corePKCS11 v3.5.0
PKCS #11 Cryptoki Library
core_pki_utils.c File Reference

Helper functions for PKCS #11. More...

#include "core_pki_utils.h"
#include <stdint.h>
#include <string.h>
Include dependency graph for core_pki_utils.c:

Macros

#define FAILURE   ( -1 )
 Failure value for PKI utils functions.
 

Functions

int8_t PKI_mbedTLSSignatureToPkcs11Signature (uint8_t *pxSignaturePKCS, const uint8_t *pxMbedSignature)
 Converts an ECDSA P-256 signature from the format provided by mbedTLS to the format expected by PKCS #11. More...
 
int8_t PKI_pkcs11SignatureTombedTLSSignature (uint8_t *pucSig, size_t *pxSigLen)
 Converts and ECDSA P-256 signature from the format provided by PKCS #11 to an ASN.1 formatted signature. More...
 

Detailed Description

Helper functions for PKCS #11.

Function Documentation

◆ PKI_mbedTLSSignatureToPkcs11Signature()

int8_t PKI_mbedTLSSignatureToPkcs11Signature ( uint8_t *  pxSignaturePKCS,
const uint8_t *  pxMbedSignature 
)

Converts an ECDSA P-256 signature from the format provided by mbedTLS to the format expected by PKCS #11.

For P-256 signatures, PKCS #11 expects a 64 byte signature, in the format of 32 byte R component followed by 32 byte S component.

mbedTLS provides signatures in DER encoded, zero-padded format.

Parameters
[out]pxSignaturePKCSPointer to a 64 byte buffer where PKCS #11 formatted signature will be placed. Caller must allocate 64 bytes of memory.
[in]pxMbedSignaturePointer to DER encoded ECDSA signature. Buffer size is expected to be 72 bytes.
Returns
0 on success, -1 on failure.

◆ PKI_pkcs11SignatureTombedTLSSignature()

int8_t PKI_pkcs11SignatureTombedTLSSignature ( uint8_t *  pucSig,
size_t *  pxSigLen 
)

Converts and ECDSA P-256 signature from the format provided by PKCS #11 to an ASN.1 formatted signature.

For P-256 signature, ASN.1 formatting has the format

SEQUENCE LENGTH INTEGER LENGTH R-VALUE INTEGER LENGTH S-VALUE

Parameters
[in,out]pucSigThis pointer serves dual purpose. It should both contain the 64-byte PKCS #11 style signature on input, and will be modified to hold the ASN.1 formatted signature (max length 72 bytes). It is the responsibility of the caller to guarantee that this pointer is large enough to hold the (longer) formatted signature.
[out]pxSigLenPointer to the length of the ASN.1 formatted signature.
Returns
0 if successful, -1 on failure.