1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
/*
* FreeRTOS V202111.00
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*
* https://www.FreeRTOS.org
* https://github.com/FreeRTOS
*
*/
/**
* @file core_pkcs11_config.h
* @brief PCKS#11 config options.
*/
#ifndef _CORE_PKCS11_CONFIG_H_
#define _CORE_PKCS11_CONFIG_H_
#include "FreeRTOS.h"
/**************************************************/
/******* DO NOT CHANGE the following order ********/
/**************************************************/
/* Include logging header files and define logging macros in the following order:
* 1. Include the header file "logging_levels.h".
* 2. Define the LIBRARY_LOG_NAME and LIBRARY_LOG_LEVEL macros depending on
* the logging configuration for PKCS #11.
* 3. Include the header file "logging_stack.h", if logging is enabled for PKCS #11.
*/
#include "logging_levels.h"
/* Logging configuration for the PKCS #11 library. */
#ifndef LIBRARY_LOG_NAME
#define LIBRARY_LOG_NAME "PKCS11"
#endif
#ifndef LIBRARY_LOG_LEVEL
#define LIBRARY_LOG_LEVEL LOG_ERROR
#endif
/* Prototype for the function used to print to console on Windows simulator
* of FreeRTOS.
* The function prints to the console before the network is connected;
* then a UDP port after the network has connected. */
extern void vLoggingPrintf( const char * pcFormatString,
... );
/* Map the SdkLog macro to the logging function to enable logging
* on Windows simulator. */
#ifndef SdkLog
#define SdkLog( message ) vLoggingPrintf message
#endif
#include "logging_stack.h"
/************ End of logging configuration ****************/
#include <stdlib.h>
/**
* @brief Malloc API used by core_pkcs11.h
*/
#define PKCS11_MALLOC pvPortMalloc
/**
* @brief Free API used by core_pkcs11.h
*/
#define PKCS11_FREE vPortFree
/**
* @brief PKCS #11 default user PIN.
*
* The PKCS #11 standard specifies the presence of a user PIN. That feature is
* sensible for applications that have an interactive user interface and memory
* protections. However, since typical microcontroller applications lack one or
* both of those, the user PIN is assumed to be used herein for interoperability
* purposes only, and not as a security feature.
*
* Note: Do not cast this to a pointer! The library calls sizeof to get the length
* of this string.
*/
#define configPKCS11_DEFAULT_USER_PIN "0000"
/**
* @brief Maximum length (in characters) for a PKCS #11 CKA_LABEL
* attribute.
*/
#define pkcs11configMAX_LABEL_LENGTH 32UL
/**
* @brief Maximum number of token objects that can be stored
* by the PKCS #11 module.
*/
#define pkcs11configMAX_NUM_OBJECTS 6UL
/**
* @brief Maximum number of sessions that can be stored
* by the PKCS #11 module.
*/
#define pkcs11configMAX_SESSIONS 10UL
/**
* @brief Set to 1 if a PAL destroy object is implemented.
*
* If set to 0, no PAL destroy object is implemented, and this functionality
* is implemented in the common PKCS #11 layer.
*/
#define pkcs11configPAL_DESTROY_SUPPORTED 0
/**
* @brief Set to 1 if OTA image verification via PKCS #11 module is supported.
*
* If set to 0, OTA code signing certificate is built in via
* aws_ota_codesigner_certificate.h.
*/
#define pkcs11configOTA_SUPPORTED 1
/**
* @brief Set to 1 if PAL supports storage for JITP certificate,
* code verify certificate, and trusted server root certificate.
*
* If set to 0, PAL does not support storage mechanism for these, and
* they are accessed via headers compiled into the code.
*/
#define pkcs11configJITP_CODEVERIFY_ROOT_CERT_SUPPORTED 0
/**
* @brief The PKCS #11 label for device private key.
*
* Private key for connection to AWS IoT endpoint. The corresponding
* public key should be registered with the AWS IoT endpoint.
*/
#define pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ( "Device Priv TLS Key" )
/**
* @brief The PKCS #11 label for device public key.
*
* The public key corresponding to pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS.
*/
#define pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS ( "Device Pub TLS Key" )
/**
* @brief The PKCS #11 label for the device certificate.
*
* Device certificate corresponding to pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS.
*/
#define pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS ( "Device Cert" )
/**
* @brief The PKCS #11 label for the object to be used for HMAC operations.
*/
#define pkcs11configLABEL_HMAC_KEY ( "HMAC Key" )
/**
* @brief The PKCS #11 label for the object to be used for CMAC operations.
*/
#define pkcs11configLABEL_CMAC_KEY ( "CMAC Key" )
/**
* @brief The PKCS #11 label for the object to be used for code verification.
*
* Used by over-the-air update code to verify an incoming signed image.
*/
#define pkcs11configLABEL_CODE_VERIFICATION_KEY ( "Code Verify Key" )
/**
* @brief The PKCS #11 label for the claim certificate for Fleet Provisioning.
*/
#define pkcs11configLABEL_CLAIM_CERTIFICATE ( "Claim Cert" )
/**
* @brief The PKCS #11 label for the claim private key for Fleet Provisioning.
*/
#define pkcs11configLABEL_CLAIM_PRIVATE_KEY ( "Claim Key" )
/**
* @brief The PKCS #11 label for Just-In-Time-Provisioning.
*
* The certificate corresponding to the issuer of the device certificate
* (pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS) when using the JITR or
* JITP flow.
*/
#define pkcs11configLABEL_JITP_CERTIFICATE ( "JITP Cert" )
/**
* @brief The PKCS #11 label for the AWS Trusted Root Certificate.
*
* @see aws_default_root_certificates.h
*/
#define pkcs11configLABEL_ROOT_CERTIFICATE ( "Root Cert" )
#endif /* _CORE_PKCS11_CONFIG_H_ include guard. */
|
