Address comments in review.

README.md

@@ -77,6 +77,14 @@ See wolfpkcs11/store.h for prototypes of functions to implement.
 
 Sets the private key's label against the public key when generating key pairs.
 
+#### MAXQ10xx
+
+Support has been added to use the maxq10xx hardware for cryptographic operations
+and storage of certificate.
+
+NOTE: In the code, we have embedded a test key. This must be changed for
+      production environments!! Please contact Analog Devices to learn how to
+      obtain and use a production key.
 
 ## Environment variables
 

src/crypto.c

@@ -2621,7 +2621,7 @@ CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
 CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
                     CK_OBJECT_HANDLE hKey)
 {
-    int ret = 0;
+    int ret;
     WP11_Session* session;
     WP11_Object* obj = NULL;
     CK_KEY_TYPE type;
@@ -2637,6 +2637,12 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
     ret = WP11_Object_Find(session, hKey, &obj);
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
     if ((ret != 0) && (hKey == 0) && (pMechanism->mechanism == CKM_ECDSA)) {
+        /* Check for the expected devId because we are not setting the object.
+         * If this wasn't MAXQ it would be strange behaviour. */
+        if (session->devId != MAXQ_DEVICE_ID) {
+            return CKR_MECHANISM_PARAM_INVALID;
+        }
+
         if (pMechanism->pParameter != NULL || pMechanism->ulParameterLen != 0) {
             return CKR_MECHANISM_PARAM_INVALID;
         }
@@ -2647,7 +2653,8 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
         WP11_Session_SetOpInitialized(session, init);
 
         return CKR_OK;
-    } else
+    }
+    else
 #endif
     if (ret != 0) {
         return CKR_OBJECT_HANDLE_INVALID;

src/internal.c

@@ -57,6 +57,9 @@
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
 #include <wolfpkcs11/port/maxim/MXQ_API.h>
 #include <wolfssl/wolfcrypt/asn.h>
+#define MAX_CERT_DATASIZE      2048
+#define MAX_SIG_DATASIZE       64
+#define ECC_KEYCOMPLEN         32
 #endif /* WOLFSSL_MAXQ10XX_CRYPTO */
 
 #if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \
@@ -1711,7 +1714,7 @@ static int wp11_Object_Load_Cert(WP11_Object* object, int tokenId, int objId)
 #include "maxq10xx_key.h"
 #else
 /* TEST KEY. This must be changed for production environments!! */
-static mxq_u1 KeyPairImport[] = {
+static const mxq_u1 KeyPairImport[] = {
     0xd0,0x97,0x31,0xc7,0x63,0xc0,0x9e,0xe3,0x9a,0xb4,0xd0,0xce,0xa7,0x89,0xab,
     0x52,0xc8,0x80,0x3a,0x91,0x77,0x29,0xc3,0xa0,0x79,0x2e,0xe6,0x61,0x8b,0x2d,
     0x53,0x70,0xcc,0xa4,0x62,0xd5,0x4a,0x47,0x74,0xea,0x22,0xfa,0xa9,0xd4,0x95,
@@ -1876,8 +1879,8 @@ static int wp11_maxq10xx_store_cert(int objId, byte *data, word32 len)
     DecodedCert decodedCert;
     byte *certBody = NULL;
 
-    mxq_u1 signature[256];
-    int    signature_len = sizeof(signature);
+    int    signature_len = MAX_SIG_DATASIZE;
+    mxq_u1 signature[MAX_SIG_DATASIZE];
 
     int           sign_key_curve = MXQ_KEYPARAM_EC_P256R1;
     int           sign_key_algo = ALGO_ECDSA_SHA_256;
@@ -1891,10 +1894,10 @@ static int wp11_maxq10xx_store_cert(int objId, byte *data, word32 len)
 
     mxq_keytype_id_t key_type = MXQ_KEYTYPE_ECC;
     mxq_keyparam_id_t mxq_keytype = MXQ_KEYPARAM_EC_P256R1;
-    int keycomplen = 32;
+    int keycomplen = ECC_KEYCOMPLEN;
 
-    mxq_u1     dest[2048];
-    mxq_length destlen = sizeof(dest);
+    mxq_length destlen = MAX_CERT_DATASIZE;
+    mxq_u1     dest[MAX_CERT_DATASIZE];
 
     int ret = 0;