1)Updating optiga-trust-m-pkcs11 to latest 2.25.0 version

Infineon · Jan 23, 2025 · cb62f61 · cb62f61
1 parent 6ec319e
commit cb62f61
Show file tree

Hide file tree

Showing 10 changed files with 868 additions and 221 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 2.25.0 (2025-01-23)
+* Added RSA support for PKCS11 tools and OpenSSL Engine interface
+* Added ECC256 support for PKCS11 through OpenSSL Engine interface
+
 ## 2.24.0 (2024-08-21)
 * Fixed the GPIO issue for the latest RPI OS Kernel 6.6 by using libgpiod
 * Fixed segmentation fault for sign and verify functions under error conditions
@@ -9,4 +13,4 @@
 * AWS Python examples improvement and release mode codes updates
 * Added a release script
 * Added Blackduck scan via GitLab CI
-* First release 2.x
+* First release 2.x
diff --git a/README.md b/README.md
@@ -15,6 +15,7 @@ SPDX-License-Identifier: MIT
   - [Get the latest version of PKCS#11 implementation with OPTIGA™ Trust M](#get-the-latest-version-of-pkcs11-implementation-with-optiga-trust-m)
   - [Build PKCS#11 library with OPTIGA™ Trust M](#build-pkcs11-library-with-optiga-trust-m)
   - [OpenSC Examples](#opensc-examples)
+  - [OpenSSL Examples](#openssl-examples)
   - [AWS IoT Client Example](#aws-iot-client-example)
   - [Licensing](#licensing)
 
@@ -119,6 +120,36 @@ dos2unix clean.sh
 ./clean.sh
 ```
 
+## OpenSSL Examples
+
+1. Go to  [OpenSSL_Engine_folder](./tests/openssl/openssl_engine)  to run examples in script openssl-pkcs11-libp11-ecc.sh for ECC algorithm and openssl-pkcs11-libp11-rsa.sh for RSA algorithm.
+
+For examples for ECC algorithm through OpenSSL Engine interface:
+
+From root folder :
+
+    cd tests/openssl/openssl_engine
+    chmod +x openssl-pkcs11-libp11-ecc.sh
+    dos2unix openssl-pkcs11-libp11-ecc.sh
+    ./openssl-pkcs11-libp11-ecc.sh
+
+For examples for RSA algorithm through OpenSSL Engine interface :
+
+From root folder :
+
+```
+cd tests/openssl/openssl_engine
+chmod +x openssl-pkcs11-libp11-rsa.sh
+dos2unix openssl-pkcs11-libp11-rsa.sh
+./openssl-pkcs11-libp11-rsa.sh
+```
+
+2. To clean the files generated by the execution of openssl-pkcs11-libp11-ecc.sh and openssl-pkcs11-libp11-rsa.sh, the script clean.sh can be used :
+
+    chmod +x clean.sh
+    dos2unix clean.sh
+    ./clean.sh
+
 ## AWS IoT Client Example
 
 1. Go to the [aws_python folder](./tests/aws_python) and follow the instructions to set up the AWS IoT and MQTT Client.

diff --git a/examples/utilities/include/pkcs11_optiga_trustm.h b/examples/utilities/include/pkcs11_optiga_trustm.h
@@ -86,6 +86,9 @@
 #define pkcs11DER_ENCODED_OID_BP512 \
     { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0d }
 
+#define pkcs11DER_ENCODED_OID_rsa2048 \
+    { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 }
+
 /**
  * @brief Maximum number of token objects that can be stored
  * by the PKCS #11 module.
@@ -223,6 +226,13 @@
  */
 #define pkcs11RSA_2048_SIGNATURE_LENGTH (pkcs11RSA_2048_MODULUS_BITS / 8)
 
+/**
+ *  @brief Length of PKCS11 RSA Hashing algorightm header based on PSS Padding scheme
+ */
+#define SHA256_RSA_PKCS_PSS_HEADER_LENGTH 19
+#define SHA384_RSA_PKCS_PSS_HEADER_LENGTH 19
+#define SHA512_RSA_PKCS_PSS_HEADER_LENGTH 19
+
 #include "pkcs11.h"
 
 /* System dependencies.  */