > 0) {
ret = Pkcs11FindKeyById(&privateKey, CKO_PRIVATE_KEY, CKK_EC,
session, info->pk.eccsign.key->id,
info->pk.eccsign.key->idLen);
if (ret == 0 && info->pk.eccsign.key->dp == NULL) {
ret = Pkcs11GetEccParams(session, privateKey,
info->pk.eccsign.key);
}
}
else {
ret = Pkcs11FindEccKey(&privateKey, CKO_PRIVATE_KEY, session,
info->pk.eccsign.key, CKA_SIGN);
}
}
if (ret == 0) {
sz = info->pk.eccsign.key->dp->size;
/* Maximum encoded size is two ordinates + 8 bytes of ASN.1. */
if (*info->pk.eccsign.outlen < (word32)wc_ecc_sig_size_calc(sz))
ret = BUFFER_E;
}
if (ret == 0) {
mech.mechanism = CKM_ECDSA;
mech.ulParameterLen = 0;
mech.pParameter = NULL;
rv = session->func->C_SignInit(session->handle, &mech, privateKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_SignInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
outLen = *info->pk.eccsign.outlen;
rv = session->func->C_Sign(session->handle,
(CK_BYTE_PTR)info->pk.eccsign.in,
info->pk.eccsign.inlen, info->pk.eccsign.out,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_Sign", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
*info->pk.eccsign.outlen = Pkcs11ECDSASig_Encode(info->pk.eccsign.out,
sz);
}
if (sessionKey)
session->func->C_DestroyObject(session->handle, privateKey);
return ret;
}
/**
* Performs the ECDSA verification operation.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11ECDSA_Verify(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
CK_MECHANISM mech;
CK_MECHANISM_INFO mechInfo;
CK_OBJECT_HANDLE publicKey = NULL_PTR;
unsigned char* sig = NULL;
word32 sz = info->pk.eccverify.key->dp->size;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_ECDSA,
&mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK || (mechInfo.flags & CKF_VERIFY) == 0)
ret = NOT_COMPILED_IN;
if (ret == 0 && info->pk.eccverify.res == NULL) {
ret = BAD_FUNC_ARG;
}
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: EC Verification Operation");
ret = Pkcs11CreateEccPublicKey(&publicKey, session,
info->pk.eccverify.key, CKA_VERIFY);
}
if (ret == 0) {
sig = (unsigned char *)XMALLOC(sz * 2, info->pk.eccverify.key->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (sig == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
ret = Pkcs11ECDSASig_Decode(info->pk.eccverify.sig,
info->pk.eccverify.siglen, sig, sz);
}
if (ret == 0) {
mech.mechanism = CKM_ECDSA;
mech.ulParameterLen = 0;
mech.pParameter = NULL;
rv = session->func->C_VerifyInit(session->handle, &mech, publicKey);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_VerifyInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
*info->pk.eccverify.res = 0;
rv = session->func->C_Verify(session->handle,
(CK_BYTE_PTR)info->pk.eccverify.hash,
info->pk.eccverify.hashlen,
(CK_BYTE_PTR)sig, sz * 2);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_Verify", rv);
#endif
if (rv == CKR_SIGNATURE_INVALID) {
}
else if (rv != CKR_OK)
ret = WC_HW_E;
else
*info->pk.eccverify.res = 1;
}
if (publicKey != NULL_PTR)
session->func->C_DestroyObject(session->handle, publicKey);
if (sig != NULL)
XFREE(sig, info->pk.eccverify.key->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif
#ifndef NO_RSA
/**
* Check the private RSA key matches the public key.
*
* @param [in] priv RSA private key.
* @param [in] publicKey Encoded RSA public key.
* @param [in] pubKeySize Length of encoded RSA public key.
* @return MEMORY_E when a memory allocation fails.
* @return MP_CMP_E when the public parts are different.
* @return 0 on success.
*/
static int wc_Pkcs11CheckPrivKey_Rsa(RsaKey* priv,
const unsigned char* publicKey, word32 pubKeySize)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
RsaKey* pub = NULL;
#else
RsaKey pub[1];
#endif
word32 keyIdx = 0;
#ifdef WOLFSSL_SMALL_STACK
pub = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
if (pub == NULL) {
ret = MEMORY_E;
}
#endif
if ((ret == 0) && (ret = wc_InitRsaKey(pub, NULL)) == 0) {
if (ret == 0) {
ret = wc_RsaPublicKeyDecode(publicKey, &keyIdx, pub, pubKeySize);
}
if (ret == 0) {
/* both keys extracted successfully now check n and e
* values are the same. This is dereferencing RsaKey */
if (mp_cmp(&(priv->n), &(pub->n)) != MP_EQ ||
mp_cmp(&(priv->e), &(pub->e)) != MP_EQ) {
ret = MP_CMP_E;
}
else
ret = 0;
}
wc_FreeRsaKey(pub);
}
#ifdef WOLFSSL_SMALL_STACK
if (pub != NULL) {
XFREE(pub, NULL, DYNAMIC_TYPE_RSA);
}
#endif
return ret;
}
/**
* Checks the RSA private key matches the RSA public key.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return MEMORY_E when a memory allocation fails.
* @return MP_CMP_E when the public parts are different.
* @return 0 on success.
*/
static int Pkcs11RsaCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_OBJECT_HANDLE privateKey;
RsaKey* priv = info->pk.rsa_check.key;
if (mp_iszero(&priv->n) || mp_iszero(&priv->e)) {
/* Get the RSA private key object. */
if (priv->labelLen > 0) {
ret = Pkcs11FindKeyByLabel(&privateKey, CKO_PRIVATE_KEY,
CKK_RSA, session, priv->label,
priv->labelLen);
}
else if (info->pk.rsa.key->idLen > 0) {
ret = Pkcs11FindKeyById(&privateKey, CKO_PRIVATE_KEY, CKK_RSA,
session, priv->id, priv->idLen);
}
else {
ret = Pkcs11FindRsaKey(&privateKey, CKO_PRIVATE_KEY, session, priv);
}
if (ret == 0) {
/* Extract the public key components. */
ret = Pkcs11GetRsaPublicKey(priv, session, privateKey);
}
}
if (ret == 0) {
/* Compare the extracted public parts with the public key. */
ret = wc_Pkcs11CheckPrivKey_Rsa(priv, info->pk.rsa_check.pubKey,
info->pk.rsa_check.pubKeySz);
}
return ret;
}
#endif
#ifdef HAVE_ECC
/**
* Check the private ECC key matches the public key.
* Do this by looking up the public key data from the associated public key.
* The public key object handle is passed in for the private key.
*
* @param [in] privateKey Handle to private key object.
* @param [in] publicKey Encoded EC public key.
* @param [in] pubKeySize Length of encoded EC public key.
* @return MEMORY_E when a memory allocation fails.
* @return MP_CMP_E when the public parts are different.
* @return 0 on success.
*/
static int wc_Pkcs11CheckPrivKey_Ecc(ecc_key* priv,
const unsigned char* publicKey, word32 pubKeySize)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
ecc_key* pub = NULL;
#else
ecc_key pub[1];
#endif
word32 keyIdx = 0;
#ifdef WOLFSSL_SMALL_STACK
pub = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
if (pub == NULL) {
ret = MEMORY_E;
}
#endif
if ((ret == 0) && (ret = wc_ecc_init(pub)) == 0) {
ret = wc_EccPublicKeyDecode(publicKey, &keyIdx, pub, pubKeySize);
if (ret == 0) {
/* both keys extracted successfully now check curve and
* pubkey. */
if ((pub->idx != priv->idx) || (wc_ecc_cmp_point(&priv->pubkey,
&pub->pubkey) != MP_EQ)) {
ret = MP_CMP_E;
}
else {
ret = 0;
}
}
wc_ecc_free(pub);
}
#ifdef WOLFSSL_SMALL_STACK
if (pub != NULL) {
XFREE(pub, NULL, DYNAMIC_TYPE_ECC);
}
#endif
return ret;
}
/**
* Checks the ECC private key matches the ECC public key.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return MEMORY_E when a memory allocation fails.
* @return MP_CMP_E when the public parts are different.
* @return 0 on success.
*/
static int Pkcs11EccCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
ecc_key* priv = info->pk.ecc_check.key;
CK_OBJECT_HANDLE privateKey;
if (mp_iszero(priv->pubkey.x) || mp_iszero(priv->pubkey.y)) {
/* Get the public key object as the private key object doesn't have
* the public point stored in it.
*/
if (priv->labelLen > 0) {
ret = Pkcs11FindKeyByLabel(&privateKey, CKO_PUBLIC_KEY, CKK_EC,
session, priv->label, priv->labelLen);
}
else if (priv->idLen > 0) {
ret = Pkcs11FindKeyById(&privateKey, CKO_PUBLIC_KEY, CKK_EC,
session, priv->id, priv->idLen);
}
else {
ret = Pkcs11FindEccKey(&privateKey, CKO_PUBLIC_KEY, session, priv,
CKA_SIGN);
}
if (ret == 0 && priv->dp == NULL) {
/* Extract the group id. */
ret = Pkcs11GetEccParams(session, privateKey, priv);
}
if (ret == 0) {
/* Extract the public point. */
ret = Pkcs11GetEccPublicKey(priv, session, privateKey);
}
}
if (ret == 0) {
/* Compare the extracted public parts with the public key. */
ret = wc_Pkcs11CheckPrivKey_Ecc(priv, info->pk.ecc_check.pubKey,
info->pk.ecc_check.pubKeySz);
}
return ret;
}
#endif
#if !defined(NO_AES) && defined(HAVE_AESGCM)
/**
* Performs the AES-GCM encryption operation.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11AesGcmEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
Aes* aes = info->cipher.aesgcm_enc.aes;
CK_GCM_PARAMS params;
CK_MECHANISM_INFO mechInfo;
CK_OBJECT_HANDLE key = NULL_PTR;
CK_MECHANISM mech;
CK_ULONG outLen;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_GCM,
&mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0)
ret = NOT_COMPILED_IN;
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-GCM Encryption Operation");
/* Create a private key object or find by label or id. */
if (aes->idLen == 0 && aes->labelLen == 0) {
ret = Pkcs11CreateSecretKey(&key, session, CKK_AES,
(unsigned char*)aes->devKey,
aes->keylen, NULL, 0, NULL, 0,
CKA_ENCRYPT);
}
else if (aes->labelLen != 0) {
ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY, CKK_AES, session,
aes->label, aes->labelLen);
}
else {
ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY, CKK_AES, session,
aes->id, aes->idLen);
}
}
if (ret == 0) {
params.pIv = (CK_BYTE_PTR)info->cipher.aesgcm_enc.iv;
params.ulIvLen = info->cipher.aesgcm_enc.ivSz;
params.pAAD = (CK_BYTE_PTR)info->cipher.aesgcm_enc.authIn;
params.ulAADLen = info->cipher.aesgcm_enc.authInSz;
params.ulTagBits = info->cipher.aesgcm_enc.authTagSz * 8;
mech.mechanism = CKM_AES_GCM;
mech.ulParameterLen = sizeof(params);
mech.pParameter = &params;
rv = session->func->C_EncryptInit(session->handle, &mech, key);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_EncryptInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
outLen = info->cipher.aesgcm_enc.sz;
rv = session->func->C_EncryptUpdate(session->handle,
(CK_BYTE_PTR)info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
info->cipher.aesgcm_enc.out,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_EncryptUpdate", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
/* Authentication tag comes out in final block. */
outLen = info->cipher.aesgcm_enc.authTagSz;
rv = session->func->C_EncryptFinal(session->handle,
info->cipher.aesgcm_enc.authTag,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_EncryptFinal", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (aes->idLen == 0 && aes->labelLen == 0 && key != NULL_PTR)
session->func->C_DestroyObject(session->handle, key);
return ret;
}
/**
* Performs the AES-GCM decryption operation.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11AesGcmDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
Aes* aes = info->cipher.aesgcm_enc.aes;
CK_GCM_PARAMS params;
CK_MECHANISM_INFO mechInfo;
CK_OBJECT_HANDLE key = NULL_PTR;
CK_MECHANISM mech;
CK_ULONG outLen;
word32 len;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_GCM,
&mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0)
ret = NOT_COMPILED_IN;
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-GCM Decryption Operation");
/* Create a private key object or find by id. */
if (aes->idLen == 0 && aes->labelLen == 0) {
ret = Pkcs11CreateSecretKey(&key, session, CKK_AES,
(unsigned char*)aes->devKey,
aes->keylen, NULL, 0, NULL, 0,
CKA_DECRYPT);
}
else if (aes->labelLen != 0) {
ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY, CKK_AES, session,
aes->label, aes->labelLen);
}
else {
ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY, CKK_AES, session,
aes->id, aes->idLen);
}
}
if (ret == 0) {
params.pIv = (CK_BYTE_PTR)info->cipher.aesgcm_dec.iv;
params.ulIvLen = info->cipher.aesgcm_dec.ivSz;
params.pAAD = (CK_BYTE_PTR)info->cipher.aesgcm_dec.authIn;
params.ulAADLen = info->cipher.aesgcm_dec.authInSz;
params.ulTagBits = info->cipher.aesgcm_dec.authTagSz * 8;
mech.mechanism = CKM_AES_GCM;
mech.ulParameterLen = sizeof(params);
mech.pParameter = &params;
rv = session->func->C_DecryptInit(session->handle, &mech, key);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_DecryptInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
outLen = len = info->cipher.aesgcm_dec.sz;
rv = session->func->C_DecryptUpdate(session->handle,
(CK_BYTE_PTR)info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
info->cipher.aesgcm_dec.out,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_DecryptUpdate", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
/* Put authentication tag in as encrypted data. */
outLen = len = (len + info->cipher.aesgcm_dec.authTagSz -
(word32)outLen);
rv = session->func->C_DecryptUpdate(session->handle,
(CK_BYTE_PTR)info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
info->cipher.aesgcm_dec.out,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_DecryptUpdate", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
outLen = len = (len - (word32)outLen);
/* Decrypted data comes out now. */
rv = session->func->C_DecryptFinal(session->handle,
info->cipher.aesgcm_dec.out,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_DecryptFinal", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (aes->idLen == 0 && aes->labelLen == 0 && key != NULL_PTR)
session->func->C_DestroyObject(session->handle, key);
return ret;
}
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
/**
* Performs the AES-CBC encryption operation.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11AesCbcEncrypt(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
Aes* aes = info->cipher.aescbc.aes;
CK_MECHANISM_INFO mechInfo;
CK_OBJECT_HANDLE key = NULL_PTR;
CK_MECHANISM mech;
CK_ULONG outLen;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CBC,
&mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0)
ret = NOT_COMPILED_IN;
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-CBC Encryption Operation");
/* Create a private key object or find by id. */
if (aes->idLen == 0 && aes->labelLen == 0) {
ret = Pkcs11CreateSecretKey(&key, session, CKK_AES,
(unsigned char*)aes->devKey,
aes->keylen, NULL, 0, NULL, 0,
CKA_ENCRYPT);
}
else if (aes->labelLen != 0) {
ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY, CKK_AES, session,
aes->label, aes->labelLen);
}
else {
ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY, CKK_AES, session,
aes->id, aes->idLen);
}
}
if (ret == 0) {
mech.mechanism = CKM_AES_CBC;
mech.ulParameterLen = AES_BLOCK_SIZE;
mech.pParameter = (CK_BYTE_PTR)info->cipher.aescbc.aes->reg;
rv = session->func->C_EncryptInit(session->handle, &mech, key);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_EncryptInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
outLen = info->cipher.aescbc.sz;
rv = session->func->C_Encrypt(session->handle,
(CK_BYTE_PTR)info->cipher.aescbc.in,
info->cipher.aescbc.sz,
info->cipher.aescbc.out,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_Encrypt", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (aes->idLen == 0 && aes->labelLen == 0 && key != NULL_PTR)
session->func->C_DestroyObject(session->handle, key);
return ret;
}
/**
* Performs the AES-CBC decryption operation.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return MEMORY_E when a memory allocation fails.
* @return 0 on success.
*/
static int Pkcs11AesCbcDecrypt(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
Aes* aes = info->cipher.aescbc.aes;
CK_MECHANISM_INFO mechInfo;
CK_OBJECT_HANDLE key = NULL_PTR;
CK_MECHANISM mech;
CK_ULONG outLen;
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CBC,
&mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0)
ret = NOT_COMPILED_IN;
if (ret == 0) {
WOLFSSL_MSG("PKCS#11: AES-CBC Decryption Operation");
/* Create a private key object or find by id. */
if (aes->idLen == 0 && aes->labelLen == 0) {
ret = Pkcs11CreateSecretKey(&key, session, CKK_AES,
(unsigned char*)aes->devKey,
aes->keylen, NULL, 0, NULL, 0,
CKA_DECRYPT);
}
else if (aes->labelLen != 0) {
ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY, CKK_AES, session,
aes->label, aes->labelLen);
}
else {
ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY, CKK_AES, session,
aes->id, aes->idLen);
}
}
if (ret == 0) {
mech.mechanism = CKM_AES_CBC;
mech.ulParameterLen = AES_BLOCK_SIZE;
mech.pParameter = (CK_BYTE_PTR)info->cipher.aescbc.aes->reg;
rv = session->func->C_DecryptInit(session->handle, &mech, key);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_DecryptInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (ret == 0) {
outLen = info->cipher.aescbc.sz;
rv = session->func->C_DecryptUpdate(session->handle,
(CK_BYTE_PTR)info->cipher.aescbc.in,
info->cipher.aescbc.sz,
info->cipher.aescbc.out,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_DecryptUpdate", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
if (aes->idLen == 0 && aes->labelLen == 0 && key != NULL_PTR)
session->func->C_DestroyObject(session->handle, key);
return ret;
}
#endif
#ifndef NO_HMAC
/**
* Updates or calculates the HMAC of the data.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11Hmac(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
Hmac* hmac = info->hmac.hmac;
CK_MECHANISM_INFO mechInfo;
CK_OBJECT_HANDLE key = NULL_PTR;
CK_MECHANISM mech;
CK_ULONG outLen;
int mechType;
int keyType;
if (hmac->innerHashKeyed == WC_HMAC_INNER_HASH_KEYED_SW)
ret = NOT_COMPILED_IN;
if (ret == 0)
ret = Pkcs11HmacTypes(info->hmac.macType, &mechType, &keyType);
if (ret == 0) {
/* Check operation is supported. */
rv = session->func->C_GetMechanismInfo(session->slotId, mechType,
&mechInfo);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GetMechanismInfo", rv);
#endif
if (rv != CKR_OK || (mechInfo.flags & CKF_SIGN) == 0)
ret = NOT_COMPILED_IN;
}
/* Check whether key been used to initialized. */
if (ret == 0 && !hmac->innerHashKeyed) {
WOLFSSL_MSG("PKCS#11: HMAC Init");
/* Check device supports key length. */
if (mechInfo.ulMaxKeySize > 0 &&
(hmac->keyLen < mechInfo.ulMinKeySize ||
hmac->keyLen > mechInfo.ulMaxKeySize)) {
WOLFSSL_MSG("PKCS#11: Key Length not supported");
ret = NOT_COMPILED_IN;
}
/* Create a private key object or find by id. */
if (ret == 0 && hmac->idLen == 0 && hmac->labelLen == 0) {
ret = Pkcs11CreateSecretKey(&key, session, keyType,
(unsigned char*)hmac->keyRaw, hmac->keyLen,
NULL, 0, NULL, 0, CKA_SIGN);
if (ret == WC_HW_E) {
ret = Pkcs11CreateSecretKey(&key, session, CKK_GENERIC_SECRET,
(unsigned char*)hmac->keyRaw, hmac->keyLen,
NULL, 0, NULL, 0, CKA_SIGN);
}
}
else if (ret == 0 && hmac->labelLen != 0) {
ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY, keyType, session,
hmac->label, hmac->labelLen);
if (ret == WC_HW_E) {
ret = Pkcs11FindKeyByLabel(&key, CKO_SECRET_KEY,
CKK_GENERIC_SECRET, session,
hmac->label, hmac->labelLen);
}
}
else if (ret == 0) {
ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY, keyType, session,
hmac->id, hmac->idLen);
if (ret == WC_HW_E) {
ret = Pkcs11FindKeyById(&key, CKO_SECRET_KEY,
CKK_GENERIC_SECRET, session, hmac->id,
hmac->idLen);
}
}
/* Initialize HMAC operation */
if (ret == 0) {
mech.mechanism = mechType;
mech.ulParameterLen = 0;
mech.pParameter = NULL;
rv = session->func->C_SignInit(session->handle, &mech, key);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_SignInit", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
}
/* Don't initialize HMAC again if this succeeded */
if (ret == 0)
hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_DEV;
}
/* Update the HMAC if input data passed in. */
if (ret == 0 && info->hmac.inSz > 0) {
WOLFSSL_MSG("PKCS#11: HMAC Update");
rv = session->func->C_SignUpdate(session->handle,
(CK_BYTE_PTR)info->hmac.in,
info->hmac.inSz);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_SignUpdate", rv);
#endif
/* Some algorithm implementations only support C_Sign. */
if (rv == CKR_MECHANISM_INVALID) {
WOLFSSL_MSG("PKCS#11: HMAC Update/Final not supported");
ret = NOT_COMPILED_IN;
/* Allow software implementation to set key. */
hmac->innerHashKeyed = 0;
}
else if (rv != CKR_OK)
ret = WC_HW_E;
}
/* Calculate the HMAC result if output buffer specified. */
if (ret == 0 && info->hmac.digest != NULL) {
WOLFSSL_MSG("PKCS#11: HMAC Final");
outLen = WC_MAX_DIGEST_SIZE;
rv = session->func->C_SignFinal(session->handle,
(CK_BYTE_PTR)info->hmac.digest,
&outLen);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_SignFinal", rv);
#endif
/* Some algorithm implementations only support C_Sign. */
if (rv != CKR_OK) {
ret = WC_HW_E;
}
else
hmac->innerHashKeyed = 0;
}
if (hmac->idLen == 0 && hmac->labelLen == 0 && key != NULL_PTR)
session->func->C_DestroyObject(session->handle, key);
return ret;
}
#endif
#ifndef WC_NO_RNG
#ifndef HAVE_HASHDRBG
/**
* Performs random number generation.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11RandomBlock(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
rv = session->func->C_GenerateRandom(session->handle, info->rng.out,
info->rng.sz);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GenerateRandom", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
return ret;
}
#endif
/**
* Generates entropy (seed) data.
*
* @param [in] session Session object.
* @param [in] info Cryptographic operation data.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
static int Pkcs11RandomSeed(Pkcs11Session* session, wc_CryptoInfo* info)
{
int ret = 0;
CK_RV rv;
rv = session->func->C_GenerateRandom(session->handle, info->seed.seed,
info->seed.sz);
#ifdef WOLFSSL_DEBUG_PKCS11
pkcs11_rv("C_GenerateRandom", rv);
#endif
if (rv != CKR_OK) {
ret = WC_HW_E;
}
return ret;
}
#endif
/**
* Perform a cryptographic operation using PKCS#11 device.
*
* @param [in] devId Device identifier.
* @param [in] info Cryptographic operation data.
* @param [in] ctx Context data for device - the token object.
* @return WC_HW_E when a PKCS#11 library call fails.
* @return 0 on success.
*/
int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
{
int ret = 0;
Pkcs11Token* token = (Pkcs11Token*)ctx;
Pkcs11Session session;
int readWrite = 0;
if (devId <= INVALID_DEVID || info == NULL || ctx == NULL)
ret = BAD_FUNC_ARG;
/* Open and close a session around each operation as the operation may not
* be compiled in.
*/
if (ret == 0) {
if (info->algo_type == WC_ALGO_TYPE_PK) {
#if !defined(NO_RSA) || defined(HAVE_ECC)
switch (info->pk.type) {
#ifndef NO_RSA
case WC_PK_TYPE_RSA:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11Rsa(&session, info);
Pkcs11CloseSession(token, &session);
}
break;
#ifdef WOLFSSL_KEY_GEN
case WC_PK_TYPE_RSA_KEYGEN:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11RsaKeyGen(&session, info);
Pkcs11CloseSession(token, &session);
}
break;
#endif
case WC_PK_TYPE_RSA_CHECK_PRIV_KEY:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11RsaCheckPrivKey(&session, info);
Pkcs11CloseSession(token, &session);
}
break;
#endif
#ifdef HAVE_ECC
#ifndef NO_PKCS11_EC_KEYGEN
case WC_PK_TYPE_EC_KEYGEN:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11EcKeyGen(&session, info);
Pkcs11CloseSession(token, &session);
}
break;
#endif
#ifndef NO_PKCS11_ECDH
case WC_PK_TYPE_ECDH:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11ECDH(&session, info);
Pkcs11CloseSession(token, &session);
}
break;
#endif
case WC_PK_TYPE_ECDSA_SIGN:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11ECDSA_Sign(&session, info);
Pkcs11CloseSession(token, &session);
}
break;
case WC_PK_TYPE_ECDSA_VERIFY:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11ECDSA_Verify(&session, info);
Pkcs11CloseSession(token, &session);
}
break;
case WC_PK_TYPE_EC_CHECK_PRIV_KEY:
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11EccCheckPrivKey(&session, info);
Pkcs11CloseSession(token, &session);
}
break;
#endif
default:
ret = NOT_COMPILED_IN;
break;
}
#else
ret = NOT_COMPILED_IN;
#endif /* !NO_RSA || HAVE_ECC */
}
else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#ifndef NO_AES
switch (info->cipher.type) {
#ifdef HAVE_AESGCM
case WC_CIPHER_AES_GCM:
if (info->cipher.enc) {
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11AesGcmEncrypt(&session, info);
Pkcs11CloseSession(token, &session);
}
}
else {
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11AesGcmDecrypt(&session, info);
Pkcs11CloseSession(token, &session);
}
}
break;
#endif
#ifdef HAVE_AES_CBC
case WC_CIPHER_AES_CBC:
if (info->cipher.enc) {
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11AesCbcEncrypt(&session, info);
Pkcs11CloseSession(token, &session);
}
}
else {
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11AesCbcDecrypt(&session, info);
Pkcs11CloseSession(token, &session);
}
}
break;
#endif
}
#else
ret = NOT_COMPILED_IN;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
#ifndef NO_HMAC
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11Hmac(&session, info);
Pkcs11CloseSession(token, &session);
}
#else
ret = NOT_COMPILED_IN;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_RNG) {
#if !defined(WC_NO_RNG) && !defined(HAVE_HASHDRBG)
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11RandomBlock(&session, info);
Pkcs11CloseSession(token, &session);
}
#else
ret = NOT_COMPILED_IN;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG
ret = Pkcs11OpenSession(token, &session, readWrite);
if (ret == 0) {
ret = Pkcs11RandomSeed(&session, info);
Pkcs11CloseSession(token, &session);
}
#else
ret = NOT_COMPILED_IN;
#endif
}
else
ret = NOT_COMPILED_IN;
}
return ret;
}
#endif /* HAVE_PKCS11 */
Reference in New Issue View Git Blame Copy Permalink