Skip to content

Commit ed30818

Browse files
LinuxJediLinuxJedi
committed
Fix object copy for TPM
1 parent 81c6d25 commit ed30818

1 file changed

Lines changed: 182 additions & 120 deletions

File tree

src/internal.c

Lines changed: 182 additions & 120 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,8 @@
100100
/* Length of seed from global random to seed local random. */
101101
#define RNG_SEED_SZ 32
102102

103+
104+
103105
/* Maximum size of storage for generated/derived DH key. */
104106
#ifdef WOLFPKCS11_NSS
105107
#define WP11_MAX_DH_KEY_SZ (8192/8)
@@ -2229,6 +2231,12 @@ int WP11_Object_Copy(WP11_Object *src, WP11_Object *dest)
22292231
OBJ_COPY_DATA(src, dest, keyData);
22302232
XMEMCPY(dest->iv, src->iv, sizeof(dest->iv));
22312233
dest->encoded = src->encoded;
2234+
#endif
2235+
#ifdef WOLFPKCS11_TPM
2236+
/* For TPM keys, copy keyData */
2237+
if (src->opFlag & WP11_FLAG_TPM) {
2238+
OBJ_COPY_DATA(src, dest, keyData);
2239+
}
22322240
#endif
22332241
dest->objClass = src->objClass;
22342242
dest->keyGenMech = src->keyGenMech;
@@ -2252,162 +2260,216 @@ int WP11_Object_Copy(WP11_Object *src, WP11_Object *dest)
22522260
}
22532261
#endif
22542262
else {
2255-
switch (src->type) {
2256-
#ifndef NO_RSA
2257-
case CKK_RSA: {
2258-
byte* derBuf = NULL;
2259-
int derSz = 0;
2260-
2261-
/* Initialize destination RSA key */
2262-
ret = wc_InitRsaKey_ex(&dest->data.rsaKey, NULL,
2263-
dest->slot->devId);
2264-
if (ret != 0)
2265-
break;
2263+
#ifdef WOLFPKCS11_TPM
2264+
/* Handle TPM keys - copy tpmKey structure directly */
2265+
if (src->opFlag & WP11_FLAG_TPM) {
2266+
/* Copy the TPM key blob structure directly */
2267+
XMEMCPY(&dest->tpmKey, &src->tpmKey, sizeof(WOLFTPM2_KEYBLOB));
22662268

2267-
/* Determine if this is a private or public key and get DER
2268-
* size */
2269-
if (src->objClass == CKO_PRIVATE_KEY) {
2270-
ret = wc_RsaKeyToDer(&src->data.rsaKey, NULL, 0);
2271-
}
2272-
else {
2273-
ret = wc_RsaKeyToPublicDer(&src->data.rsaKey, NULL, 0);
2274-
}
2269+
/* Initialize TPM handle to NULL for the destination */
2270+
dest->tpmKey.handle.hndl = TPM_RH_NULL;
22752271

2276-
if (ret == 0) /* Should not happen */
2277-
ret = BUFFER_E;
2278-
if (ret > 0) {
2279-
derSz = ret;
2272+
/* Initialize the wolf key structures based on key type */
2273+
switch (src->type) {
2274+
#ifndef NO_RSA
2275+
case CKK_RSA:
2276+
ret = wc_InitRsaKey_ex(&dest->data.rsaKey, NULL,
2277+
dest->slot->devId);
2278+
break;
2279+
#endif
2280+
#ifdef HAVE_ECC
2281+
case CKK_EC:
2282+
ret = wc_ecc_init_ex(&dest->data.ecKey, NULL,
2283+
dest->slot->devId);
2284+
break;
2285+
#endif
2286+
default:
22802287
ret = 0;
2288+
break;
2289+
}
2290+
/* Populate wolf key structures from copied tpmKey */
2291+
if (ret == 0) {
2292+
switch (src->type) {
2293+
#ifndef NO_RSA
2294+
case CKK_RSA:
2295+
/* Load public portion into wolf RsaKey structure */
2296+
ret = wolfTPM2_RsaKey_TpmToWolf(&dest->slot->tpmDev,
2297+
(WOLFTPM2_KEY*)&dest->tpmKey, &dest->data.rsaKey);
2298+
break;
2299+
#endif
2300+
#ifdef HAVE_ECC
2301+
case CKK_EC:
2302+
/* Load public portion into wolf EccKey structure */
2303+
ret = wolfTPM2_EccKey_TpmToWolf(&dest->slot->tpmDev,
2304+
(WOLFTPM2_KEY*)&dest->tpmKey, &dest->data.ecKey);
2305+
break;
2306+
#endif
2307+
default:
2308+
/* For other key types, no decode needed */
2309+
break;
22812310
}
2282-
if (ret == 0) {
2283-
derBuf = (byte*)XMALLOC(derSz, NULL,
2284-
DYNAMIC_TYPE_TMP_BUFFER);
2285-
if (derBuf == NULL)
2286-
ret = MEMORY_E;
2287-
}
2288-
if (ret == 0) {
2289-
/* Encode the source key to DER */
2311+
}
2312+
}
2313+
else
2314+
#endif
2315+
{
2316+
switch (src->type) {
2317+
#ifndef NO_RSA
2318+
case CKK_RSA: {
2319+
byte* derBuf = NULL;
2320+
int derSz = 0;
2321+
2322+
/* Initialize destination RSA key */
2323+
ret = wc_InitRsaKey_ex(&dest->data.rsaKey, NULL,
2324+
dest->slot->devId);
2325+
if (ret != 0)
2326+
break;
2327+
2328+
/* Determine if this is a private or public key and get DER
2329+
* size */
22902330
if (src->objClass == CKO_PRIVATE_KEY) {
2291-
ret = wc_RsaKeyToDer(&src->data.rsaKey, derBuf, derSz);
2331+
ret = wc_RsaKeyToDer(&src->data.rsaKey, NULL, 0);
22922332
}
22932333
else {
2294-
ret = wc_RsaKeyToPublicDer(&src->data.rsaKey, derBuf,
2295-
derSz);
2334+
ret = wc_RsaKeyToPublicDer(&src->data.rsaKey, NULL, 0);
22962335
}
2336+
22972337
if (ret == 0) /* Should not happen */
22982338
ret = BUFFER_E;
2299-
if (ret > 0)
2339+
if (ret > 0) {
2340+
derSz = ret;
23002341
ret = 0;
2301-
}
2302-
if (ret == 0) {
2303-
/* Decode the DER data into the destination key */
2304-
word32 idx = 0;
2305-
if (src->objClass == CKO_PRIVATE_KEY) {
2306-
ret = wc_RsaPrivateKeyDecode(derBuf, &idx,
2307-
&dest->data.rsaKey,
2308-
(word32)derSz);
23092342
}
2310-
else {
2311-
ret = wc_RsaPublicKeyDecode(derBuf, &idx,
2312-
&dest->data.rsaKey,
2313-
(word32)derSz);
2343+
if (ret == 0) {
2344+
derBuf = (byte*)XMALLOC(derSz, NULL,
2345+
DYNAMIC_TYPE_TMP_BUFFER);
2346+
if (derBuf == NULL)
2347+
ret = MEMORY_E;
2348+
}
2349+
if (ret == 0) {
2350+
/* Encode the source key to DER */
2351+
if (src->objClass == CKO_PRIVATE_KEY) {
2352+
ret = wc_RsaKeyToDer(&src->data.rsaKey, derBuf, derSz);
2353+
}
2354+
else {
2355+
ret = wc_RsaKeyToPublicDer(&src->data.rsaKey, derBuf,
2356+
derSz);
2357+
}
2358+
if (ret == 0) /* Should not happen */
2359+
ret = BUFFER_E;
2360+
if (ret > 0)
2361+
ret = 0;
2362+
}
2363+
if (ret == 0) {
2364+
/* Decode the DER data into the destination key */
2365+
word32 idx = 0;
2366+
if (src->objClass == CKO_PRIVATE_KEY) {
2367+
ret = wc_RsaPrivateKeyDecode(derBuf, &idx,
2368+
&dest->data.rsaKey,
2369+
(word32)derSz);
2370+
}
2371+
else {
2372+
ret = wc_RsaPublicKeyDecode(derBuf, &idx,
2373+
&dest->data.rsaKey,
2374+
(word32)derSz);
2375+
}
23142376
}
2315-
}
23162377

2317-
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2318-
break;
2319-
}
2378+
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2379+
break;
2380+
}
23202381
#endif
23212382
#ifdef HAVE_ECC
2322-
case CKK_EC: {
2323-
byte* derBuf = NULL;
2324-
int derSz = 0;
2383+
case CKK_EC: {
2384+
byte* derBuf = NULL;
2385+
int derSz = 0;
2386+
2387+
/* Initialize destination ECC key */
2388+
ret = wc_ecc_init_ex(&dest->data.ecKey, NULL,
2389+
dest->slot->devId);
2390+
if (ret != 0)
2391+
break;
23252392

2326-
/* Initialize destination ECC key */
2327-
ret = wc_ecc_init_ex(&dest->data.ecKey, NULL,
2328-
dest->slot->devId);
2329-
if (ret != 0)
2330-
break;
2393+
/* Determine if this is a private or public key and get DER
2394+
* size */
2395+
if (src->objClass == CKO_PRIVATE_KEY)
2396+
derSz = wc_EccKeyDerSize(&src->data.ecKey, 0);
2397+
else
2398+
derSz = wc_EccPublicKeyDerSize(&src->data.ecKey, 1);
23312399

2332-
/* Determine if this is a private or public key and get DER
2333-
* size */
2334-
if (src->objClass == CKO_PRIVATE_KEY)
2335-
derSz = wc_EccKeyDerSize(&src->data.ecKey, 0);
2336-
else
2337-
derSz = wc_EccPublicKeyDerSize(&src->data.ecKey, 1);
2400+
if (derSz < 0)
2401+
ret = derSz;
23382402

2339-
if (derSz < 0)
2340-
ret = derSz;
2403+
/* Allocate buffer with retry logic */
2404+
if (ret == 0) {
2405+
derBuf = (byte*)XMALLOC(derSz, NULL,
2406+
DYNAMIC_TYPE_TMP_BUFFER);
2407+
if (derBuf == NULL)
2408+
ret = MEMORY_E;
2409+
}
23412410

2342-
/* Allocate buffer with retry logic */
2343-
if (ret == 0) {
2344-
derBuf = (byte*)XMALLOC(derSz, NULL,
2345-
DYNAMIC_TYPE_TMP_BUFFER);
2346-
if (derBuf == NULL)
2347-
ret = MEMORY_E;
2348-
}
2411+
if (ret == 0) {
2412+
/* Encode the source key to DER with retry logic */
2413+
if (src->objClass == CKO_PRIVATE_KEY) {
2414+
ret = wc_EccPrivateKeyToDer(&src->data.ecKey,
2415+
derBuf, derSz);
2416+
}
2417+
else {
2418+
ret = wc_EccPublicKeyToDer(&src->data.ecKey, derBuf,
2419+
derSz, 1);
2420+
}
23492421

2350-
if (ret == 0) {
2351-
/* Encode the source key to DER with retry logic */
2352-
if (src->objClass == CKO_PRIVATE_KEY) {
2353-
ret = wc_EccPrivateKeyToDer(&src->data.ecKey, derBuf,
2354-
derSz);
2355-
}
2356-
else {
2357-
ret = wc_EccPublicKeyToDer(&src->data.ecKey, derBuf,
2358-
derSz, 1);
2422+
/* Normalize positive return to success */
2423+
if (ret > 0) {
2424+
derSz = ret; /* Update actual size used */
2425+
ret = 0;
2426+
}
23592427
}
23602428

2361-
/* Normalize positive return to success */
2362-
if (ret > 0) {
2363-
derSz = ret; /* Update actual size used */
2364-
ret = 0;
2429+
if (ret == 0) {
2430+
/* Decode the DER data into the destination key */
2431+
word32 idx = 0;
2432+
if (src->objClass == CKO_PRIVATE_KEY) {
2433+
ret = wc_EccPrivateKeyDecode(derBuf, &idx,
2434+
&dest->data.ecKey,
2435+
(word32)derSz);
2436+
}
2437+
else {
2438+
ret = wc_EccPublicKeyDecode(derBuf, &idx,
2439+
&dest->data.ecKey,
2440+
(word32)derSz);
2441+
}
23652442
}
2366-
}
23672443

2368-
if (ret == 0) {
2369-
/* Decode the DER data into the destination key */
2370-
word32 idx = 0;
2371-
if (src->objClass == CKO_PRIVATE_KEY) {
2372-
ret = wc_EccPrivateKeyDecode(derBuf, &idx,
2373-
&dest->data.ecKey,
2374-
(word32)derSz);
2375-
}
2376-
else {
2377-
ret = wc_EccPublicKeyDecode(derBuf, &idx,
2378-
&dest->data.ecKey,
2379-
(word32)derSz);
2444+
/* Clean up */
2445+
if (derBuf != NULL) {
2446+
XMEMSET(derBuf, 0, derSz); /* Clear sensitive data */
2447+
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
23802448
}
2381-
}
23822449

2383-
/* Clean up */
2384-
if (derBuf != NULL) {
2385-
XMEMSET(derBuf, 0, derSz); /* Clear sensitive data */
2386-
XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2387-
}
2450+
/* Free destination key on failure */
2451+
if (ret != 0) {
2452+
wc_ecc_free(&dest->data.ecKey);
2453+
}
23882454

2389-
/* Free destination key on failure */
2390-
if (ret != 0) {
2391-
wc_ecc_free(&dest->data.ecKey);
2455+
break;
23922456
}
2393-
2394-
break;
2395-
}
23962457
#endif
23972458
#ifndef NO_DH
2398-
case CKK_DH:
2399-
return BAD_FUNC_ARG;
2459+
case CKK_DH:
2460+
return BAD_FUNC_ARG;
24002461
#endif
24012462
#ifndef NO_AES
2402-
case CKK_AES:
2463+
case CKK_AES:
24032464
#endif
24042465
#ifdef WOLFPKCS11_HKDF
2405-
case CKK_HKDF:
2466+
case CKK_HKDF:
24062467
#endif
2407-
case CKK_GENERIC_SECRET:
2408-
XMEMCPY(&dest->data.symmKey, &src->data.symmKey,
2409-
sizeof(dest->data.symmKey));
2410-
break;
2468+
case CKK_GENERIC_SECRET:
2469+
XMEMCPY(&dest->data.symmKey, &src->data.symmKey,
2470+
sizeof(dest->data.symmKey));
2471+
break;
2472+
}
24112473
}
24122474
}
24132475

0 commit comments

Comments
 (0)