{"id":19579730,"url":"https://github.com/wolfssl/wolfpkcs11","last_synced_at":"2025-04-27T08:31:53.602Z","repository":{"id":40283467,"uuid":"153481894","full_name":"wolfSSL/wolfPKCS11","owner":"wolfSSL","description":"wolfSSL PKCS#11","archived":false,"fork":false,"pushed_at":"2025-04-24T10:05:17.000Z","size":550,"stargazers_count":12,"open_issues_count":2,"forks_count":17,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-04-24T10:24:51.621Z","etag":null,"topics":["crypto","cryptography","fips","hsm","iot","pkcs11","secure-element","security","tpm","wolfcrypt","wolfssl"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wolfSSL.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-10-17T15:38:19.000Z","updated_at":"2025-03-28T13:50:31.000Z","dependencies_parsed_at":"2023-12-05T23:23:52.242Z","dependency_job_id":"8b53dd02-6e5a-479a-a5cc-2994a05baca9","html_url":"https://github.com/wolfSSL/wolfPKCS11","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfPKCS11","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfPKCS11/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfPKCS11/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2FwolfPKCS11/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wolfSSL","download_url":"https://codeload.github.com/wolfSSL/wolfPKCS11/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251112529,"owners_count":21538162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography","fips","hsm","iot","pkcs11","secure-element","security","tpm","wolfcrypt","wolfssl"],"created_at":"2024-11-11T07:18:49.822Z","updated_at":"2025-04-27T08:31:53.595Z","avatar_url":"https://github.com/wolfSSL.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wolfPKCS11\n\nPKCS#11 library that implements cryptographic algorithms using wolfSSL.\n\n\n## Project Features\n\n## Building\n\nBuild wolfSSL:\n\n```sh\ngit clone https://github.com/wolfSSL/wolfssl.git\ncd wolfssl\n./autogen.sh\n./configure --enable-aescfb --enable-cryptocb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS=\"-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT\"\nmake\nmake check\nsudo make install\nsudo ldconfig\n```\n\nautogen.sh requires: automake and libtool: `sudo apt-get install automake libtool`\n\nBuild wolfPKCS11:\n\n```sh\ngit clone https://github.com/wolfSSL/wolfPKCS11.git\ncd wolfPKCS11\n./autogen.sh\n./configure\nmake\nmake check\n```\n### TPM support with wolfTPM\n\nEnables using a TPM for cryptography and keystore.\nTested using `./configure --enable-singlethreaded --enable-wolftpm --disable-dh CFLAGS=\"-DWOLFPKCS11_TPM_STORE\" \u0026\u0026 make`.\n\nNote: The TPM does not support DH, so only RSA and ECC are supported.\n\n### Optional: AES-CCM Support\n\nTo have AES-CCM support in wolfPKCS11, configure both wolfSSL and wolfPKCS11\nwith the addition of `--enable-aesccm`.\n\n### Optional: AES-ECB Support\n\nTo have AES-ECB support in wolfPKCS11, configure wolfSSL with the C macro\n`HAVE_AES_ECB` defined. For example, `CFLAGS=\"-DHAVE_AES_ECB\"`. Then\nenable it in wolfPKCS11 with the addition of `--enable-aesecb` during the\nconfigure step.\n\nWARNING: ECB (Electronic Code Book) mode AES is generally considered to be\ninsecure. Please consider using a different mode of AES.\n\n### Build options and defines\n\n#### Define WOLFPKCS11_TPM_STORE\n\nUse `WOLFPKCS11_TPM_STORE` storing objects in TPM NV.\n\n#### Define WOLFPKCS11_NO_STORE\n\nDisables storage of tokens.\n\n#### Define WOLFPKCS11_DEBUG_STORE\n\nEnables debugging printf's for store.\n\n#### Define WOLFPKCS11_CUSTOM_STORE\n\nRemoves default implementation of storage functions.\nSee wolfpkcs11/store.h for prototypes of functions to implement.\n\n#### Define WOLFPKCS11_KEYPAIR_GEN_COMMON_LABEL\n\nSets the private key's label against the public key when generating key pairs.\n\n#### Analog Devices, Inc. MAXQ10xx Secure Elements ([MAXQ1065](https://www.analog.com/en/products/maxq1065.html)/MAXQ1080)\n\nSupport has been added to use the MAXQ10xx hardware for cryptographic operations\nand storage of certificate.\n\n\nBefore usage:\n1. Make sure the maxq10xx-sdk is installed and it has installed the proper\n   header files into the source code for wolfPKCS11.\n2. Edit `examples/maxq10xx_init.sh` to ensure it is pointing to the correct\n   location.\n3. Execute `examples/maxq10xx_init.sh` to ensure it is properly initialized.\n\nNOTE: In the code, we have embedded a test key. This must be changed for\n      production environments!! Please contact Analog Devices to learn how to\n      obtain and use a production key.\n\n## Environment variables\n\n### WOLFPKCS11_TOKEN_PATH\n\nPath into which files are stored that contain token data.\nWhen not set, defaults to: /tmp\n\n### WOLFPKCS11_NO_STORE\n\nSet to any value to stop storage of token data.\n\n\n## Release Notes\n\n### wolfPKCS11 Release 1.3 (Mar 22, 2024)\n\n**Summary**\n\nAdded Visual Studio support for wolfPKCS11. Fixes for cast warnings and portability.\n\n**Detail**\n\n* Fixed `C_GetAttributeValue` incorrectly erroring with `CKR_ATTRIBUTE_VALUE_INVALID` when data == NULL. The `C_GetAttributeValue` should set length if data field is NULL. (PR #27)\n* Fixed several cast warnings and possible use of uninitialized. (PR #28)\n* Fixed portability issues with `WOLFPKCS11_USER_SETTINGS`. (PR #28)\n* Added Visual Studio support for wolfPKCS11. (PR #28)\n  - This includes wolfTPM support with Windows TBS interface\n* Reworked shared library versioning. (PR #29)\n\n\n### wolfPKCS11 Release 1.2 (Dec 26, 2023)\n\n**Summary**\n\nAdds backend support for TPM 2.0 using wolfTPM. Adds AES CBC key wrap / unwrap support. Portability improvements. Improved testing with GitHub Actions.\n\n**Detail**\n\n* Cleanups for minor cast warning, spelling and ignore for generated test files (PR #14)\n* Added support for wrap/unwrap RSA with aes_cbc_pad. (PR #15)\n* Fixed setting of label for public key after creation (init ECC objects before decoding) (PR #16)\n* Flush writes in key store. (PR #17)\n* Added build options for embedded use (PR #18)\n  - `WOLFSSL_USER_SETTINGS` to avoid including `wolfssl/options.h`\n  - `WOLFPKCS11_USER_SETTINGS` to avoid including `wolfPKCS11/options.h`\n  - `WOLFPKCS11_NO_TIME` to make wc_GetTime() optional (it disables brute-force protections on token login)\n* Reset failed login counter only with `WOLFPKCS11_NO_TIME` (PR #18)\n* Fixed argument passing in `SetMPI`/`GetMPIData` (PR #19)\n* Fixed `NO_DH` ifdef gate when freeing PKCS11 object (PR #20)\n* Added GitHub CI action (PR #21)\n* Fixed warnings from `./autogen.sh`. Updated m4 macros. (PR #21)\n* Added additional GitHub CI action tests. (PR #22)\n* Added wolfPKCS11 support for using TPM 2.0 module as backend. Uses wolfTPM and supports RSA and ECC. Requires https://github.com/wolfSSL/wolfTPM/pull/311 (PR #23)\n* Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded. (PR #23)\n* Added PKCS11 TPM NV store (enabled with `WOLFPKCS11_TPM_STORE`). Allow `WOLFPKCS11_NO_STORE` for TPM use case. (PR #23)\n* Fixed compiler warnings from mingw. (PR #23)\n* Added portability macro `WOLFPKCS11_NO_ENV` when setenv/getenv are not available. (PR #23)\n* Fix to only require `-ldl` for non-static builds. (PR #23)\n* Portability fixes. Added `NO_MAIN_DRIVER`. Support for `SINGLE_THREADED`. Add `static` to some globals. (PR #24)\n* Fixes for portability where `XREALLOC` is not available. (PR #25)\n* Added support for custom setenv/get env using `WOLFPKCS11_USER_ENV`. (PR #25)\n* Fix for final not being called after init in edge case pin failure. (PR #25)\n* Added support for hashing PIN with SHA2-256.\n  - PKS11 uses scrypt, which uses multiple MB of memory and is not practical for embedded systems. (PR #25)\n\n### wolfPKCS11 Release 1.1 (May 6, 2022)\n\n* Added support for CKM_AES_CBC_PAD\n* Added support for storage of token data.\n* Added support encrypted private keys.\n* Added CKF_LOGIN_REQUIRED to the slot flags.\n* Added RSA X_509 support for signing/verifying\n* Added missing `CK_INVALID_SESSION`.\n* Added some missing PKCS11 types.\n* Fixed building with FIPS 140-2 (fipsv2).\n* Fixed `WP11_API` visibility.\n* Fixed test pin to be at least 14-characters as required by FIPS HMAC.\n* Fixed getting a boolean for the operations flags.\n* Fixed misleading indentation fixes.\n* Improve the `curve_oid` lookup with FIPS.\n* Removed `config.h` from the public pkcs11.h header.\n* Convert repository to GPLv3.\n\n### wolfPKCS11 Release 1.0 (October 20, 2021)\n\n* Initial PKCS11 support\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolfpkcs11","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwolfssl%2Fwolfpkcs11","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolfpkcs11/lists"}