Skip to content

Commit

Permalink
Added NS wrappers for PKCS11 API
Browse files Browse the repository at this point in the history
  • Loading branch information
@danielinux
danielinux committed Jul 14, 2023
1 parent c529c48 commit 808b38a
Show file tree
Hide file tree
Showing 10 changed files with 1,170 additions and 6 deletions.
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ OBJS+=$(PUBLIC_KEY_OBJS)

CFLAGS+= \
-I"." -I"include/" -I"lib/wolfssl" \
-Wno-array-bounds \
-D"WOLFSSL_USER_SETTINGS" \
-D"WOLFTPM_USER_SETTINGS" \
-D"PLATFORM_$(TARGET)"
Expand Down
29 changes: 29 additions & 0 deletions config/examples/stm32l5-wcs-pkcs11.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
ARCH?=ARM
TZEN?=1
TARGET?=stm32l5
SIGN?=ECC256
HASH?=SHA256
DEBUG?=0
VTOR?=1
CORTEX_M0?=0
CORTEX_M33?=1
NO_ASM?=0
NO_MPU=1
EXT_FLASH?=0
SPI_FLASH?=0
ALLOW_DOWNGRADE?=0
NVM_FLASH_WRITEONCE?=1
WOLFBOOT_VERSION?=1
V?=0
SPMATH?=1
RAM_CODE?=0
DUALBANK_SWAP?=0
WOLFBOOT_PARTITION_SIZE?=0x1F800
WOLFBOOT_SECTOR_SIZE?=0x800
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08040000
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x805F800
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x0807F000
FLAGS_HOME=0
DISABLE_BACKUP=0
WCSM=1
SECURE_PKCS11=1
7 changes: 6 additions & 1 deletion include/user_settings.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,11 @@
#ifndef H_USER_SETTINGS_
#define H_USER_SETTINGS_

#ifdef WOLFBOOT_PKCS11_APP
# include "test-app/wcs/user_settings.h"
#else


#include <target.h>

/* System */
Expand Down Expand Up @@ -311,6 +316,6 @@ typedef unsigned long time_t;

#endif


#endif /* WOLFBOOT_PKCS11_APP */

#endif /* !H_USER_SETTINGS_ */
6 changes: 6 additions & 0 deletions test-app/ARM-stm32l5-ns.ld
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ SECTIONS
_end_text = .;
} > FLASH

.edidx :
{
. = ALIGN(4);
*(.ARM.exidx*)
} > FLASH

_stored_data = .;

.data : AT (_stored_data)
Expand Down
37 changes: 35 additions & 2 deletions test-app/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
-include ../.config
-include ../tools/config.mk
-include ../options.mk
-include ./wcs/pkcs11.mk

TARGET?=none
ARCH?=ARM
MCUXPRESSO_CMSIS?=$(MCUXPRESSO)/CMSIS
CFLAGS+=-I.
CFLAGS+=-I./wcs


ifeq ($(TARGET),sim)
Expand Down Expand Up @@ -53,6 +56,35 @@ ifeq ($(TZEN),1)
APP_OBJS+=../hal/$(TARGET)_ns.o
ifeq ($(WCSM),1)
APP_OBJS+=../src/wc_secure_calls.o
ifeq ($(SECURE_PKCS11),1)
CFLAGS+=-DWOLFSSL_USER_SETTINGS -DWOLFBOOT_PKCS11_APP
CFLAGS+=-I../lib/wolfPKCS11
APP_OBJS+=./wcs/pkcs11_test_ecc.o
APP_OBJS+=./wcs/pkcs11_stub.o
APP_OBJS+=./wcs/ecc.o
APP_OBJS+=./wcs/rsa.o
APP_OBJS+=./wcs/asn.o
APP_OBJS+=./wcs/aes.o
APP_OBJS+=./wcs/hmac.o
APP_OBJS+=./wcs/pwdbased.o
APP_OBJS+=./wcs/hash.o
APP_OBJS+=./wcs/sha256.o
APP_OBJS+=./wcs/sha512.o
APP_OBJS+=./wcs/sha3.o
APP_OBJS+=./wcs/integer.o
APP_OBJS+=./wcs/tfm.o
APP_OBJS+=./wcs/sp_c32.o
APP_OBJS+=./wcs/sp_int.o
APP_OBJS+=./wcs/cryptocb.o
APP_OBJS+=./wcs/wc_pkcs11.o
APP_OBJS+=./wcs/memory.o
APP_OBJS+=./wcs/wolfmath.o
APP_OBJS+=./wcs/dh.o
APP_OBJS+=./wcs/random.o
APP_OBJS+=./wcs/coding.o
APP_OBJS+=./wcs/wc_encrypt.o
APP_OBJS+=./wcs/wc_port.o
endif
CFLAGS+=-DWOLFBOOT_SECURE_CALLS
endif
else
Expand Down Expand Up @@ -105,8 +137,9 @@ ifeq ($(TARGET),stm32l5)
else
LSCRIPT_TEMPLATE=ARM-stm32l5.ld
endif
CFLAGS+=-mcpu=cortex-m33
CFLAGS+=-mcpu=cortex-m33 -ffunction-sections -fdata-sections -fno-common
LDFLAGS+=-mcpu=cortex-m33
LDFLAGS+=-Wl,-gc-sections -Wl,-Map=image.map
CFLAGS+=-I..
APP_OBJS+=../hal/uart/uart_drv_$(UART_TARGET).o
endif
Expand Down Expand Up @@ -290,7 +323,7 @@ standalone: image.bin
$(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^

clean:
$(Q)rm -f *.bin *.elf tags *.o $(LSCRIPT)
$(Q)rm -f *.bin *.elf tags *.o $(LSCRIPT) wcs/*.o

$(LSCRIPT): $(LSCRIPT_TEMPLATE) FORCE
$(Q)printf "%d" $(WOLFBOOT_PARTITION_BOOT_ADDRESS) > .wolfboot-offset
Expand Down
51 changes: 48 additions & 3 deletions test-app/app_stm32l5.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,15 @@
#include "wolfboot/wolfboot.h"
#include "wolfboot/wc_secure.h"

#ifdef SECURE_PKCS11
#include "wcs/user_settings.h"
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/wc_pkcs11.h>
#include <wolfssl/wolfcrypt/random.h>
extern const char pkcs11_library_name[];
extern const CK_FUNCTION_LIST wolfpkcs11nsFunctionList;
#endif

#define LED_BOOT_PIN (9) /* PA9 - Nucleo - Red Led */
#define LED_USR_PIN (7) /* PB7 - Nucleo - Green Led */
#define LED_EXTRA_PIN (7) /* PC7 - Nucleo - Blue Led */
Expand Down Expand Up @@ -101,18 +110,24 @@ void usr_led_off(void)
static char CaBuf[2048];
static uint8_t my_pubkey[200];

extern int ecdsa_sign_verify(int devId);


void main(void)
{
#ifdef WOLFBOOT_SECURE_CALLS
int ret;
uint32_t rand;
uint32_t i;
uint32_t klen = 200;
int otherkey_slot;
unsigned int devId = 0;
WC_RNG rng;
Pkcs11Token token;
Pkcs11Dev PKCS11_d;

wcs_get_random((void*)&rand, 4);
for (i = 0; i < (rand / 100000000); i++)
;

#endif
hal_init();
uart_init(115200, 8, 'N', 1);
boot_led_on();
Expand All @@ -121,6 +136,36 @@ void main(void)
if (wolfBoot_current_firmware_version() > 1)
boot_led_on();

wolfCrypt_Init();
PKCS11_d.heap = NULL,
PKCS11_d.func = &wolfpkcs11nsFunctionList;

ret = wc_Pkcs11Token_Init(&token, &PKCS11_d, 0, NULL,
NULL, 0);
if (ret != 0) {
while(1)
;
}
if (ret == 0) {
ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb,
&token);
if (ret != 0) {
while(1)
;
}
if (ret == 0) {

#ifdef HAVE_ECC
ret = ecdsa_sign_verify(devId);
if (ret != 0)
ret = 1;
#endif
}
wc_Pkcs11Token_Final(&token);
}
while(1)
;

wolfCrypt_Cleanup();
/* Never reached */
}
8 changes: 8 additions & 0 deletions test-app/wcs/pkcs11.mk
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
vpath %.c $(dir ../src)
vpath %.c $(dir ../hal)
vpath %.c $(dir ../lib/wolfssl/wolfcrypt/src)

./wcs/%.o: ./lib/wolfssl/wolfcrypt/src/%.c
@echo "\t[CC-$(ARCH)] $@"
$(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $<

Loading

0 comments on commit 808b38a

Please sign in to comment.