corePKCS11 v3.5.0
PKCS #11 Cryptoki Library
Design

Dependencies of the corePKCS11 Wrapper for the PKCS #11 standard

Currently, the corePKCS11 library provides a wrapper header around the PKCS #11 standard. It has dependencies on:

  • stdint.h from the C standard library
  • PKCS #11 standard.

Note: "core_pkcs11.h" should always be included first as it defines the macros that are needed by the standard PKCS #11 header files.

dot_inline_dotgraph_1.png
PKCS #11 wrapper direct dependencies

corePKCS11 Software Implementation Dependencies

The corePKCS11 library provides one implementation of the PKCS #11 standard, and it can easily be swapped out for other implementations. The corePKCS11 library documented here is a software based implementation of the PKCS #11 standard, to allow for writing libraries and code that can easily interface with Hardware Security Modules (HSM).

Currently, the software based corePKCS11 library has the following dependencies:

  • The API defined by the PKCS #11 specification. The headers used can be found here.
  • The PKCS #11 PAL layer. This is used for writing PKCS #11 objects to flash.
  • Mbed TLS. This library uses Mbed TLS for the cryptographic logic. Some examples include parsing key and certificate objects, signing operations, and creating digests.
  • The standard C library string.h, for memory manipulation.
dot_inline_dotgraph_2.png
PKCS #11 implementation direct dependencies

corePKCS11 Utilities Dependencies

The PKI utils module is a forked version of the PKI utilities provided by Mbed TLS. They provide helper utilities to convert the format of ECDSA P-256 signatures. The conversions provided are:

  • DER format to PKCS #11 format.
  • PKCS #11 format to ASN.1 format.

Currently, the module has a dependency only on the C standard library.

dot_inline_dotgraph_3.png
PKCS #11 Utilities Dependencies