cryptoauthlib: Add pkcs11 fixes

The first patch fixes the deadlock in pkcs11_token_init.
The code tried to grab a mutex twice. The second patch fixes
how the user's PIN is handled. The user's PIN is eventually
saved in the ATECCx08 device in a 32 byte data slot.

Signed-off-by: Tudor Ambarus <[email protected]>

Author: ambarus

patches/cryptoauthlib/0001-pkcs11-Fix-deadlock-in-pkcs11_token_init.patch

@@ -0,0 +1,36 @@
+From 9b56d82f3ee6ea4b6d82b08ee252c40c76f19a76 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <[email protected]>
+Date: Mon, 18 Jan 2021 17:32:23 +0200
+Subject: [PATCH 1/2] pkcs11: Fix deadlock in pkcs11_token_init
+
+pkcs11_token_init() grabs the pContext->mutex at the beginning
+of the function, locking the library. Later in the same function,
+the code tries to grab the same lock, while already held. Mutexes
+are not recursive in linux, resulting in a deadlock. Drop the
+second attempt of grabbing the lock.
+
+Signed-off-by: Tudor Ambarus <[email protected]>
+---
+ lib/pkcs11/pkcs11_token.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/lib/pkcs11/pkcs11_token.c b/lib/pkcs11/pkcs11_token.c
+index 7bcfd629181c..a40f822c93ec 100644
+--- a/lib/pkcs11/pkcs11_token.c
++++ b/lib/pkcs11/pkcs11_token.c
+@@ -242,11 +242,7 @@ CK_RV pkcs11_token_init(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinL
+         {
+             if (64 != ulPinLen)
+             {
+-                if (CKR_OK == (rv = pkcs11_lock_context(pLibCtx)))
+-                {
+-                    rv = pkcs11_util_convert_rv(atcab_read_serial_number(buf));
+-                    (void)pkcs11_unlock_context(pLibCtx);
+-                }
++                rv = pkcs11_util_convert_rv(atcab_read_serial_number(buf));
+ 
+                 if (CKR_OK == rv)
+                 {
+-- 
+2.17.1
+

patches/cryptoauthlib/0002-pkcs11-Fix-user-s-PIN-usage.patch

@@ -0,0 +1,49 @@
+From 8dc0004e154753913f7c7fceb034db4c0e2a7784 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <[email protected]>
+Date: Thu, 21 Jan 2021 15:09:44 +0200
+Subject: [PATCH 2/2] pkcs11: Fix user's PIN usage
+
+1/ The PIN size is 32 bytes, update buffer length accordingly
+2/ Add condition to check so_pin_handle is not pointing to
+default value
+3/ Update KeyLen condition in pkcs11_token_convert_pin_to_key.
+
+Signed-off-by: Tudor Ambarus <[email protected]>
+---
+ lib/pkcs11/pkcs11_token.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/lib/pkcs11/pkcs11_token.c b/lib/pkcs11/pkcs11_token.c
+index a40f822c93ec..92b633220513 100644
+--- a/lib/pkcs11/pkcs11_token.c
++++ b/lib/pkcs11/pkcs11_token.c
+@@ -125,7 +125,7 @@ CK_RV pkcs11_token_init(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinL
+ {
+ #if PKCS11_TOKEN_INIT_SUPPORT
+     CK_RV rv;
+-    uint8_t buf[34];
++    uint8_t buf[32];
+     uint8_t * pConfig = NULL;
+     bool lock = false;
+     pkcs11_lib_ctx_ptr pLibCtx;
+@@ -255,7 +255,7 @@ CK_RV pkcs11_token_init(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinL
+                 rv = pkcs11_token_convert_pin_to_key(pPin, ulPinLen, NULL, 0, buf, buflen);
+             }
+ 
+-            if (CKR_OK == rv)
++            if ((CKR_OK == rv) && (pSlotCtx->so_pin_handle != 0xFFFF))
+             {
+                 if (atcab_is_ca_device(pSlotCtx->interface_config.devtype))
+                 {
+@@ -577,7 +577,7 @@ CK_RV pkcs11_token_convert_pin_to_key(
+ {
+     ATCA_STATUS status = ATCA_SUCCESS;
+ 
+-    if (!pPin || !ulPinLen || !pKey || 32 != ulKeyLen)
++    if (!pPin || !ulPinLen || !pKey || 32 > ulKeyLen)
+     {
+         return CKR_ARGUMENTS_BAD;
+     }
+-- 
+2.17.1
+