Fixed PKCS11 store functions.

Working C_InitToken/C_Login.

hal/stm32_tz.c

@@ -119,12 +119,12 @@ void hal_tz_release_nonsecure_area(void)
 void hal_gtzc_init(void)
 {
    int i;
-  /* Configure lower half of SRAM1 as secure */
-   for (i = 0; i < 12; i++) {
+  /* Configure lower half of total RAM as secure */
+   for (i = 0; i < 16; i++) {
        SET_GTZC_MPCBBx_S_VCTR(1, i, 0xFFFFFFFF);
    }
-   /* Configure upper half of SRAM1 as non-secure */
-   for (i = 12; i < 24; i++) {
+   /* Configure rest of SRAM1 as non-secure */
+   for (i = 16; i < 24; i++) {
        SET_GTZC_MPCBBx_S_VCTR(1, i, 0x0);
    }
 

hal/stm32l5.ld

@@ -2,8 +2,8 @@ MEMORY
 {
     FLASH (rx) :    ORIGIN = @WOLFBOOT_ORIGIN@, LENGTH = @BOOTLOADER_PARTITION_SIZE@ - 0x20000
     RAM (rwx) :     ORIGIN = 0x30000000, LENGTH = 0x00012000
-    RAM_HEAP (rw):  ORIGIN = 0x30012000, LENGTH = 0x4000
-    RAM_KV (rw):    ORIGIN = 0x30016000, LENGTH = 0x2000
+    RAM_HEAP (rw):  ORIGIN = 0x30012000, LENGTH = 0xc000 /* 49152 B Heap for wolfcrypt/PKCS11 */
+    RAM_KV (rw):    ORIGIN = 0x3001e000, LENGTH = 0x2000
     FLASH_KEYVAULT(rw): ORIGIN = @WOLFBOOT_ORIGIN@ + 0x20000, LENGTH = 0x18000
     FLASH_NSC(rx): ORIGIN = @WOLFBOOT_ORIGIN@ + 0x38000, LENGTH = 0x8000
 }

options.mk

@@ -447,6 +447,7 @@ ifeq ($(SECURE_PKCS11),1)
   CFLAGS+=-DSECURE_PKCS11
   CFLAGS+=-DCK_CALLABLE="__attribute__((cmse_nonsecure_entry))"
   CFLAGS+=-Ilib/wolfPKCS11
+  CFLAGS+=-DWP11_HASH_PIN_COST=3
   OBJS+=src/pkcs11_store.o
   OBJS+=src/pkcs11_callable.o
   WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/aes.o

src/pkcs11_store.c

@@ -25,6 +25,7 @@
 #include <string.h>
 #include "wolfpkcs11/pkcs11.h"
 #include "wolfpkcs11/store.h"
+#include "wolfssl/wolfcrypt/types.h"
 #include "hal.h"
 
 extern uint32_t *_flash_keyvault; /* From linker script: origin of vault flash */
@@ -77,6 +78,7 @@ struct obj_hdr
     uint32_t token_id;
     uint32_t object_id;
     int type;
+    uint32_t off;
     uint32_t size;
 };
 #define STORE_PRIV_HDR_SIZE 16
@@ -122,7 +124,11 @@ int wolfPKCS11_Store_Open(int type, CK_ULONG id1, CK_ULONG id2, int read,
             *store = NULL;
             return FIND_FULL_E;
         }
-        obj = vault_descriptors[vault_idx];
+        obj = XMALLOC(sizeof(struct store_object), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (!obj)
+            return NOT_AVAILABLE_E;
+        vault_descriptors[vault_idx] = obj;
+        hdr = (struct obj_hdr *)obj;
         obj->vault_idx = vault_idx;
         obj->hdr.type = type;
         obj->hdr.token_id = id1;
@@ -133,24 +139,29 @@ int wolfPKCS11_Store_Open(int type, CK_ULONG id1, CK_ULONG id2, int read,
                 KEYVAULT_OBJ_SIZE);
         hal_flash_write((uint32_t)(vault_base + vault_idx * KEYVAULT_OBJ_SIZE), (void *)obj,
                 sizeof(struct obj_hdr));
+        *store = obj;
     }
+    hdr->off = 0;
     return 0;
 }
 
 void wolfPKCS11_Store_Close(void* store)
 {
-    /* Stub */
+    struct store_object *obj = store;
+    vault_descriptors[obj->vault_idx] = NULL;
+    XFREE(obj, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 }
 
 int wolfPKCS11_Store_Read(void* store, unsigned char* buffer, int len)
 {
     struct store_object *obj = store;
-    if ((uint32_t)len > obj->hdr.size) {
-        len = obj->hdr.size;
+    if ((uint32_t)len + obj->hdr.off > obj->hdr.size) {
+        len = obj->hdr.size - obj->hdr.off;
     }
     if (len > 0) {
         memcpy(buffer, vault_base + obj->vault_idx * KEYVAULT_OBJ_SIZE +
-                STORE_PRIV_HDR_SIZE, len);
+                STORE_PRIV_HDR_SIZE + obj->hdr.off, len);
+        obj->hdr.off += len;
     }
     return len;
 }
@@ -159,16 +170,18 @@ int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len)
 {
     struct store_object *obj = store;
     int pos = 0;
-    if (len > (KEYVAULT_OBJ_SIZE - STORE_PRIV_HDR_SIZE)) {
+    if (len + obj->hdr.off > (KEYVAULT_OBJ_SIZE - STORE_PRIV_HDR_SIZE)) {
         return -1;
     }
     if (obj->read)
         return -1;
     if (obj->vault_idx > KEYVAULT_MAX_ITEMS)
         return -1;
-    obj->hdr.size = len;
-    hal_flash_erase((uint32_t)(vault_base + obj->vault_idx * KEYVAULT_OBJ_SIZE),
+    obj->hdr.size += len;
+    if (obj->hdr.off == 0) 
+        hal_flash_erase((uint32_t)(vault_base + obj->vault_idx * KEYVAULT_OBJ_SIZE),
             KEYVAULT_OBJ_SIZE);
+
     hal_flash_write((uint32_t)(vault_base + obj->vault_idx * KEYVAULT_OBJ_SIZE),
             (void *)obj, sizeof(struct obj_hdr));
     while (pos < len) {
@@ -178,8 +191,9 @@ int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len)
         if (sz > WOLFBOOT_SECTOR_SIZE) {
             sz = WOLFBOOT_SECTOR_SIZE;
         }
-        hal_flash_write(base + STORE_PRIV_HDR_SIZE + pos, buffer + pos, sz);
+        hal_flash_write(base + STORE_PRIV_HDR_SIZE + pos, buffer + pos + obj->hdr.off, sz);
         pos += sz;
     }
+    obj->hdr.off += len;
     return len;
 }

test-app/ARM-stm32l5-ns.ld

@@ -1,7 +1,7 @@
 MEMORY
 {
     FLASH (rx) : ORIGIN = @WOLFBOOT_TEST_APP_ADDRESS@, LENGTH = @WOLFBOOT_TEST_APP_SIZE@
-    RAM (rwx) : ORIGIN = 0x20018000, LENGTH = 16K /* Run in lowmem */
+    RAM (rwx) : ORIGIN = 0x20020000, LENGTH = 0x10000
 }
 
 SECTIONS

test-app/app_stm32l5.c

@@ -154,10 +154,14 @@ void main(void)
             (const byte*)TokenPin, strlen(TokenPin));
 
     if (ret == 0) {
-        ret = wolfpkcs11nsFunctionList.C_OpenSession(1, 
+        ret = wolfpkcs11nsFunctionList.C_OpenSession(1,
                 CKF_SERIAL_SESSION | CKF_RW_SESSION,
                 NULL, NULL, &session);
     }
+    if (ret == 0) {
+        ret = wolfpkcs11nsFunctionList.C_InitToken(1,
+                (const byte *)TokenPin, strlen(TokenPin), "SO-PIN");
+    }
 
     if (ret == 0) {
         ret = wolfpkcs11nsFunctionList.C_Login(session, CKU_SO,