mbedtls-pkcs11: Separate mbedtls rng pkcs11 callback into separate file

FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj

@@ -164,6 +164,7 @@
     <ClCompile Include="..\..\..\..\Source\Application-Protocols\coreMQTT\source\core_mqtt_state.c" />
     <ClCompile Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_bio_tcp_sockets_wrapper.c" />
     <ClCompile Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_pk_pkcs11.c" />
+    <ClCompile Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_rng_pkcs11.c" />
     <ClCompile Include="..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\ports\freertos_plus_tcp\tcp_sockets_wrapper.c" />
     <ClCompile Include="..\..\..\..\Source\Application-Protocols\network_transport\transport_mbedtls_pkcs11.c" />
     <ClCompile Include="..\..\..\..\Source\AWS\fleet-provisioning\source\fleet_provisioning.c" />
@@ -189,7 +190,7 @@
     <ClInclude Include="..\..\..\..\Source\Application-Protocols\coreMQTT\source\include\core_mqtt_state.h" />
     <ClInclude Include="..\..\..\..\Source\Application-Protocols\coreMQTT\source\interface\transport_interface.h" />
     <ClInclude Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_bio_tcp_sockets_wrapper.h" />
-    <ClInclude Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_pk_pkcs11.h" />
+    <ClInclude Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_pkcs11.h" />
     <ClInclude Include="..\..\..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include\tcp_sockets_wrapper.h" />
     <ClInclude Include="..\..\..\..\Source\Application-Protocols\network_transport\transport_mbedtls_pkcs11.h" />
     <ClInclude Include="..\..\..\..\Source\AWS\fleet-provisioning\source\include\fleet_provisioning.h" />

FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/fleet_provisioning_demo.vcxproj.filters

@@ -108,6 +108,9 @@
     <ClCompile Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_pk_pkcs11.c">
       <Filter>Additional Network Transport Files\TCP Sockets Wrapper + PKCS11 + MbedTLS Transport</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_rng_pkcs11.c">
+      <Filter>Additional Network Transport Files\TCP Sockets Wrapper + PKCS11 + MbedTLS Transport</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\Source\Application-Protocols\network_transport\transport_mbedtls_pkcs11.c">
       <Filter>Additional Network Transport Files\TCP Sockets Wrapper + PKCS11 + MbedTLS Transport</Filter>
     </ClCompile>
@@ -176,7 +179,7 @@
     <ClInclude Include="..\..\Mqtt_Demo_Helpers\mqtt_pkcs11_demo_helpers.h">
       <Filter>Headers</Filter>
     </ClInclude>
-    <ClInclude Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_pk_pkcs11.h">
+    <ClInclude Include="..\..\..\..\Source\Application-Protocols\network_transport\mbedtls_pkcs11.h">
       <Filter>Additional Network Transport Files\TCP Sockets Wrapper + PKCS11 + MbedTLS Transport\include</Filter>
     </ClInclude>
     <ClInclude Include="..\..\..\..\Source\Application-Protocols\network_transport\transport_mbedtls_pkcs11.h">

FreeRTOS-Plus/Demo/AWS/Fleet_Provisioning_Windows_Simulator/Fleet_Provisioning_With_CSR_Demo/pkcs11_operations.c

@@ -44,7 +44,7 @@
 #include "core_pkcs11_config.h"
 #include "core_pki_utils.h"
 #include "mbedtls_utils.h"
-#include "mbedtls_pk_pkcs11.h"
+#include "mbedtls_pkcs11.h"
 
 /* MbedTLS include. */
 #include "mbedtls/error.h"
@@ -257,7 +257,7 @@ bool xGenerateKeyAndCsr( CK_SESSION_HANDLE xP11Session,
             mbedtls_x509write_csr_set_key( &xReq, &xPrivKey );
 
             ulMbedtlsRet = mbedtls_x509write_csr_pem( &xReq, ( unsigned char * ) pcCsrBuffer,
-                                                      xCsrBufferLength, &lPKCS11RandomCallback,
+                                                      xCsrBufferLength, &lMbedCryptoRngCallbackPKCS11,
                                                       &xP11Session );
         }
 

FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj

@@ -159,6 +159,7 @@
     <ClCompile Include="..\..\Source\Application-Protocols\coreMQTT\source\core_mqtt_state.c" />
     <ClCompile Include="..\..\Source\Application-Protocols\network_transport\mbedtls_bio_tcp_sockets_wrapper.c" />
     <ClCompile Include="..\..\Source\Application-Protocols\network_transport\mbedtls_pk_pkcs11.c" />
+    <ClCompile Include="..\..\Source\Application-Protocols\network_transport\mbedtls_rng_pkcs11.c" />
     <ClCompile Include="..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\ports\freertos_plus_tcp\tcp_sockets_wrapper.c" />
     <ClCompile Include="..\..\Source\Application-Protocols\network_transport\transport_mbedtls_pkcs11.c" />
     <ClCompile Include="..\..\Source\Utilities\backoff_algorithm\source\backoff_algorithm.c" />
@@ -172,7 +173,7 @@
     <ClInclude Include="..\..\Source\Application-Protocols\coreMQTT\source\include\core_mqtt_state.h" />
     <ClInclude Include="..\..\Source\Application-Protocols\coreMQTT\source\interface\transport_interface.h" />
     <ClInclude Include="..\..\Source\Application-Protocols\network_transport\mbedtls_bio_tcp_sockets_wrapper.h" />
-    <ClInclude Include="..\..\Source\Application-Protocols\network_transport\mbedtls_pk_pkcs11.h" />
+    <ClInclude Include="..\..\Source\Application-Protocols\network_transport\mbedtls_pkcs11.h" />
     <ClInclude Include="..\..\Source\Application-Protocols\network_transport\tcp_sockets_wrapper\include\tcp_sockets_wrapper.h" />
     <ClInclude Include="..\..\Source\Application-Protocols\network_transport\transport_mbedtls_pkcs11.h" />
     <ClInclude Include="..\..\Source\Utilities\backoff_algorithm\source\include\backoff_algorithm.h" />

FreeRTOS-Plus/Demo/corePKCS11_MQTT_Mutual_Auth_Windows_Simulator/corePKCS11_MQTT_Mutual_Auth.vcxproj.filters

@@ -98,7 +98,7 @@
     <ClInclude Include="..\..\Source\Application-Protocols\network_transport\mbedtls_bio_tcp_sockets_wrapper.h">
       <Filter>Additional Network Transport Files\TCP Sockets Wrapper + MbedTLS Transport\include</Filter>
     </ClInclude>
-    <ClInclude Include="..\..\Source\Application-Protocols\network_transport\mbedtls_pk_pkcs11.h">
+    <ClInclude Include="..\..\Source\Application-Protocols\network_transport\mbedtls_pkcs11.h">
       <Filter>Additional Network Transport Files\TCP Sockets Wrapper + MbedTLS Transport\include</Filter>
     </ClInclude>
     <ClInclude Include="..\..\Source\Application-Protocols\network_transport\transport_mbedtls_pkcs11.h">

FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pk_pkcs11.c

@@ -387,44 +387,6 @@ CK_RV xPKCS11_initMbedtlsPkContext( mbedtls_pk_context * pxMbedtlsPkCtx,
 
 /*-----------------------------------------------------------*/
 
-int lPKCS11RandomCallback( void * pvCtx,
-                           unsigned char * pucOutput,
-                           size_t uxLen )
-{
-    int lRslt;
-    CK_FUNCTION_LIST_PTR pxFunctionList = NULL;
-    CK_SESSION_HANDLE * pxSessionHandle = ( CK_SESSION_HANDLE * ) pvCtx;
-
-    if( pucOutput == NULL )
-    {
-        lRslt = -1;
-    }
-    else if( pvCtx == NULL )
-    {
-        lRslt = -1;
-        LogError( ( "pvCtx must not be NULL." ) );
-    }
-    else
-    {
-        lRslt = ( int ) C_GetFunctionList( &pxFunctionList );
-    }
-
-    if( ( lRslt != CKR_OK ) ||
-        ( pxFunctionList == NULL ) ||
-        ( pxFunctionList->C_GenerateRandom == NULL ) )
-    {
-        lRslt = -1;
-    }
-    else
-    {
-        lRslt = ( int ) pxFunctionList->C_GenerateRandom( *pxSessionHandle, pucOutput, uxLen );
-    }
-
-    return lRslt;
-}
-
-/*-----------------------------------------------------------*/
-
 static void * p11_ecdsa_ctx_alloc( void )
 {
     void * pvCtx = NULL;

FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_pkcs11.h

@@ -24,8 +24,8 @@
  *
  */
 
-#ifndef MBEDTLS_PK_PKCS11_H
-#define MBEDTLS_PK_PKCS11_H
+#ifndef MBEDTLS_PKCS11_H
+#define MBEDTLS_PKCS11_H
 
 #include <string.h>
 #include "mbedtls/pk.h"
@@ -47,16 +47,16 @@ CK_RV xPKCS11_initMbedtlsPkContext( mbedtls_pk_context * pxMbedtlsPkCtx,
                                     CK_OBJECT_HANDLE xPkHandle );
 
 /**
- * @brief Callback to generate random data with the PKCS11 module.
+ * @brief Callback to generate random data with the PKCS11 API.
  *
- * @param[in] pvCtx void pointer to the
+ * @param[in] pvCtx void pointer to a PKCS11 Session handle.
  * @param[in] pucRandom Byte array to fill with random data.
  * @param[in] xRandomLength Length of byte array.
  *
  * @return 0 on success.
  */
-int lPKCS11RandomCallback( void * pvCtx,
+int lMbedCryptoRngCallbackPKCS11( void * pvCtx,
                                   unsigned char * pucOutput,
                                   size_t uxLen );
 
-#endif /* MBEDTLS_PK_PKCS11_H */
+#endif /* MBEDTLS_PKCS11_H */

FreeRTOS-Plus/Source/Application-Protocols/network_transport/mbedtls_rng_pkcs11.c

@@ -0,0 +1,80 @@
+/*
+ * FreeRTOS V202211.00
+ * Copyright (C) 2020 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * https://www.FreeRTOS.org
+ * https://github.com/FreeRTOS
+ *
+ */
+
+#include "logging_levels.h"
+
+#define LIBRARY_LOG_NAME     "MbedTLSRNGP11"
+#define LIBRARY_LOG_LEVEL    LOG_ERROR
+
+#include "logging_stack.h"
+
+/**
+ * @file mbedtls_rng_pkcs11.c
+ * @brief Implements an mbedtls RNG callback using the PKCS#11 API
+ */
+
+#include "core_pkcs11_config.h"
+#include "core_pkcs11.h"
+
+/*-----------------------------------------------------------*/
+
+int lMbedCryptoRngCallbackPKCS11( void * pvCtx,
+                                  unsigned char * pucOutput,
+                                  size_t uxLen )
+{
+    int lRslt;
+    CK_FUNCTION_LIST_PTR pxFunctionList = NULL;
+    CK_SESSION_HANDLE * pxSessionHandle = ( CK_SESSION_HANDLE * ) pvCtx;
+
+    if( pucOutput == NULL )
+    {
+        lRslt = -1;
+    }
+    else if( pvCtx == NULL )
+    {
+        lRslt = -1;
+        LogError( ( "pvCtx must not be NULL." ) );
+    }
+    else
+    {
+        lRslt = ( int ) C_GetFunctionList( &pxFunctionList );
+    }
+
+    if( ( lRslt != CKR_OK ) ||
+        ( pxFunctionList == NULL ) ||
+        ( pxFunctionList->C_GenerateRandom == NULL ) )
+    {
+        lRslt = -1;
+    }
+    else
+    {
+        lRslt = ( int ) pxFunctionList->C_GenerateRandom( *pxSessionHandle, pucOutput, uxLen );
+    }
+
+    return lRslt;
+}
+
+/*-----------------------------------------------------------*/

FreeRTOS-Plus/Source/Application-Protocols/network_transport/transport_mbedtls_pkcs11.c

@@ -52,7 +52,7 @@
 
 /* TLS transport header. */
 #include "transport_mbedtls_pkcs11.h"
-#include "mbedtls_pk_pkcs11.h"
+#include "mbedtls_pkcs11.h"
 
 /* PKCS #11 includes. */
 #include "core_pkcs11_config.h"