FreeRTOS: PKCS11
PKCS11 Cryptoki Library
Return to main page ↑
iot_pkcs11.h
Go to the documentation of this file.
1 /*
2  * FreeRTOS PKCS #11 V1.1.0
3  * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4  *
5  * Permission is hereby granted, free of charge, to any person obtaining a copy of
6  * this software and associated documentation files (the "Software"), to deal in
7  * the Software without restriction, including without limitation the rights to
8  * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
9  * the Software, and to permit persons to whom the Software is furnished to do so,
10  * subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be included in all
13  * copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17  * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18  * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19  * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21  *
22  * http://aws.amazon.com/freertos
23  * http://www.FreeRTOS.org
24  */
25 
26 #ifndef _IOT_PKCS11_H_
27 #define _IOT_PKCS11_H_
28 
29 #include <stdint.h>
30 
31 #ifdef _WIN32
32  #pragma pack(push, cryptoki, 1)
33 #endif
34 
46 #define CK_PTR *
47 
48 #ifndef NULL_PTR
49 
53  #define NULL_PTR 0
54 #endif
55 
60 #define CK_DEFINE_FUNCTION( returnType, name ) returnType name
61 
66 #define CK_DECLARE_FUNCTION( returnType, name ) returnType name
67 
72 #define CK_DECLARE_FUNCTION_POINTER( returnType, name ) returnType( CK_PTR name )
73 
78 #define CK_CALLBACK_FUNCTION( returnType, name ) returnType( CK_PTR name )
79 
83 #define pkcs11SHA256_DIGEST_LENGTH 32UL
84 
90 #define pkcs11ECDSA_P256_SIGNATURE_LENGTH 64UL
91 
95 #define pkcs11ECDSA_P256_KEY_BITS 256UL
96 
100 #define pkcs11RSA_PUBLIC_EXPONENT { 0x01, 0x00, 0x01 }
101 
106 #define pkcs11RSA_2048_MODULUS_BITS 2048UL
107 
111 #define pkcs11RSA_2048_SIGNATURE_LENGTH ( pkcs11RSA_2048_MODULUS_BITS / 8UL )
112 
119 #define pkcs11RSA_SIGNATURE_INPUT_LENGTH 51UL
120 
125 #define pkcs11ELLIPTIC_CURVE_NISTP256 "1.2.840.10045.3.1.7"
126 
130 #define pkcs11MAX_LABEL_LENGTH 32UL /* 31 characters + 1 null terminator. */
131 
135 #define pkcs11DER_ENCODED_OID_P256 { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }
136 
137 
143 #ifndef pkcs11configIMPORT_PRIVATE_KEYS_SUPPORTED
144  #define pkcs11configIMPORT_PRIVATE_KEYS_SUPPORTED 1
145 #endif
146 
166 #define pkcs11STUFF_APPENDED_TO_RSA_SIG { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }
167 
168 /* Bring in the public header. */
169 
170 /* Undefine the macro for Keil Compiler to avoid conflict */
171 #if defined( __PASTE ) && defined( __CC_ARM )
172  /* ARM RCVT stdint.h has a duplicate definition with PKCS #11. */
173  #undef __PASTE
174 #endif
175 
176 #include "pkcs11.h"
177 
181 typedef struct PKCS11_CertificateTemplate
182 {
183  CK_ATTRIBUTE xObjectClass;
184  CK_ATTRIBUTE xSubject;
185  CK_ATTRIBUTE xCertificateType;
186  CK_ATTRIBUTE xValue;
187  CK_ATTRIBUTE xLabel;
188  CK_ATTRIBUTE xTokenObject;
189 } PKCS11_CertificateTemplate_t;
190 
191 /*------------------------ PKCS #11 wrapper functions -------------------------*/
192 
238 /* @[declare_pkcs11_iot_xinitializepkcs11] */
239 CK_RV xInitializePKCS11( void );
240 /* @[declare_pkcs11_iot_xinitializepkcs11] */
241 
256 /* @[declare_pkcs11_iot_xgetslotlist] */
257 CK_RV xGetSlotList( CK_SLOT_ID ** ppxSlotId,
258  CK_ULONG * pxSlotCount );
259 /* @[declare_pkcs11_iot_xgetslotlist] */
260 
270 /* @[declare_pkcs11_iot_xinitializepkcs11session] */
271 CK_RV xInitializePkcs11Session( CK_SESSION_HANDLE * pxSession );
272 /* @[declare_pkcs11_iot_xinitializepkcs11session] */
273 
280 /* @[declare_pkcs11_iot_xinitializepkcs11token] */
281 CK_RV xInitializePkcs11Token( void );
282 /* @[declare_pkcs11_iot_xinitializepkcs11token] */
283 
300 /* @[declare_pkcs11_iot_xfindobjectwithlabelandclass] */
301 CK_RV xFindObjectWithLabelAndClass( CK_SESSION_HANDLE xSession,
302  char * pcLabelName,
303  CK_OBJECT_CLASS xClass,
304  CK_OBJECT_HANDLE_PTR pxHandle );
305 /* @[declare_pkcs11_iot_xfindobjectwithlabelandclass] */
306 
326 /* @[declare_pkcs11_iot_vappendsha256algorithmidentifiersequence] */
327 CK_RV vAppendSHA256AlgorithmIdentifierSequence( const uint8_t * puc32ByteHashedMessage,
328  uint8_t * puc51ByteHashOidBuffer );
329 /* @[declare_pkcs11_iot_vappendsha256algorithmidentifiersequence] */
330 
331 #ifdef _WIN32
332  #pragma pack(pop, cryptoki)
333 #endif
334 
335 #endif /* ifndef _IOT_PKCS11_H_ */
PKCS11_CertificateTemplate_t::xObjectClass
CK_ATTRIBUTE xObjectClass
CKA_CLASS, set to CKO_CERTIFICATE.
Definition: iot_pkcs11.h:183
PKCS11_CertificateTemplate_t
Certificate Template The object class must be the first attribute in the array.
Definition: iot_pkcs11.h:182
CK_ATTRIBUTE
Definition: pkcs11t.h:565
xInitializePkcs11Token
CK_RV xInitializePkcs11Token(void)
Initializes a PKCS #11 module and token.
PKCS11_CertificateTemplate_t::xTokenObject
CK_ATTRIBUTE xTokenObject
CKA_TOKEN.
Definition: iot_pkcs11.h:188
PKCS11_CertificateTemplate_t::xLabel
CK_ATTRIBUTE xLabel
CKA_LABEL.
Definition: iot_pkcs11.h:187
vAppendSHA256AlgorithmIdentifierSequence
CK_RV vAppendSHA256AlgorithmIdentifierSequence(const uint8_t *puc32ByteHashedMessage, uint8_t *puc51ByteHashOidBuffer)
Appends digest algorithm sequence to SHA-256 hash for RSA signatures.
xInitializePKCS11
CK_RV xInitializePKCS11(void)
Initializes a PKCS #11 session.
xGetSlotList
CK_RV xGetSlotList(CK_SLOT_ID **ppxSlotId, CK_ULONG *pxSlotCount)
Get a list of available PKCS #11 slots.
PKCS11_CertificateTemplate_t::xCertificateType
CK_ATTRIBUTE xCertificateType
CKA_CERTIFICATE_TYPE, set to CKC_X_509.
Definition: iot_pkcs11.h:185
xInitializePkcs11Session
CK_RV xInitializePkcs11Session(CK_SESSION_HANDLE *pxSession)
Initializes the PKCS #11 module and opens a session.
PKCS11_CertificateTemplate_t::xValue
CK_ATTRIBUTE xValue
CKA_VALUE, the DER byte array of the certificate contents.
Definition: iot_pkcs11.h:186
PKCS11_CertificateTemplate_t::xSubject
CK_ATTRIBUTE xSubject
CKA_SUBJECT, this parameter is required by the PKCS #11 standard.
Definition: iot_pkcs11.h:184
xFindObjectWithLabelAndClass
CK_RV xFindObjectWithLabelAndClass(CK_SESSION_HANDLE xSession, char *pcLabelName, CK_OBJECT_CLASS xClass, CK_OBJECT_HANDLE_PTR pxHandle)
Searches for an object with a matching label and class provided.