mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Review comment changes

Browse Source 
Add heap as a device initialization parameter.
Allocate slot info pointer wiht device heap pointer.
ForceZero user pin on token finalization.
Add comments to structure definitions.
This commit is contained in:
Sean Parkinson 2018-10-30 15:41:25 +10:00
parent 7551e49fed
commit ab458db504
2 changed files with 25 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wolfcrypt/src/wc_pkcs11.c
View File

@ -36,6 +36,12 @@
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#define MAX_EC_PARAM_LEN 16
@ -73,7 +79,7 @@ static CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY;
* WC_HW_E when unable to get PKCS#11 function list.
* 0 on success.
*/
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library)
int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap)
{
int ret = 0;
void* func;
@ -83,6 +89,7 @@ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library)
ret = BAD_FUNC_ARG;
if (ret == 0) {
dev->heap = heap;
dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL);
if (dev->dlHandle == NULL) {
WOLFSSL_MSG(dlerror());
@ -165,7 +172,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
if (rv != CKR_OK)
ret = WC_HW_E;
if (ret == 0) {
slot = XMALLOC(slotCnt * sizeof(*slot), NULL,
slot = (CK_SLOT_ID*)XMALLOC(slotCnt * sizeof(*slot), dev->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (slot == NULL)
ret = MEMORY_E;
@ -192,7 +199,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId,
}
if (slot != NULL)
XFREE(slot, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
@ -208,6 +215,7 @@ void wc_Pkcs11Token_Final(Pkcs11Token* token)
if (token != NULL && token->func != NULL) {
token->func->C_CloseAllSessions(token->slotId);
token->handle = NULL_PTR;
ForceZero(token->userPin, token->userPinSz);
}
}
@ -963,7 +971,7 @@ static int Pkcs11RsaKeyGen(Pkcs11Session* session, wc_CryptoInfo* info)
{ CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
{ CKA_PUBLIC_EXPONENT, &pub_exp, sizeof(pub_exp) }
};
int pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
CK_ULONG pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl);
CK_ATTRIBUTE privKeyTmpl[] = {
{CKA_DECRYPT, &ckTrue, sizeof(ckTrue) },
{CKA_SIGN, &ckTrue, sizeof(ckTrue) },

24
wolfssl/wolfcrypt/wc_pkcs11.h
View File

@ -30,22 +30,23 @@
#include <wolfssl/wolfcrypt/pkcs11.h>
typedef struct Pkcs11Dev {
void* dlHandle;
CK_FUNCTION_LIST* func; /* Array of functions */
void* dlHandle; /* Handle to library */
CK_FUNCTION_LIST* func; /* Array of functions */
void* heap;
} Pkcs11Dev;
typedef struct Pkcs11Token {
CK_FUNCTION_LIST* func;
CK_SLOT_ID slotId;
CK_SESSION_HANDLE handle;
CK_UTF8CHAR_PTR userPin;
CK_ULONG userPinSz;
CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
CK_SLOT_ID slotId; /* Id of slot to use */
CK_SESSION_HANDLE handle; /* Handle to active session */
CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */
CK_ULONG userPinSz; /* Size of user's PIN in bytes */
} Pkcs11Token;
typedef struct Pkcs11Session {
CK_FUNCTION_LIST* func;
CK_SLOT_ID slotId;
CK_SESSION_HANDLE handle;
CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */
CK_SLOT_ID slotId; /* Id of slot to use */
CK_SESSION_HANDLE handle; /* Handle to active session */
} Pkcs11Session;
#ifdef __cplusplus
@ -60,7 +61,8 @@ enum Pkcs11KeyType {
};
WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library);
WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library,
void* heap);
WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev);
WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev,