From b66a75936f67b0226930218d882203162a519b84 Mon Sep 17 00:00:00 2001 From: Paul Bartell Date: Wed, 7 Dec 2022 13:57:39 -0800 Subject: [PATCH] mbedtls-pkcs11: Separate mbedtls rng pkcs11 callback into separate file --- .../fleet_provisioning_demo.vcxproj | 3 +- .../fleet_provisioning_demo.vcxproj.filters | 5 +- .../pkcs11_operations.c | 4 +- .../corePKCS11_MQTT_Mutual_Auth.vcxproj | 3 +- ...orePKCS11_MQTT_Mutual_Auth.vcxproj.filters | 2 +- .../network_transport/mbedtls_pk_pkcs11.c | 38 --------- .../{mbedtls_pk_pkcs11.h => mbedtls_pkcs11.h} | 16 ++-- .../network_transport/mbedtls_rng_pkcs11.c | 80 +++++++++++++++++++ .../transport_mbedtls_pkcs11.c | 2 +- 9 files changed, 100 insertions(+), 53 deletions(-) rename FreeRTOS-Plus/Source/Application-Protocols/network_transport/{mbedtls_pk_pkcs11.h => mbedtls_pkcs11.h} (85%) create mode 100644 FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj index 3441d853f..9f938a635 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj @@ -164,6 +164,7 @@ + @@ -189,7 +190,7 @@ - + diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj.filters b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj.filters index 6e191516e..078f7d2a8 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj.filters +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj.filters @@ -108,6 +108,9 @@ Additional Network Transport Files\TCP Sockets Wrapper + PKCS11 + MbedTLS Transport + + Additional Network Transport Files\TCP Sockets Wrapper + PKCS11 + MbedTLS Transport + Additional Network Transport Files\TCP Sockets Wrapper + PKCS11 + MbedTLS Transport @@ -176,7 +179,7 @@ Headers - + Additional Network Transport Files\TCP Sockets Wrapper + PKCS11 + MbedTLS Transport\include diff --git a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c index d5ff833cf..a9f9b6e19 100644 --- a/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c +++ b/FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c @@ -44,7 +44,7 @@ #include "core_pkcs11_config.h" #include "core_pki_utils.h" #include "mbedtls_utils.h" -#include "mbedtls_pk_pkcs11.h" +#include "mbedtls_pkcs11.h" /* MbedTLS include. */ #include "mbedtls/error.h" @@ -257,7 +257,7 @@ bool xGenerateKeyAndCsr( CK_SESSION_HANDLE xP11Session, mbedtls_x509write_csr_set_key( &xReq, &xPrivKey ); ulMbedtlsRet = mbedtls_x509write_csr_pem( &xReq, ( unsigned char * ) pcCsrBuffer, - xCsrBufferLength, &lPKCS11RandomCallback, + xCsrBufferLength, &lMbedCryptoRngCallbackPKCS11, &xP11Session ); } diff --git a/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj b/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj index d3e741c47..f989b3c6c 100644 --- a/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj +++ b/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj @@ -159,6 +159,7 @@ + @@ -172,7 +173,7 @@ - + diff --git a/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters b/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters index 43e4a14b0..22bf9c090 100644 --- a/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters +++ b/FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters @@ -98,7 +98,7 @@ Additional Network Transport Files\TCP Sockets Wrapper + MbedTLS Transport\include - + Additional Network Transport Files\TCP Sockets Wrapper + MbedTLS Transport\include diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c index f4549666b..510f6e8e1 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c @@ -387,44 +387,6 @@ CK_RV xPKCS11_initMbedtlsPkContext( mbedtls_pk_context * pxMbedtlsPkCtx, /*-----------------------------------------------------------*/ -int lPKCS11RandomCallback( void * pvCtx, - unsigned char * pucOutput, - size_t uxLen ) -{ - int lRslt; - CK_FUNCTION_LIST_PTR pxFunctionList = NULL; - CK_SESSION_HANDLE * pxSessionHandle = ( CK_SESSION_HANDLE * ) pvCtx; - - if( pucOutput == NULL ) - { - lRslt = -1; - } - else if( pvCtx == NULL ) - { - lRslt = -1; - LogError( ( "pvCtx must not be NULL." ) ); - } - else - { - lRslt = ( int ) C_GetFunctionList( &pxFunctionList ); - } - - if( ( lRslt != CKR_OK ) || - ( pxFunctionList == NULL ) || - ( pxFunctionList->C_GenerateRandom == NULL ) ) - { - lRslt = -1; - } - else - { - lRslt = ( int ) pxFunctionList->C_GenerateRandom( *pxSessionHandle, pucOutput, uxLen ); - } - - return lRslt; -} - -/*-----------------------------------------------------------*/ - static void * p11_ecdsa_ctx_alloc( void ) { void * pvCtx = NULL; diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.h b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pkcs11.h similarity index 85% rename from FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.h rename to FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pkcs11.h index d3c5105b1..d5e9ed6dc 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.h +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pkcs11.h @@ -24,8 +24,8 @@ * */ -#ifndef MBEDTLS_PK_PKCS11_H -#define MBEDTLS_PK_PKCS11_H +#ifndef MBEDTLS_PKCS11_H +#define MBEDTLS_PKCS11_H #include #include "mbedtls/pk.h" @@ -47,16 +47,16 @@ CK_RV xPKCS11_initMbedtlsPkContext( mbedtls_pk_context * pxMbedtlsPkCtx, CK_OBJECT_HANDLE xPkHandle ); /** - * @brief Callback to generate random data with the PKCS11 module. + * @brief Callback to generate random data with the PKCS11 API. * - * @param[in] pvCtx void pointer to the + * @param[in] pvCtx void pointer to a PKCS11 Session handle. * @param[in] pucRandom Byte array to fill with random data. * @param[in] xRandomLength Length of byte array. * * @return 0 on success. */ -int lPKCS11RandomCallback( void * pvCtx, - unsigned char * pucOutput, - size_t uxLen ); +int lMbedCryptoRngCallbackPKCS11( void * pvCtx, + unsigned char * pucOutput, + size_t uxLen ); -#endif /* MBEDTLS_PK_PKCS11_H */ +#endif /* MBEDTLS_PKCS11_H */ diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c new file mode 100644 index 000000000..5228aa15b --- /dev/null +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c @@ -0,0 +1,80 @@ +/* + * FreeRTOS V202211.00 + * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * https://www.FreeRTOS.org + * https://github.com/FreeRTOS + * + */ + +#include "logging_levels.h" + +#define LIBRARY_LOG_NAME "MbedTLSRNGP11" +#define LIBRARY_LOG_LEVEL LOG_ERROR + +#include "logging_stack.h" + +/** + * @file mbedtls_rng_pkcs11.c + * @brief Implements an mbedtls RNG callback using the PKCS#11 API + */ + +#include "core_pkcs11_config.h" +#include "core_pkcs11.h" + +/*-----------------------------------------------------------*/ + +int lMbedCryptoRngCallbackPKCS11( void * pvCtx, + unsigned char * pucOutput, + size_t uxLen ) +{ + int lRslt; + CK_FUNCTION_LIST_PTR pxFunctionList = NULL; + CK_SESSION_HANDLE * pxSessionHandle = ( CK_SESSION_HANDLE * ) pvCtx; + + if( pucOutput == NULL ) + { + lRslt = -1; + } + else if( pvCtx == NULL ) + { + lRslt = -1; + LogError( ( "pvCtx must not be NULL." ) ); + } + else + { + lRslt = ( int ) C_GetFunctionList( &pxFunctionList ); + } + + if( ( lRslt != CKR_OK ) || + ( pxFunctionList == NULL ) || + ( pxFunctionList->C_GenerateRandom == NULL ) ) + { + lRslt = -1; + } + else + { + lRslt = ( int ) pxFunctionList->C_GenerateRandom( *pxSessionHandle, pucOutput, uxLen ); + } + + return lRslt; +} + +/*-----------------------------------------------------------*/ diff --git a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c index 0fa3421df..96d049a43 100644 --- a/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c +++ b/FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c @@ -52,7 +52,7 @@ /* TLS transport header. */ #include "transport_mbedtls_pkcs11.h" -#include "mbedtls_pk_pkcs11.h" +#include "mbedtls_pkcs11.h" /* PKCS #11 includes. */ #include "core_pkcs11_config.h"