aws-crt 0.1.5 → 0.1.6

data/aws-crt-ffi/crt/aws-c-io/source/{pkcs11.c → pkcs11_lib.c}

@@ -23,6 +23,13 @@
 /*
  * DER encoded DigestInfo value to be prefixed to the hash, used for RSA signing
  * See https://tools.ietf.org/html/rfc3447#page-43
+ * (Notes to help understand what's going on here with DER encoding)
+ * 0x30 nn - Sequence of tags, nn bytes, including hash, nn = mm+jj+4 (PKCS11 DigestInfo)
+ *   0x30 mm - Subsequence of tags, mm bytes (ii+4) (PKCS11
+ *     0x06 ii - OID encoding, ii bytes, see X.680 - this identifies the hash algorithm
+ *     0x05 00 - NULL
+ *   0x04 jj - OCTET, nn = mm + jj + 4
+ *   Digest (nn - mm - 4 bytes)
  */
 static const uint8_t SHA1_PREFIX_TO_RSA_SIG[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
 static const uint8_t SHA256_PREFIX_TO_RSA_SIG[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 };
@@ -31,28 +38,6 @@ static const uint8_t SHA512_PREFIX_TO_RSA_SIG[] = { 0x30, 0x51, 0x30, 0x0d, 0x06
 static const uint8_t SHA224_PREFIX_TO_RSA_SIG[] = { 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c };
 /* clang-format on */
 
-const char *aws_tls_hash_algorithm_str(enum aws_tls_hash_algorithm hash) {
-    /* clang-format off */
-    switch (hash) {
-        case (AWS_TLS_HASH_SHA1): return "SHA1";
-        case (AWS_TLS_HASH_SHA224): return "SHA224";
-        case (AWS_TLS_HASH_SHA256): return "SHA256";
-        case (AWS_TLS_HASH_SHA384): return "SHA384";
-        case (AWS_TLS_HASH_SHA512): return "SHA512";
-        default: return "<UNKNOWN HASH ALGORITHM>";
-    }
-    /* clang-format on */
-}
-
-const char *aws_tls_signature_algorithm_str(enum aws_tls_signature_algorithm signature) {
-    /* clang-format off */
-    switch (signature) {
-        case (AWS_TLS_SIGNATURE_RSA): return "RSA";
-        default: return "<UNKNOWN SIGNATURE ALGORITHM>";
-    }
-    /* clang-format on */
-}
-
 /* Return c-string for PKCS#11 CKR_* contants. */
 const char *aws_pkcs11_ckr_str(CK_RV rv) {
     /* clang-format off */
@@ -945,6 +930,7 @@ int aws_pkcs11_lib_find_private_key(
 
     switch (key_type) {
         case CKK_RSA:
+        case CKK_EC:
             break;
         default:
             AWS_LOGF_ERROR(
@@ -998,6 +984,7 @@ int aws_pkcs11_lib_decrypt(
     CK_MECHANISM mechanism;
     AWS_ZERO_STRUCT(mechanism);
 
+    /* Note, CKK_EC is not expected to enter into this code path */
     switch (key_type) {
         case CKK_RSA:
             mechanism.mechanism = CKM_RSA_PKCS;
@@ -1177,6 +1164,149 @@ clean_up:
     return success ? AWS_OP_SUCCESS : AWS_OP_ERR;
 }
 
+/*
+ * Basic ASN.1 (DER) encoding of header -- sufficient for ECDSA
+ */
+static int s_asn1_enc_prefix(struct aws_byte_buf *buffer, uint8_t identifier, size_t length) {
+    if (((identifier & 0x1f) == 0x1f) || (length > 0x7f)) {
+        AWS_LOGF_ERROR(AWS_LS_IO_PKCS11, "Unable to encode ASN.1 (DER) header 0x%02x %zu", identifier, length);
+        return aws_raise_error(AWS_ERROR_PKCS11_ENCODING_ERROR);
+    }
+    uint8_t head[2];
+    head[0] = identifier;
+    head[1] = (uint8_t)length;
+    if (!aws_byte_buf_write(buffer, head, sizeof(head))) {
+        AWS_LOGF_ERROR(
+            AWS_LS_IO_PKCS11, "Insufficient buffer to encode ASN.1 (DER) header 0x%02x %zu", identifier, length);
+        return aws_raise_error(AWS_ERROR_PKCS11_ENCODING_ERROR);
+    }
+    return AWS_OP_SUCCESS;
+}
+
+/*
+ * Basic ASN.1 (DER) encoding of an unsigned big number -- sufficient for ECDSA. Note that this implementation
+ * may reduce the number of integer bytes down to 1 (removing leading zero bytes), or conversely increase by
+ * one extra byte to ensure the unsigned integer is unambiguously encoded.
+ */
+int aws_pkcs11_asn1_enc_ubigint(struct aws_byte_buf *const buffer, struct aws_byte_cursor bigint) {
+
+    // trim out all leading zero's
+    while (bigint.len > 0 && bigint.ptr[0] == 0) {
+        aws_byte_cursor_advance(&bigint, 1);
+    }
+
+    // If the most significant bit is a '1', prefix with a zero-byte to prevent misinterpreting number as negative.
+    // If the big integer value was zero, length will be zero, replace with zero-byte using the same approach.
+    bool add_leading_zero = bigint.len == 0 || (bigint.ptr[0] & 0x80) != 0;
+    size_t actual_len = bigint.len + (add_leading_zero ? 1 : 0);
+
+    // header - indicate integer of given length (including any prefix zero)
+    bool success = s_asn1_enc_prefix(buffer, 0x02, actual_len) == AWS_OP_SUCCESS;
+    if (add_leading_zero) {
+        success = success && aws_byte_buf_write_u8(buffer, 0);
+    }
+    // write rest of number
+    success = success && aws_byte_buf_write_from_whole_cursor(buffer, bigint);
+    if (success) {
+        return AWS_OP_SUCCESS;
+    } else {
+        AWS_LOGF_ERROR(
+            AWS_LS_IO_PKCS11, "Insufficient buffer to ASN.1 (DER) encode big integer of length %zu", actual_len);
+        return aws_raise_error(AWS_ERROR_PKCS11_ENCODING_ERROR);
+    }
+}
+
+static int s_pkcs11_sign_ecdsa(
+    struct aws_pkcs11_lib *pkcs11_lib,
+    CK_SESSION_HANDLE session_handle,
+    CK_OBJECT_HANDLE key_handle,
+    struct aws_byte_cursor digest_data,
+    struct aws_allocator *allocator,
+    enum aws_tls_signature_algorithm signature_alg,
+    struct aws_byte_buf *out_signature) {
+
+    struct aws_byte_buf part_signature;
+    struct aws_byte_buf r_part;
+    struct aws_byte_buf s_part;
+    AWS_ZERO_STRUCT(part_signature);
+    AWS_ZERO_STRUCT(r_part);
+    AWS_ZERO_STRUCT(s_part);
+
+    if (signature_alg != AWS_TLS_SIGNATURE_ECDSA) {
+        AWS_LOGF_ERROR(
+            AWS_LS_IO_PKCS11,
+            "id=%p session=%lu: Signature algorithm '%s' is currently unsupported for PKCS#11 EC keys. "
+            "Supported algorithms are: ECDSA",
+            (void *)pkcs11_lib,
+            session_handle,
+            aws_tls_signature_algorithm_str(signature_alg));
+        return aws_raise_error(AWS_IO_TLS_SIGNATURE_ALGORITHM_UNSUPPORTED);
+    }
+
+    bool success = false;
+
+    /* ECDSA signing consists of DER-encoding of "r" and "s" parameters. C_Sign returns the two
+     * integers as big numbers in big-endian format, so translation is required.
+     */
+    CK_MECHANISM mechanism = {.mechanism = CKM_ECDSA};
+
+    if (s_pkcs11_sign_helper(
+            pkcs11_lib, session_handle, key_handle, mechanism, digest_data, allocator, &part_signature) !=
+        AWS_OP_SUCCESS) {
+        goto error;
+    }
+
+    /* PKCS11 library returns these parameters as two big unsigned integer numbers of exactly the same length. The
+     * numbers need to be ASN.1/DER encoded (variable length). In addition to the header, space is needed to allow for
+     * an occasional extra 0x00 prefix byte to ensure integer is encoded and interpreted as unsigned.
+     */
+    if (part_signature.len == 0 || (part_signature.len & 1) != 0) {
+        /* This should never happen, we would fail anyway, but making it explicit and fail early */
+        AWS_LOGF_ERROR(
+            AWS_LS_IO_PKCS11,
+            "PKCS11 library returned an invalid length, unable to interpret ECDSA signature to encode correctly.");
+        return aws_raise_error(AWS_ERROR_PKCS11_ENCODING_ERROR);
+        goto error;
+    }
+    size_t num_bytes = part_signature.len / 2;
+    aws_byte_buf_init(&r_part, allocator, num_bytes + 4);
+    aws_byte_buf_init(&s_part, allocator, num_bytes + 4);
+
+    if (aws_pkcs11_asn1_enc_ubigint(&r_part, aws_byte_cursor_from_array(part_signature.buffer, num_bytes)) !=
+        AWS_OP_SUCCESS) {
+        goto error;
+    }
+    if (aws_pkcs11_asn1_enc_ubigint(
+            &s_part, aws_byte_cursor_from_array(part_signature.buffer + num_bytes, num_bytes)) != AWS_OP_SUCCESS) {
+        goto error;
+    }
+    size_t pair_len = r_part.len + s_part.len;
+    aws_byte_buf_init(out_signature, allocator, pair_len + 2); // inc header
+    if (s_asn1_enc_prefix(out_signature, 0x30, pair_len) != AWS_OP_SUCCESS) {
+        goto error;
+    }
+    if (!aws_byte_buf_write_from_whole_buffer(out_signature, r_part)) {
+        AWS_LOGF_ERROR(AWS_LS_IO_PKCS11, "Insufficient buffer to ASN.1 (DER) encode ECDSA signature R-part.");
+        return aws_raise_error(AWS_ERROR_PKCS11_ENCODING_ERROR);
+        goto error;
+    }
+    if (!aws_byte_buf_write_from_whole_buffer(out_signature, s_part)) {
+        AWS_LOGF_ERROR(AWS_LS_IO_PKCS11, "Insufficient buffer to ASN.1 (DER) encode ECDSA signature S-part.");
+        return aws_raise_error(AWS_ERROR_PKCS11_ENCODING_ERROR);
+        goto error;
+    }
+    success = true;
+    goto clean_up;
+
+error:
+    aws_byte_buf_clean_up(out_signature);
+clean_up:
+    aws_byte_buf_clean_up(&part_signature);
+    aws_byte_buf_clean_up(&r_part);
+    aws_byte_buf_clean_up(&s_part);
+    return success ? AWS_OP_SUCCESS : AWS_OP_ERR;
+}
+
 int aws_pkcs11_lib_sign(
     struct aws_pkcs11_lib *pkcs11_lib,
     CK_SESSION_HANDLE session_handle,
@@ -1202,6 +1332,16 @@ int aws_pkcs11_lib_sign(
                 digest_alg,
                 signature_alg,
                 out_signature);
+        case CKK_ECDSA:
+            return s_pkcs11_sign_ecdsa(
+                pkcs11_lib,
+                session_handle,
+                key_handle,
+                digest_data,
+                allocator,
+                // not digest_alg -- need to check this
+                signature_alg,
+                out_signature);
         default:
             return aws_raise_error(AWS_ERROR_PKCS11_KEY_TYPE_UNSUPPORTED);
     }

data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_private.h

@@ -5,7 +5,7 @@
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0.
  */
-#include <aws/io/io.h>
+#include <aws/io/tls_channel_handler.h>
 
 /* These defines must exist before the official PKCS#11 headers are included */
 #define CK_PTR *
@@ -28,23 +28,9 @@
  */
 
 struct aws_pkcs11_lib;
+struct aws_pkcs11_tls_key_handler;
 struct aws_string;
 
-enum aws_tls_hash_algorithm {
-    AWS_TLS_HASH_UNKNOWN = -1,
-    AWS_TLS_HASH_SHA1,
-    AWS_TLS_HASH_SHA224,
-    AWS_TLS_HASH_SHA256,
-    AWS_TLS_HASH_SHA384,
-    AWS_TLS_HASH_SHA512,
-};
-
-enum aws_tls_signature_algorithm {
-    AWS_TLS_SIGNATURE_UNKNOWN = -1,
-    AWS_TLS_SIGNATURE_RSA,
-    /* TODO: add support for additional algorithms (ECDSA) */
-};
-
 AWS_EXTERN_C_BEGIN
 
 /**
@@ -144,16 +130,28 @@ AWS_IO_API
 int aws_get_prefix_to_rsa_sig(enum aws_tls_hash_algorithm digest_alg, struct aws_byte_cursor *out_prefix);
 
 /**
- * Given enum, return string like: AWS_TLS_HASH_SHA256 -> "SHA256"
+ * ASN.1 DER encode a big unsigned integer. Note that the source integer may be zero padded. It may also have
+ * most significant bit set. The encoded format is canonical and unambiguous - that is, most significant
+ * bit is never set.
  */
 AWS_IO_API
-const char *aws_tls_hash_algorithm_str(enum aws_tls_hash_algorithm hash);
+int aws_pkcs11_asn1_enc_ubigint(struct aws_byte_buf *const buffer, struct aws_byte_cursor bigint);
 
 /**
- * Given enum, return string like: AWS_TLS_SIGNATURE_RSA -> "RSA"
+ * Creates a new PKCS11 TLS operation handler with an associated aws_custom_key_op_handler
+ * with a reference count set to 1.
+ *
+ * The PKCS11 TLS operation handler will automatically be destroyed when the reference count reaches zero
+ * on the aws_custom_key_op_handler.
  */
 AWS_IO_API
-const char *aws_tls_signature_algorithm_str(enum aws_tls_signature_algorithm signature);
+struct aws_custom_key_op_handler *aws_pkcs11_tls_op_handler_new(
+    struct aws_allocator *allocator,
+    struct aws_pkcs11_lib *pkcs11_lib,
+    const struct aws_byte_cursor *user_pin,
+    const struct aws_byte_cursor *match_token_label,
+    const struct aws_byte_cursor *match_private_key_label,
+    const uint64_t *match_slot_id);
 
 AWS_EXTERN_C_END
 #endif /* AWS_IO_PKCS11_PRIVATE_H */

data/aws-crt-ffi/crt/aws-c-io/source/pkcs11_tls_op_handler.c

@@ -0,0 +1,221 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/io/pkcs11.h>
+
+#include "pkcs11_private.h"
+
+#include <aws/common/mutex.h>
+#include <aws/common/string.h>
+#include <aws/io/logging.h>
+
+struct aws_pkcs11_tls_op_handler {
+    /* The custom key operation handler needed for the callbacks */
+    struct aws_custom_key_op_handler base;
+
+    struct aws_allocator *alloc;
+    struct aws_pkcs11_lib *lib;
+
+    /* Use a single PKCS#11 session for all TLS connections on an aws_tls_ctx.
+     * We do this because PKCS#11 tokens may only support a
+     * limited number of sessions (PKCS11-UG-v2.40 section 2.6.7).
+     * If this one shared session turns out to be a severe bottleneck,
+     * we could look into other setups (ex: put session on its own thread,
+     * 1 session per event-loop, 1 session per connection, etc).
+     *
+     * The lock must be held while performing session operations.
+     * Otherwise, it would not be safe for multiple threads to share a
+     * session (PKCS11-UG-v2.40 section 2.6.7). The lock isn't needed for
+     * setup and teardown though, since we ensure nothing parallel is going
+     * on at these times */
+    struct aws_mutex session_lock;
+    CK_SESSION_HANDLE session_handle;
+    CK_OBJECT_HANDLE private_key_handle;
+    CK_KEY_TYPE private_key_type;
+};
+
+static void s_aws_custom_key_op_handler_destroy(struct aws_custom_key_op_handler *key_op_handler) {
+
+    struct aws_pkcs11_tls_op_handler *handler = (struct aws_pkcs11_tls_op_handler *)key_op_handler->impl;
+
+    if (handler->session_handle != 0) {
+        aws_pkcs11_lib_close_session(handler->lib, handler->session_handle);
+    }
+    aws_mutex_clean_up(&handler->session_lock);
+    aws_pkcs11_lib_release(handler->lib);
+
+    aws_mem_release(handler->alloc, handler);
+}
+
+/**
+ * Performs the PKCS11 TLS private key operation. This is called automatically when performing a mutual TLS handshake.
+ */
+void s_aws_pkcs11_tls_op_handler_do_operation(
+    struct aws_custom_key_op_handler *handler,
+    struct aws_tls_key_operation *operation) {
+
+    struct aws_pkcs11_tls_op_handler *pkcs11_handler = (struct aws_pkcs11_tls_op_handler *)handler->impl;
+    struct aws_byte_buf output_buf; /* initialized later */
+    AWS_ZERO_STRUCT(output_buf);
+
+    /*********** BEGIN CRITICAL SECTION ***********/
+    aws_mutex_lock(&pkcs11_handler->session_lock);
+    bool success_while_locked = false;
+
+    switch (aws_tls_key_operation_get_type(operation)) {
+        case AWS_TLS_KEY_OPERATION_DECRYPT:
+            if (aws_pkcs11_lib_decrypt(
+                    pkcs11_handler->lib,
+                    pkcs11_handler->session_handle,
+                    pkcs11_handler->private_key_handle,
+                    pkcs11_handler->private_key_type,
+                    aws_tls_key_operation_get_input(operation),
+                    pkcs11_handler->alloc,
+                    &output_buf)) {
+
+                goto unlock;
+            }
+            break;
+
+        case AWS_TLS_KEY_OPERATION_SIGN:
+            if (aws_pkcs11_lib_sign(
+                    pkcs11_handler->lib,
+                    pkcs11_handler->session_handle,
+                    pkcs11_handler->private_key_handle,
+                    pkcs11_handler->private_key_type,
+                    aws_tls_key_operation_get_input(operation),
+                    pkcs11_handler->alloc,
+                    aws_tls_key_operation_get_digest_algorithm(operation),
+                    aws_tls_key_operation_get_signature_algorithm(operation),
+                    &output_buf)) {
+
+                goto unlock;
+            }
+            break;
+
+        default:
+            AWS_LOGF_ERROR(
+                AWS_LS_IO_PKCS11,
+                "PKCS11 Handler %p: Unknown TLS key operation with value of %u",
+                (void *)handler,
+                aws_tls_key_operation_get_type(operation));
+            aws_raise_error(AWS_ERROR_INVALID_STATE);
+            goto unlock;
+    }
+
+    success_while_locked = true;
+unlock:
+    aws_mutex_unlock(&pkcs11_handler->session_lock);
+    /*********** END CRITICAL SECTION ***********/
+
+    if (success_while_locked) {
+        aws_tls_key_operation_complete(operation, aws_byte_cursor_from_buf(&output_buf));
+    } else {
+        aws_tls_key_operation_complete_with_error(operation, aws_last_error());
+    }
+
+    aws_byte_buf_clean_up(&output_buf);
+}
+
+static struct aws_custom_key_op_handler_vtable s_aws_custom_key_op_handler_vtable = {
+    .on_key_operation = s_aws_pkcs11_tls_op_handler_do_operation,
+};
+
+struct aws_custom_key_op_handler *aws_pkcs11_tls_op_handler_new(
+    struct aws_allocator *allocator,
+    struct aws_pkcs11_lib *pkcs11_lib,
+    const struct aws_byte_cursor *user_pin,
+    const struct aws_byte_cursor *match_token_label,
+    const struct aws_byte_cursor *match_private_key_label,
+    const uint64_t *match_slot_id) {
+
+    bool success = false;
+
+    struct aws_pkcs11_tls_op_handler *pkcs11_handler =
+        aws_mem_calloc(allocator, 1, sizeof(struct aws_pkcs11_tls_op_handler));
+
+    // Optional data
+    struct aws_string *pkcs_user_pin = NULL;
+    struct aws_string *pkcs_token_label = NULL;
+    struct aws_string *pkcs_private_key_object_label = NULL;
+
+    aws_ref_count_init(
+        &pkcs11_handler->base.ref_count,
+        &pkcs11_handler->base,
+        (aws_simple_completion_callback *)s_aws_custom_key_op_handler_destroy);
+
+    pkcs11_handler->base.impl = (void *)pkcs11_handler;
+    pkcs11_handler->base.vtable = &s_aws_custom_key_op_handler_vtable;
+
+    pkcs11_handler->alloc = allocator;
+
+    /* pkcs11_lib is required */
+    if (pkcs11_lib == NULL) {
+        aws_raise_error(AWS_ERROR_INVALID_ARGUMENT);
+        AWS_LOGF_ERROR(AWS_LS_IO_PKCS11, "PKCS11 Handler %p new: PKCS11 library is null", (void *)pkcs11_handler);
+        goto done;
+    }
+    pkcs11_handler->lib = aws_pkcs11_lib_acquire(pkcs11_lib); /* cannot fail */
+    aws_mutex_init(&pkcs11_handler->session_lock);
+
+    /* user_pin is optional */
+    if (user_pin->ptr != NULL) {
+        pkcs_user_pin = aws_string_new_from_cursor(allocator, user_pin);
+    }
+
+    /* token_label is optional */
+    if (match_token_label->ptr != NULL) {
+        pkcs_token_label = aws_string_new_from_cursor(allocator, match_token_label);
+    }
+
+    /* private_key_object_label is optional */
+    if (match_private_key_label->ptr != NULL) {
+        pkcs_private_key_object_label = aws_string_new_from_cursor(allocator, match_private_key_label);
+    }
+
+    CK_SLOT_ID slot_id;
+    if (aws_pkcs11_lib_find_slot_with_token(pkcs11_handler->lib, match_slot_id, pkcs_token_label, &slot_id /*out*/)) {
+        goto done;
+    }
+
+    if (aws_pkcs11_lib_open_session(pkcs11_handler->lib, slot_id, &pkcs11_handler->session_handle)) {
+        goto done;
+    }
+
+    if (pkcs_user_pin != NULL) {
+        if (aws_pkcs11_lib_login_user(pkcs11_handler->lib, pkcs11_handler->session_handle, pkcs_user_pin)) {
+            goto done;
+        }
+    }
+
+    if (aws_pkcs11_lib_find_private_key(
+            pkcs11_handler->lib,
+            pkcs11_handler->session_handle,
+            pkcs_private_key_object_label,
+            &pkcs11_handler->private_key_handle /*out*/,
+            &pkcs11_handler->private_key_type /*out*/)) {
+        goto done;
+    }
+    success = true;
+
+done:
+
+    /* CLEANUP */
+    if (pkcs_user_pin != NULL) {
+        aws_string_destroy_secure(pkcs_user_pin);
+    }
+    if (pkcs_token_label != NULL) {
+        aws_string_destroy(pkcs_token_label);
+    }
+    if (pkcs_private_key_object_label != NULL) {
+        aws_string_destroy(pkcs_private_key_object_label);
+    }
+
+    if (success) {
+        return &pkcs11_handler->base;
+    } else {
+        aws_custom_key_op_handler_release(&pkcs11_handler->base);
+        return NULL;
+    }
+}