Skip to content

Commit 23ccf96

Browse files
committed
Fix for edge case ECC/RSA import with raw attributes to wrap/encrypt with TPM.
1 parent 081d6e3 commit 23ccf96

File tree

1 file changed

+53
-39
lines changed

1 file changed

+53
-39
lines changed

src/internal.c

Lines changed: 53 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -6702,52 +6702,60 @@ int WP11_Object_SetRsaKey(WP11_Object* object, unsigned char** data,
67026702

67036703
key = &object->data.rsaKey;
67046704
ret = wc_InitRsaKey_ex(key, NULL, object->slot->devId);
6705-
if (ret == 0)
6706-
ret = SetMPI(&key->d, data[1], (int)len[1]);
6707-
if (ret == 0)
6708-
ret = SetMPI(&key->p, data[2], (int)len[2]);
6709-
if (ret == 0)
6710-
ret = SetMPI(&key->q, data[3], (int)len[3]);
6711-
/* If modulus is not provided, calculate it */
67126705
if (ret == 0) {
6713-
if (data[0] == NULL || len[0] == 0) {
6714-
ret = mp_mul(&key->p, &key->q, &key->n);
6715-
} else {
6716-
ret = SetMPI(&key->n, data[0], (int)len[0]);
6706+
ret = SetMPI(&key->d, data[1], (int)len[1]);
6707+
if (ret == 0)
6708+
ret = SetMPI(&key->p, data[2], (int)len[2]);
6709+
if (ret == 0)
6710+
ret = SetMPI(&key->q, data[3], (int)len[3]);
6711+
/* If modulus is not provided, calculate it */
6712+
if (ret == 0) {
6713+
if (data[0] == NULL || len[0] == 0) {
6714+
ret = mp_mul(&key->p, &key->q, &key->n);
6715+
} else {
6716+
ret = SetMPI(&key->n, data[0], (int)len[0]);
6717+
}
67176718
}
6718-
}
6719-
if (ret == 0)
6720-
ret = SetMPI(&key->dP, data[4], (int)len[4]);
6721-
if (ret == 0)
6722-
ret = SetMPI(&key->dQ, data[5], (int)len[5]);
6723-
if (ret == 0)
6724-
ret = SetMPI(&key->u, data[6], (int)len[6]);
6725-
if (ret == 0) {
6726-
/* Public exponent defaults to 65537 in PKCS11 > 2.11 */
6727-
if (len[7] > 0)
6728-
ret = SetMPI(&key->e, data[7], (int)len[7]);
6729-
else {
6730-
byte defaultPublic[] = {0x01, 0x00, 0x01};
6731-
ret = SetMPI(&key->e, defaultPublic, sizeof(defaultPublic));
6719+
if (ret == 0)
6720+
ret = SetMPI(&key->dP, data[4], (int)len[4]);
6721+
if (ret == 0)
6722+
ret = SetMPI(&key->dQ, data[5], (int)len[5]);
6723+
if (ret == 0)
6724+
ret = SetMPI(&key->u, data[6], (int)len[6]);
6725+
if (ret == 0) {
6726+
/* Public exponent defaults to 65537 in PKCS11 > 2.11 */
6727+
if (len[7] > 0)
6728+
ret = SetMPI(&key->e, data[7], (int)len[7]);
6729+
else {
6730+
byte defaultPublic[] = {0x01, 0x00, 0x01};
6731+
ret = SetMPI(&key->e, defaultPublic, sizeof(defaultPublic));
6732+
}
67326733
}
6733-
}
6734-
if (ret == 0) {
6735-
if (len[8] == sizeof(CK_ULONG))
6736-
object->size = (word32)*(CK_ULONG*)data[8];
6737-
else if (len[8] != 0)
6738-
ret = BUFFER_E;
6739-
}
6740-
if (ret == 0) {
6741-
if (mp_iszero(&key->d) && mp_iszero(&key->p)) {
6742-
key->type = RSA_PUBLIC;
6734+
if (ret == 0) {
6735+
if (len[8] == sizeof(CK_ULONG))
6736+
object->size = (word32)*(CK_ULONG*)data[8];
6737+
else if (len[8] != 0)
6738+
ret = BUFFER_E;
67436739
}
6744-
else {
6745-
key->type = RSA_PRIVATE;
6740+
if (ret == 0) {
6741+
if (mp_iszero(&key->d) && mp_iszero(&key->p)) {
6742+
key->type = RSA_PUBLIC;
6743+
}
6744+
else {
6745+
key->type = RSA_PRIVATE;
6746+
}
6747+
}
6748+
6749+
if (ret != 0) {
6750+
wc_FreeRsaKey(key);
67466751
}
67476752
}
67486753

6749-
if (ret != 0)
6750-
wc_FreeRsaKey(key);
6754+
#ifdef WOLFPKCS11_TPM
6755+
if (ret == 0) {
6756+
ret = WP11_Object_WrapTpmKey(object);
6757+
}
6758+
#endif
67516759

67526760
if (object->onToken)
67536761
WP11_Lock_UnlockRW(object->lock);
@@ -6916,6 +6924,12 @@ int WP11_Object_SetEcKey(WP11_Object* object, unsigned char** data,
69166924
wc_ecc_free(key);
69176925
}
69186926

6927+
#ifdef WOLFPKCS11_TPM
6928+
if (ret == 0) {
6929+
ret = WP11_Object_WrapTpmKey(object);
6930+
}
6931+
#endif
6932+
69196933
if (object->onToken)
69206934
WP11_Lock_UnlockRW(object->lock);
69216935

0 commit comments

Comments
 (0)