Skip to content

[feature] [sal] add PKCS#11 provider layer (sal/pkcs11)#97

Open
Grom- wants to merge 1 commit into
mainfrom
feature/pkcs11
Open

[feature] [sal] add PKCS#11 provider layer (sal/pkcs11)#97
Grom- wants to merge 1 commit into
mainfrom
feature/pkcs11

Conversation

@Grom-

@Grom- Grom- commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

IMPORTANT INFORMATION

Contributor License Agreement (CLA)

  • The Pull Request feature will be considered by STMicroelectronics after the signature of a Contributor License Agreement (CLA) by the submitter.
  • If you did not sign such agreement, please follow the steps mentioned in the CONTRIBUTING.md file.

@nils-cercariolo-st nils-cercariolo-st left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello Jerome ! I tried to dig a bit into PKCS#11 and review the code. All my comments are subject to what I could find online from PKCS#11 but as I don't have a deep understanding of it, every remark is to take with a grain of salt. I tried to be quite thorough so there are quite a few remarks (it's also quite a big PR). Let me know if you have any questions !
Thanks,

/* handles[0..found-1] are the private key handles */
```

### 3. Generate a key pair in slot 0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since slot 0 is usually already provisioned with a key that we can't reprovision, maybe better to make this example with slot 1 ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes indeed , I have tested on a test part with slot 0 open for reprovisioning . I will update

*/
*phKey = STSE_PKCS11_PRIVKEY_HANDLE_BASE + 0x300UL + (CK_ULONG)slot_num;

(void)shared_secret; /* The result is available but storage is out-of-scope here */

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shared secret seems completely discarded, I'm not sure I understand correctly how this function can be useful in this state.

CK_RV rv;
CK_ECDH1_DERIVE_PARAMS *pParams;

(void)pTemplate; (void)ulAttributeCount;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we leave the template empty ? Don't we have to describe more the key that gets generated ?

* C_DeriveKey — ECDH1-Derive: compute shared secret using STSAFE-A ECDH engine.
*
* The derived secret is returned as a CKO_SECRET_KEY object.
* Only CKM_ECDH1_DERIVE with CKD_NULL is supported.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We say this but we don't check it in code I believe

case CKM_ECDSA:
pInfo->ulMinKeySize = 256UL;
pInfo->ulMaxKeySize = 521UL;
pInfo->flags = CKF_HW | CKF_SIGN | CKF_VERIFY;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We say CKF_VERIFY is supported but every C_Verify functions mention CKR_FUNCTION_NOT_SUPPORTED

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch , it is an unwanted omission on my side . I have tested with an OpenSSL engine (verification done on the Host platform) . I will update this .

Comment thread sal/pkcs11/stse_pkcs11.c

case CKA_ID:
case CKA_LABEL:
/* Match by ID: we use the slot/zone number as a single-byte ID */

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mixing CKA_ID and CKA_LABEL. Works with current implementation since CKA_LABEL is 1 byte of the slot number but it's fragile and if we change CKA_LABEL to be more explicit, this case wouldn't work properly.

Comment thread sal/pkcs11/stse_pkcs11.c
break;

default:
/* Unknown attributes in the template are ignored */

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably return CK_FALSE for unknown attribute

Comment thread sal/pkcs11/stse_pkcs11.c
CK_ULONG stse_pkcs11_ec_point_size(uint16_t coord_size)
{
/* DER OCTET STRING: 0x04 (tag) + 1 byte length + 0x04 (point prefix) + X + Y */
return (CK_ULONG)(3U + 2U * (CK_ULONG)coord_size);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it doesn't work for NIST-P521 as the length is bigger than 127 bytes (DER standard), so DER encoding needs 1 byte more.
Could implement something like that instead :

CK_ULONG stse_pkcs11_ec_point_size(uint16_t coord_size)
{
CK_ULONG point_len =
1UL + 2UL * (CK_ULONG)coord_size;

if (point_len < 0x80UL) {
    /* Tag + one-byte length + point */
    return 2UL + point_len;
}

if (point_len <= 0xFFUL) {
    /* Tag + 0x81 + one-byte length + point */
    return 3UL + point_len;
}

return 0UL;

}

Comment thread sal/pkcs11/stse_pkcs11.c
}

/* If the inner content starts with 0x04 it is the X9.62 point prefix */
if (inner_offset < point_len && pEc_point[inner_offset] == 0x04U) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we have a raw point but with X[1] = 0x04 then this parser believes it's following DER format where it is not and you not work properly. Quite an edge case but could be a headache to debug later.

Comment thread sal/pkcs11/stse_pkcs11.c
stse_pkcs11_object_t obj = {
.obj_class = CKO_CERTIFICATE,
.handle = STSE_PKCS11_CERT_HANDLE(i),
.slot_or_zone = pLib->config.cert_zone_indices[i],

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like we're assuming cert zone = cert index which works well for just the first one but no guarantee for other certificates/memory zone in stsafe. This behaviour is also present in other places.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants