From 9ac12397e589d71d3412fe56996065503437da49 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 23 Jan 2025 18:21:45 -0500 Subject: [PATCH] Address comments in review. --- README.md | 8 ++++++++ src/crypto.c | 11 +++++++++-- src/internal.c | 15 +++++++++------ 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index bff90831..4007625c 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,14 @@ See wolfpkcs11/store.h for prototypes of functions to implement. Sets the private key's label against the public key when generating key pairs. +#### MAXQ10xx + +Support has been added to use the maxq10xx hardware for cryptographic operations +and storage of certificate. + +NOTE: In the code, we have embedded a test key. This must be changed for + production environments!! Please contact Analog Devices to learn how to + obtain and use a production key. ## Environment variables diff --git a/src/crypto.c b/src/crypto.c index 0abd6e57..ab86a9cc 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -2621,7 +2621,7 @@ CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) { - int ret = 0; + int ret; WP11_Session* session; WP11_Object* obj = NULL; CK_KEY_TYPE type; @@ -2637,6 +2637,12 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, ret = WP11_Object_Find(session, hKey, &obj); #ifdef WOLFSSL_MAXQ10XX_CRYPTO if ((ret != 0) && (hKey == 0) && (pMechanism->mechanism == CKM_ECDSA)) { + /* Check for the expected devId because we are not setting the object. + * If this wasn't MAXQ it would be strange behaviour. */ + if (session->devId != MAXQ_DEVICE_ID) { + return CKR_MECHANISM_PARAM_INVALID; + } + if (pMechanism->pParameter != NULL || pMechanism->ulParameterLen != 0) { return CKR_MECHANISM_PARAM_INVALID; } @@ -2647,7 +2653,8 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, WP11_Session_SetOpInitialized(session, init); return CKR_OK; - } else + } + else #endif if (ret != 0) { return CKR_OBJECT_HANDLE_INVALID; diff --git a/src/internal.c b/src/internal.c index de252b9e..ab497a62 100644 --- a/src/internal.c +++ b/src/internal.c @@ -57,6 +57,9 @@ #ifdef WOLFSSL_MAXQ10XX_CRYPTO #include #include +#define MAX_CERT_DATASIZE 2048 +#define MAX_SIG_DATASIZE 64 +#define ECC_KEYCOMPLEN 32 #endif /* WOLFSSL_MAXQ10XX_CRYPTO */ #if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \ @@ -1711,7 +1714,7 @@ static int wp11_Object_Load_Cert(WP11_Object* object, int tokenId, int objId) #include "maxq10xx_key.h" #else /* TEST KEY. This must be changed for production environments!! */ -static mxq_u1 KeyPairImport[] = { +static const mxq_u1 KeyPairImport[] = { 0xd0,0x97,0x31,0xc7,0x63,0xc0,0x9e,0xe3,0x9a,0xb4,0xd0,0xce,0xa7,0x89,0xab, 0x52,0xc8,0x80,0x3a,0x91,0x77,0x29,0xc3,0xa0,0x79,0x2e,0xe6,0x61,0x8b,0x2d, 0x53,0x70,0xcc,0xa4,0x62,0xd5,0x4a,0x47,0x74,0xea,0x22,0xfa,0xa9,0xd4,0x95, @@ -1876,8 +1879,8 @@ static int wp11_maxq10xx_store_cert(int objId, byte *data, word32 len) DecodedCert decodedCert; byte *certBody = NULL; - mxq_u1 signature[256]; - int signature_len = sizeof(signature); + int signature_len = MAX_SIG_DATASIZE; + mxq_u1 signature[MAX_SIG_DATASIZE]; int sign_key_curve = MXQ_KEYPARAM_EC_P256R1; int sign_key_algo = ALGO_ECDSA_SHA_256; @@ -1891,10 +1894,10 @@ static int wp11_maxq10xx_store_cert(int objId, byte *data, word32 len) mxq_keytype_id_t key_type = MXQ_KEYTYPE_ECC; mxq_keyparam_id_t mxq_keytype = MXQ_KEYPARAM_EC_P256R1; - int keycomplen = 32; + int keycomplen = ECC_KEYCOMPLEN; - mxq_u1 dest[2048]; - mxq_length destlen = sizeof(dest); + mxq_length destlen = MAX_CERT_DATASIZE; + mxq_u1 dest[MAX_CERT_DATASIZE]; int ret = 0;