Skip to content

Commit

Permalink
Bring in support for MAXQ1065
Browse files Browse the repository at this point in the history
  • Loading branch information
anhu committed Nov 13, 2024
1 parent 17d5d53 commit a3bd0ee
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 13 deletions.
24 changes: 21 additions & 3 deletions src/crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -2465,7 +2465,7 @@ CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey)
{
int ret;
int ret = 0;
WP11_Session* session;
WP11_Object* obj = NULL;
CK_KEY_TYPE type;
Expand All @@ -2479,10 +2479,27 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
return CKR_ARGUMENTS_BAD;

ret = WP11_Object_Find(session, hKey, &obj);
if (ret != 0)
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
if ((ret != 0) && (hKey == 0) && (pMechanism->mechanism == CKM_ECDSA)) {
if (pMechanism->pParameter != NULL || pMechanism->ulParameterLen != 0) {
return CKR_MECHANISM_PARAM_INVALID;
}

/* Do not worry; the private key is pre-provisioned, but note there is
* no object to set. */
init = WP11_INIT_ECDSA_SIGN;
WP11_Session_SetMechanism(session, pMechanism->mechanism);
WP11_Session_SetOpInitialized(session, init);

return CKR_OK;
} else
#endif
if (ret != 0) {
return CKR_OBJECT_HANDLE_INVALID;
}

type = WP11_Object_GetType(obj);

switch (pMechanism->mechanism) {
#ifndef NO_RSA
case CKM_RSA_X_509:
Expand Down Expand Up @@ -2681,8 +2698,9 @@ CK_RV C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
#endif
#ifdef HAVE_ECC
case CKM_ECDSA:
if (!WP11_Session_IsOpInitialized(session, WP11_INIT_ECDSA_SIGN))
if (!WP11_Session_IsOpInitialized(session, WP11_INIT_ECDSA_SIGN)) {
return CKR_OPERATION_NOT_INITIALIZED;
}

sigLen = WP11_Ec_SigLen(obj);
if (pSignature == NULL) {
Expand Down
30 changes: 22 additions & 8 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,10 @@
#define WOLFPKCS11_NEED_RSA_RNG
#endif

#if defined(WOLFPKCS11_TPM) && defined(WOLFSSL_MAXQ10XX_CRYPTO)
#error "wolfTPM and MAXQ10XX are incompatable with each other."
#endif

/* Size of hash calculated from PIN. */
#define PIN_HASH_SZ 32
/* Size of seed used when calculating hash from PIN. */
Expand Down Expand Up @@ -3380,8 +3384,10 @@ static int wp11_Slot_Init(WP11_Slot* slot, int id)

ret = WP11_Lock_Init(&slot->lock);
if (ret == 0) {
#ifdef WOLFPKCS11_TPM
#if defined(WOLFPKCS11_TPM)
ret = wp11_TpmInit(slot);
#elif defined (WOLFSSL_MAXQ10XX_CRYPTO)
slot->devId = MAXQ_DEVICE_ID;
#endif
/* Create the minimum number of unused sessions. */
for (i = 0; ret == 0 && i < WP11_SESSION_CNT_MIN; i++) {
Expand Down Expand Up @@ -3447,8 +3453,16 @@ int WP11_Library_Init(void)

if (libraryInitCount == 0) {
ret = WP11_Lock_Init(&globalLock);
if (ret == 0)
if (ret == 0) {
#ifdef WOLFSSL_MAXQ10XX_CRYPTO
ret = wolfCrypt_Init();
if (ret == 0) {
ret = wc_InitRng_ex(&globalRandom, NULL, MAXQ_DEVICE_ID);
}
#else
ret = wc_InitRng(&globalRandom);
#endif
}
for (i = 0; (ret == 0) && (i < slotCnt); i++) {
ret = wp11_Slot_Init(&slotList[i], i + 1);
}
Expand Down Expand Up @@ -4567,7 +4581,7 @@ int WP11_Session_SetCbcParams(WP11_Session* session, unsigned char* iv,
WP11_Data* key;

/* AES object on session. */
ret = wc_AesInit(&cbc->aes, NULL, INVALID_DEVID);
ret = wc_AesInit(&cbc->aes, NULL, session->devId);
if (ret == 0) {
if (object->onToken)
WP11_Lock_LockRO(object->lock);
Expand Down Expand Up @@ -7441,7 +7455,7 @@ int WP11_EC_Derive(unsigned char* point, word32 pointLen, unsigned char* key,
WC_RNG rng;
#endif

ret = wc_ecc_init_ex(&pubKey, NULL, INVALID_DEVID);
ret = wc_ecc_init_ex(&pubKey, NULL, priv->slot->devId);
if (ret == 0) {
ret = wc_ecc_import_x963(point, pointLen, &pubKey);
}
Expand Down Expand Up @@ -8062,7 +8076,7 @@ int WP11_AesGcm_Encrypt(unsigned char* plain, word32 plainSz,
word32 authTagSz = gcm->tagBits / 8;
unsigned char* authTag = enc + plainSz;

ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
ret = wc_AesInit(&aes, NULL, session->devId);
if (ret == 0) {
if (secret->onToken)
WP11_Lock_LockRO(secret->lock);
Expand Down Expand Up @@ -8114,7 +8128,7 @@ int WP11_AesGcm_EncryptUpdate(unsigned char* plain, word32 plainSz,
word32 authTagSz = gcm->tagBits / 8;
unsigned char* authTag = gcm->authTag;

ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
ret = wc_AesInit(&aes, NULL, session->devId);
if (ret == 0) {
if (secret->onToken)
WP11_Lock_LockRO(secret->lock);
Expand Down Expand Up @@ -8194,7 +8208,7 @@ int WP11_AesGcm_Decrypt(unsigned char* enc, word32 encSz, unsigned char* dec,
word32 authTagSz = gcm->tagBits / 8;
unsigned char* authTag = enc + encSz - authTagSz;

ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
ret = wc_AesInit(&aes, NULL, session->devId);
if (ret == 0) {
if (secret->onToken) {
WP11_Lock_LockRO(secret->lock);
Expand Down Expand Up @@ -8379,7 +8393,7 @@ int WP11_Hmac_Init(CK_MECHANISM_TYPE mechanism, WP11_Object* secret,
if (ret == 0)
hmac->hmacSz = wc_HmacSizeByType(hashType);
if (ret == 0)
ret = wc_HmacInit(&hmac->hmac, NULL, INVALID_DEVID);
ret = wc_HmacInit(&hmac->hmac, NULL, secret->slot->devId);
if (ret == 0) {
if (secret->onToken)
WP11_Lock_LockRO(secret->lock);
Expand Down
13 changes: 11 additions & 2 deletions tests/pkcs11test.c
Original file line number Diff line number Diff line change
Expand Up @@ -2930,8 +2930,8 @@ static CK_RV test_pubkey_sig_fail(CK_SESSION_HANDLE session, CK_MECHANISM* mech,
CHECK_CKR_FAIL(ret, CKR_OPERATION_NOT_INITIALIZED, "Verify wrong init");
}
if (ret == CKR_OK) {
ret = funcList->C_VerifyInit(session, mech, pub);
CHECK_CKR(ret, "Verify Init");
ret = funcList->C_VerifyInit(session, mech, pub);
CHECK_CKR(ret, "Verify Init");
}
if (ret == CKR_OK) {
ret = funcList->C_Sign(session, hash, hashSz, out, &outSz);
Expand Down Expand Up @@ -3794,11 +3794,13 @@ static CK_RV test_rsa_fixed_keys_oaep(void* args)
0);
CHECK_CKR(ret, "SHA1 No AAD");
}
#ifdef WOLFSSL_SHA224
if (ret == CKR_OK) {
ret = rsa_oaep_test(session, priv, pub, CKM_SHA224, CKG_MGF1_SHA224,
NULL, 0);
CHECK_CKR(ret, "SHA224 No AAD");
}
#endif
if (ret == CKR_OK) {
ret = rsa_oaep_test(session, priv, pub, CKM_SHA384, CKG_MGF1_SHA384,
NULL, 0);
Expand Down Expand Up @@ -3893,10 +3895,12 @@ static CK_RV test_rsa_fixed_keys_pss(void* args)
ret = rsa_pss_test(session, priv, pub, CKM_SHA1, CKG_MGF1_SHA1, 20);
CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA1");
}
#ifdef WOLFSSL_SHA224
if (ret == CKR_OK) {
ret = rsa_pss_test(session, priv, pub, CKM_SHA224, CKG_MGF1_SHA224, 28);
CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA224");
}
#endif
if (ret == CKR_OK) {
ret = rsa_pss_test(session, priv, pub, CKM_SHA384, CKG_MGF1_SHA384, 48);
CHECK_CKR(ret, "RSA PKCS#1 PSS - SHA384");
Expand Down Expand Up @@ -4819,10 +4823,15 @@ static CK_RV ecdsa_test(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKey,
ret = funcList->C_VerifyInit(session, &mech, pubKey);
CHECK_CKR(ret, "ECDSA Verify Init");
}
#ifndef WOLFSSL_MAXQ10XX_CRYPTO
/* In the case of MAXQ1065 it will be signed by the pre-provisioned private
* key so verify operation will fail as this is NOT the corresponding
* public key. */
if (ret == CKR_OK) {
ret = funcList->C_Verify(session, hash, hashSz, out, outSz);
CHECK_CKR(ret, "ECDSA Verify");
}
#endif
if (ret == CKR_OK) {
ret = funcList->C_Verify(session, hash, hashSz - 1, out, outSz);
CHECK_CKR_FAIL(ret, CKR_SIGNATURE_INVALID, "ECDSA Verify bad hash");
Expand Down

0 comments on commit a3bd0ee

Please sign in to comment.