Skip to content

Commit

Permalink
Merge branch 'main' into undefine-paste-macro-for-armclang
Browse files Browse the repository at this point in the history
  • Loading branch information
@urutva
urutva authored Oct 25, 2024
2 parents 6816d62 + 664d22a commit fab126a
Show file tree
Hide file tree
Showing 67 changed files with 742 additions and 104 deletions.
5 changes: 5 additions & 0 deletions .github/.cSpellWords.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ DUNITTEST
DUNITY
ecdh
ecjpake
EABNVYL
ECKEY
FAAOCAQE
Fithb
Expand All @@ -51,6 +52,7 @@ HKDF
isystem
JITP
JITR
JLATES
Karthikeyan
lcov
LPDWORD
Expand Down Expand Up @@ -103,11 +105,14 @@ utest
vect
Vect
VECT
VEIQ
VQIDAQAB
Wunused
xfindobjectwithlabelandclass
xgetslotlist
xinitializepkcs
xtea
XTEA
yfiv
zeroize
ZEROIZE
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# Change Log for corePKCS11 Library

## v3.6.2 (October 2024)
* [#202](https://github.com/FreeRTOS/corePKCS11/pull/202) Export RSA key attributes from mbedtls context to support TLSv1.3

## v3.6.1 (June 2024)
* Fix doxygen deployment on Github.

Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ safety through the
See memory requirements for this library
[here](./docs/doxygen/include/size_table.md).

**corePKCS11 v3.6.1
[source code](https://github.com/FreeRTOS/corePKCS11/tree/v3.6.1/source) is part
**corePKCS11 v3.6.2
[source code](https://github.com/FreeRTOS/corePKCS11/tree/v3.6.2/source) is part
of the
[FreeRTOS 202406.00 LTS](https://github.com/FreeRTOS/FreeRTOS-LTS/tree/202406.00-LTS)
release.**
Expand Down Expand Up @@ -192,7 +192,7 @@ locations below:
| Location |
| :------------------------------------------------------------------------------------------------------------------: |
| [AWS IoT Device SDK for Embedded C](https://github.com/aws/aws-iot-device-sdk-embedded-C#releases-and-documentation) |
| [FreeRTOS.org](https://freertos.org/Documentation/api-ref/corePKCS11/docs/doxygen/output/html/index.html) |
| [FreeRTOS.org](https://freertos.github.io/corePKCS11/v3.6.1/) |

Note that the latest included version of corePKCS11 may differ across
repositories.
Expand Down
2 changes: 1 addition & 1 deletion docs/doxygen/config.doxyfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ PROJECT_NAME = corePKCS11
# could be handy for archiving the generated documentation or if some version
# control system is used.

PROJECT_NUMBER = v3.6.1
PROJECT_NUMBER = v3.6.2

# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a
Expand Down
8 changes: 4 additions & 4 deletions docs/doxygen/include/size_table.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@
</tr>
<tr>
<td>core_pkcs11_mbedtls.c</td>
<td><center>9.0K</center></td>
<td><center>7.4K</center></td>
<td><center>9.4K</center></td>
<td><center>7.7K</center></td>
</tr>
<tr>
<td><b>Total estimates</b></td>
<td><b><center>10.3K</center></b></td>
<td><b><center>8.4K</center></b></td>
<td><b><center>10.7K</center></b></td>
<td><b><center>8.7K</center></b></td>
</tr>
</table>
2 changes: 1 addition & 1 deletion manifest.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: "corePKCS11"
version: "v3.6.1"
version: "v3.6.2"
description: "Software implementation of the PKCS #11 standard."
license: "MIT"

Expand Down
2 changes: 1 addition & 1 deletion source/core_pkcs11.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
2 changes: 1 addition & 1 deletion source/core_pki_utils.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
2 changes: 1 addition & 1 deletion source/dependency/3rdparty/mbedtls_utils/mbedtls_utils.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
2 changes: 1 addition & 1 deletion source/dependency/3rdparty/mbedtls_utils/mbedtls_utils.h
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
2 changes: 1 addition & 1 deletion source/include/core_pkcs11.h
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
2 changes: 1 addition & 1 deletion source/include/core_pkcs11_config_defaults.h
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
2 changes: 1 addition & 1 deletion source/include/core_pkcs11_pal.h
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
2 changes: 1 addition & 1 deletion source/include/core_pki_utils.h
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
200 changes: 190 additions & 10 deletions source/portable/mbedtls/core_pkcs11_mbedtls.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down Expand Up @@ -779,6 +779,156 @@ static CK_RV prvRsaContextParse( const CK_ATTRIBUTE * pxAttribute,
return xResult;
}

/**
* @brief Populates attribute values for an RSA key from the mbed TLS context.
*/
static CK_RV prvGetAttributesFromRsaContext( CK_ATTRIBUTE * pxAttribute,
const mbedtls_rsa_context * pxRsaContext )
{
CK_RV xResult = CKR_OK;
int32_t lMbedTLSResult = 0;
mbedtls_mpi * pxMpi = ( mbedtls_mpi * ) pxAttribute->pValue;

mbedtls_mpi_init( pxMpi );

switch( pxAttribute->type )
{
case ( CKA_MODULUS ):

lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->N.n );

if( lMbedTLSResult == 0 )
{
lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
pxMpi, /* N */
NULL, /* P */
NULL, /* Q */
NULL, /* D */
NULL ); /* E */
}

break;

case ( CKA_PUBLIC_EXPONENT ):

lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->E.n );

if( lMbedTLSResult == 0 )
{
lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
NULL, /* N */
NULL, /* P */
NULL, /* Q */
NULL, /* D */
pxMpi ); /* E */
}

break;

case ( CKA_PRIME_1 ):

lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->P.n );

if( lMbedTLSResult == 0 )
{
lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
NULL, /* N */
pxMpi, /* P */
NULL, /* Q */
NULL, /* D */
NULL ); /* E */
}

break;

case ( CKA_PRIME_2 ):

lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->Q.n );

if( lMbedTLSResult == 0 )
{
lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
NULL, /* N */
NULL, /* P */
pxMpi, /* Q */
NULL, /* D */
NULL ); /* E */
}

break;

case ( CKA_PRIVATE_EXPONENT ):

lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->D.n );

if( lMbedTLSResult == 0 )
{
lMbedTLSResult = mbedtls_rsa_export( pxRsaContext,
NULL, /* N */
NULL, /* P */
NULL, /* Q */
pxMpi, /* D */
NULL ); /* E */
}

break;

case ( CKA_EXPONENT_1 ):

lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->DP.n );

if( lMbedTLSResult == 0 )
{
lMbedTLSResult = mbedtls_rsa_export_crt( pxRsaContext,
pxMpi, /* DP */
NULL, /* DQ */
NULL ); /* QP */
}

break;

case ( CKA_EXPONENT_2 ):

lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->DQ.n );

if( lMbedTLSResult == 0 )
{
lMbedTLSResult = mbedtls_rsa_export_crt( pxRsaContext,
NULL, /* DP */
pxMpi, /* DQ */
NULL ); /* QP */
}

break;

default:

/* This is the CKA_COEFFICIENT case. The type is checked in
* C_GetAttributeValue. */
lMbedTLSResult = mbedtls_mpi_grow( pxMpi, pxRsaContext->QP.n );

if( lMbedTLSResult == 0 )
{
lMbedTLSResult = mbedtls_rsa_export_crt( pxRsaContext,
NULL, /* DP */
NULL, /* DQ */
pxMpi ); /* QP */
}

break;
}

if( lMbedTLSResult != 0 )
{
LogError( ( "Failed to parse RSA private key attributes: mbed TLS error = %s : %s.",
mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
xResult = CKR_FUNCTION_FAILED;
}

return xResult;
}

/**
* @brief Parses attribute values for a RSA Key.
*/
Expand Down Expand Up @@ -3076,6 +3226,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession,
mbedtls_x509_crt xMbedX509Context = { 0 };
mbedtls_pk_type_t xKeyType;
const mbedtls_ecp_keypair * pxKeyPair;
const mbedtls_rsa_context * pxRsaContext;
CK_KEY_TYPE xPkcsKeyType = ( CK_KEY_TYPE ) ~0UL;
CK_OBJECT_CLASS xClass = ~0UL;
CK_BYTE_PTR pxObjectValue = NULL;
Expand Down Expand Up @@ -3294,15 +3445,6 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession,

break;

case CKA_PRIVATE_EXPONENT:

LogError( ( "Failed to parse attribute. "
"CKA_PRIVATE_EXPONENT is private data." ) );
xResult = CKR_ATTRIBUTE_SENSITIVE;
pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION;

break;

case CKA_EC_PARAMS:

if( pTemplate[ iAttrib ].pValue == NULL )
Expand Down Expand Up @@ -3384,6 +3526,44 @@ CK_DECLARE_FUNCTION( CK_RV, C_GetAttributeValue )( CK_SESSION_HANDLE hSession,

break;

case CKA_MODULUS:
case CKA_PUBLIC_EXPONENT:
case CKA_PRIME_1:
case CKA_PRIME_2:
case CKA_PRIVATE_EXPONENT:
case CKA_EXPONENT_1:
case CKA_EXPONENT_2:
case CKA_COEFFICIENT:

if( pTemplate[ iAttrib ].pValue == NULL )
{
pTemplate[ iAttrib ].ulValueLen = sizeof( mbedtls_mpi );
}
else
{
if( pTemplate[ iAttrib ].ulValueLen == sizeof( mbedtls_mpi ) )
{
pxRsaContext = ( mbedtls_rsa_context * ) xKeyContext.pk_ctx;

if( pxRsaContext != NULL )
{
xResult = prvGetAttributesFromRsaContext( &( pTemplate[ iAttrib ] ),
pxRsaContext );
}
else
{
xResult = CKR_FUNCTION_FAILED;
pTemplate[ iAttrib ].ulValueLen = CK_UNAVAILABLE_INFORMATION;
}
}
else
{
xResult = CKR_BUFFER_TOO_SMALL;
}
}

break;

default:
LogError( ( "Failed to parse attribute. Received unknown "
"attribute type." ) );
Expand Down
2 changes: 1 addition & 1 deletion source/portable/os/core_pkcs11_pal_utils.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
2 changes: 1 addition & 1 deletion source/portable/os/core_pkcs11_pal_utils.h
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* corePKCS11 v3.6.1
* corePKCS11 v3.6.2
* Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
Expand Down
Loading

0 comments on commit fab126a

Please sign in to comment.