forked from FreeRTOS/corePKCS11
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Hygiene: Commonize PAL logic of mapping to storage filenames (FreeRTO…
…S#123) A lot of code between posix/core_pkcs11_pal.c and windows/core_pkcs11_pal.c is duplicated which carries maintenance cost of copying the same code between files when adding features to the corePKCS11 library. Also, there is no mechanism of validating updates to the WinSim FreeRTOS PAL (as GitHub CI checks only validate POSIX builds). To avoid this inefficiency, this PR commonizes the utility logic of mapping PKCS FreeRTOS#11 Labels and Handle objects to storage filenames in new core_pkcs11_pal_utils.[hc] files. This PR also makes hygiene re-arrangement to the source/portable directory for better understandability of the relevance of files.
- Loading branch information
Showing
10 changed files
with
321 additions
and
373 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,203 @@ | ||
| /* | ||
| * corePKCS11 PAL UTILS (common for Linux and FreeRTOS WinSim platforms) | ||
| * Copyright (C) 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
| * | ||
| * Permission is hereby granted, free of charge, to any person obtaining a copy of | ||
| * this software and associated documentation files (the "Software"), to deal in | ||
| * the Software without restriction, including without limitation the rights to | ||
| * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of | ||
| * the Software, and to permit persons to whom the Software is furnished to do so, | ||
| * subject to the following conditions: | ||
| * | ||
| * The above copyright notice and this permission notice shall be included in all | ||
| * copies or substantial portions of the Software. | ||
| * | ||
| * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS | ||
| * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR | ||
| * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER | ||
| * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | ||
| * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||
| * | ||
| * http://aws.amazon.com/freertos | ||
| * http://www.FreeRTOS.org | ||
| */ | ||
|
|
||
| /** | ||
| * @file core_pkcs11_pal_utils.c | ||
| * @brief Utility functions that are common for the software based PKCS #11 | ||
| * implementation provided by corePKCS11 for both PAL layers of POSIX and | ||
| * Windows Simulator based FreeRTOS environments. | ||
| * These utils contain information of the on-flash storage files used for | ||
| * storing all PKCS #11 labels supported by the corePKCS11 library. | ||
| */ | ||
| /*-----------------------------------------------------------*/ | ||
|
|
||
| /* C standard includes. */ | ||
| #include <string.h> | ||
| #include <stdint.h> | ||
|
|
||
| /* corePKCS11 header include. */ | ||
| #include "core_pkcs11_pal_utils.h" | ||
|
|
||
| /** | ||
| * @ingroup pkcs11_macros | ||
| * @brief Macros for managing PKCS #11 objects in flash. | ||
| * | ||
| */ | ||
| #define pkcs11palFILE_NAME_CLIENT_CERTIFICATE "FreeRTOS_P11_Certificate.dat" /**< The file name of the Certificate object. */ | ||
| #define pkcs11palFILE_NAME_KEY "FreeRTOS_P11_Key.dat" /**< The file name of the Key object. */ | ||
| #define pkcs11palFILE_NAME_PUBLIC_KEY "FreeRTOS_P11_PubKey.dat" /**< The file name of the Public Key object. */ | ||
| #define pkcs11palFILE_CODE_SIGN_PUBLIC_KEY "FreeRTOS_P11_CodeSignKey.dat" /**< The file name of the Code Sign Key object. */ | ||
| #define pkcs11palFILE_HMAC_SECRET_KEY "FreeRTOS_P11_HMACKey.dat" /**< The file name of the HMAC Secret Key object. */ | ||
| #define pkcs11palFILE_CMAC_SECRET_KEY "FreeRTOS_P11_CMACKey.dat" /**< The file name of the CMAC Secret Key object. */ | ||
| #define pkcs11palFILE_NAME_CLAIM_CERTIFICATE "FreeRTOS_P11_Claim_Certificate.dat" /**< The file name of the Provisioning Claim Certificate object. */ | ||
| #define pkcs11palFILE_NAME_CLAIM_KEY "FreeRTOS_P11_Claim_Key.dat" /**< The file name of the Provisioning Claim Key object. */ | ||
|
|
||
|
|
||
| void PAL_UTILS_LabelToFilenameHandle( const char * pcLabel, | ||
| const char ** pcFileName, | ||
| CK_OBJECT_HANDLE_PTR pHandle ) | ||
| { | ||
| if( ( pcLabel != NULL ) && ( pHandle != NULL ) && ( pcFileName != NULL ) ) | ||
| { | ||
| if( 0 == strncmp( pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS, | ||
| pcLabel, | ||
| sizeof( pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS ) ) ) | ||
| { | ||
| *pcFileName = pkcs11palFILE_NAME_CLIENT_CERTIFICATE; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eAwsDeviceCertificate; | ||
| } | ||
| else if( 0 == strncmp( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS, | ||
| pcLabel, | ||
| sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) ) ) | ||
| { | ||
| *pcFileName = pkcs11palFILE_NAME_KEY; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eAwsDevicePrivateKey; | ||
| } | ||
| else if( 0 == strncmp( pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS, | ||
| pcLabel, | ||
| sizeof( pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS ) ) ) | ||
| { | ||
| *pcFileName = pkcs11palFILE_NAME_PUBLIC_KEY; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eAwsDevicePublicKey; | ||
| } | ||
| else if( 0 == strncmp( pkcs11configLABEL_CODE_VERIFICATION_KEY, | ||
| pcLabel, | ||
| sizeof( pkcs11configLABEL_CODE_VERIFICATION_KEY ) ) ) | ||
| { | ||
| *pcFileName = pkcs11palFILE_CODE_SIGN_PUBLIC_KEY; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eAwsCodeSigningKey; | ||
| } | ||
| else if( 0 == strncmp( pkcs11configLABEL_HMAC_KEY, | ||
| pcLabel, | ||
| sizeof( pkcs11configLABEL_HMAC_KEY ) ) ) | ||
| { | ||
| *pcFileName = pkcs11palFILE_HMAC_SECRET_KEY; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eAwsHMACSecretKey; | ||
| } | ||
| else if( 0 == strncmp( pkcs11configLABEL_CMAC_KEY, | ||
| pcLabel, | ||
| sizeof( pkcs11configLABEL_CMAC_KEY ) ) ) | ||
| { | ||
| *pcFileName = pkcs11palFILE_CMAC_SECRET_KEY; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eAwsCMACSecretKey; | ||
| } | ||
| else if( 0 == strncmp( pkcs11configLABEL_CLAIM_CERTIFICATE, | ||
| pcLabel, | ||
| sizeof( pkcs11configLABEL_CLAIM_CERTIFICATE ) ) ) | ||
| { | ||
| *pcFileName = pkcs11palFILE_NAME_CLAIM_CERTIFICATE; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eAwsClaimCertificate; | ||
| } | ||
| else if( 0 == strncmp( pkcs11configLABEL_CLAIM_PRIVATE_KEY, | ||
| pcLabel, | ||
| sizeof( pkcs11configLABEL_CLAIM_PRIVATE_KEY ) ) ) | ||
| { | ||
| *pcFileName = pkcs11palFILE_NAME_CLAIM_KEY; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eAwsClaimPrivateKey; | ||
| } | ||
| else | ||
| { | ||
| *pcFileName = NULL; | ||
| *pHandle = ( CK_OBJECT_HANDLE ) eInvalidHandle; | ||
| } | ||
|
|
||
| LogDebug( ( "Converted %s to %s", pcLabel, *pcFileName ) ); | ||
| } | ||
| else | ||
| { | ||
| LogError( ( "Could not convert label to filename. Received a NULL parameter." ) ); | ||
| } | ||
| } | ||
|
|
||
| CK_RV PAL_UTILS_HandleToFilename( CK_OBJECT_HANDLE xHandle, | ||
| const char ** pcFileName, | ||
| CK_BBOOL * pIsPrivate ) | ||
| { | ||
| CK_RV xReturn = CKR_OK; | ||
|
|
||
| if( pcFileName != NULL ) | ||
| { | ||
| switch( ( CK_OBJECT_HANDLE ) xHandle ) | ||
| { | ||
| case eAwsDeviceCertificate: | ||
| *pcFileName = pkcs11palFILE_NAME_CLIENT_CERTIFICATE; | ||
| /* coverity[misra_c_2012_rule_10_5_violation] */ | ||
| *pIsPrivate = ( CK_BBOOL ) CK_FALSE; | ||
| break; | ||
|
|
||
| case eAwsDevicePrivateKey: | ||
| *pcFileName = pkcs11palFILE_NAME_KEY; | ||
| /* coverity[misra_c_2012_rule_10_5_violation] */ | ||
| *pIsPrivate = ( CK_BBOOL ) CK_TRUE; | ||
| break; | ||
|
|
||
| case eAwsDevicePublicKey: | ||
| *pcFileName = pkcs11palFILE_NAME_PUBLIC_KEY; | ||
| /* coverity[misra_c_2012_rule_10_5_violation] */ | ||
| *pIsPrivate = ( CK_BBOOL ) CK_FALSE; | ||
| break; | ||
|
|
||
| case eAwsCodeSigningKey: | ||
| *pcFileName = pkcs11palFILE_CODE_SIGN_PUBLIC_KEY; | ||
| /* coverity[misra_c_2012_rule_10_5_violation] */ | ||
| *pIsPrivate = ( CK_BBOOL ) CK_FALSE; | ||
| break; | ||
|
|
||
| case eAwsHMACSecretKey: | ||
| *pcFileName = pkcs11palFILE_HMAC_SECRET_KEY; | ||
| /* coverity[misra_c_2012_rule_10_5_violation] */ | ||
| *pIsPrivate = ( CK_BBOOL ) CK_TRUE; | ||
| break; | ||
|
|
||
| case eAwsCMACSecretKey: | ||
| *pcFileName = pkcs11palFILE_CMAC_SECRET_KEY; | ||
| /* coverity[misra_c_2012_rule_10_5_violation] */ | ||
| *pIsPrivate = ( CK_BBOOL ) CK_TRUE; | ||
| break; | ||
|
|
||
| case eAwsClaimCertificate: | ||
| *pcFileName = pkcs11palFILE_NAME_CLAIM_CERTIFICATE; | ||
| /* coverity[misra_c_2012_rule_10_5_violation] */ | ||
| *pIsPrivate = ( CK_BBOOL ) CK_FALSE; | ||
| break; | ||
|
|
||
| case eAwsClaimPrivateKey: | ||
| *pcFileName = pkcs11palFILE_NAME_CLAIM_KEY; | ||
| /* coverity[misra_c_2012_rule_10_5_violation] */ | ||
| *pIsPrivate = ( CK_BBOOL ) CK_TRUE; | ||
| break; | ||
|
|
||
| default: | ||
| xReturn = CKR_KEY_HANDLE_INVALID; | ||
| break; | ||
| } | ||
| } | ||
| else | ||
| { | ||
| LogError( ( "Could not convert label to filename. Received a NULL parameter." ) ); | ||
| } | ||
|
|
||
| return xReturn; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| /* | ||
| * corePKCS11 PAL for Linux V2.0.0 | ||
| * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
| * | ||
| * Permission is hereby granted, free of charge, to any person obtaining a copy of | ||
| * this software and associated documentation files (the "Software"), to deal in | ||
| * the Software without restriction, including without limitation the rights to | ||
| * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of | ||
| * the Software, and to permit persons to whom the Software is furnished to do so, | ||
| * subject to the following conditions: | ||
| * | ||
| * The above copyright notice and this permission notice shall be included in all | ||
| * copies or substantial portions of the Software. | ||
| * | ||
| * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS | ||
| * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR | ||
| * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER | ||
| * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | ||
| * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||
| * | ||
| * http://aws.amazon.com/freertos | ||
| * http://www.FreeRTOS.org | ||
| */ | ||
|
|
||
| /** | ||
| * @file core_pkcs11_pal_utils.h | ||
| * @brief Utility functions that are common for the software based PKCS #11 | ||
| * implementation provided by corePKCS11 for both PAL layers of POSIX and | ||
| * Windows Simulator based FreeRTOS environments. | ||
| * These utils contain information of the on-flash storage files used for | ||
| * storing all PKCS #11 labels supported by the corePKCS11 library. | ||
| */ | ||
| /*-----------------------------------------------------------*/ | ||
|
|
||
| /* PKCS 11 includes. */ | ||
| #include "core_pkcs11_config.h" | ||
| #include "core_pkcs11_config_defaults.h" | ||
| #include "core_pkcs11.h" | ||
|
|
||
| /** | ||
| * @ingroup pkcs11_enums | ||
| * @brief Enums for managing PKCS #11 object types. | ||
| * | ||
| */ | ||
| enum eObjectHandles | ||
| { | ||
| eInvalidHandle = 0, /**< According to PKCS #11 spec, 0 is never a valid object handle. */ | ||
| eAwsDevicePrivateKey = 1, /**< Private Key. */ | ||
| eAwsDevicePublicKey, /**< Public Key. */ | ||
| eAwsDeviceCertificate, /**< Certificate. */ | ||
| eAwsCodeSigningKey, /**< Code Signing Key. */ | ||
| eAwsHMACSecretKey, /**< HMAC Secret Key. */ | ||
| eAwsCMACSecretKey, /**< CMAC Secret Key. */ | ||
| eAwsClaimPrivateKey, /**< Provisioning Claim Private Key. */ | ||
| eAwsClaimCertificate /**< Provisioning Claim Certificate. */ | ||
| }; | ||
|
|
||
|
|
||
| /** | ||
| * @brief Checks to see if a file exists | ||
| * | ||
| * @param[in] pcLabel The PKCS #11 label to convert to a file name | ||
| * @param[out] pcFileName The name of the file to check for existence. | ||
| * @param[out] pHandle The type of the PKCS #11 object. | ||
| * | ||
| */ | ||
| void PAL_UTILS_LabelToFilenameHandle( const char * pcLabel, | ||
| const char ** pcFileName, | ||
| CK_OBJECT_HANDLE_PTR pHandle ); | ||
|
|
||
| /** | ||
| * @brief Maps object handle to file name. | ||
| * | ||
| * @param[in] pcLabel The PKCS #11 label to convert to a file name | ||
| * @param[out] pcFileName This will be populated with the file name that the | ||
| * @p pcLabel maps to. | ||
| * @param[out] pIsPrivateKey This will be set to true if the object handle | ||
| * represents a secret credential like asymmetric private key or a symmetric | ||
| * key. | ||
| */ | ||
| CK_RV PAL_UTILS_HandleToFilename( CK_OBJECT_HANDLE xHandle, | ||
| const char ** pcFileName, | ||
| CK_BBOOL * pIsPrivateKey ); |
Oops, something went wrong.