in components/pkcs11_pal/source/core_pkcs11_pal.c [306:388]
CK_RV PKCS11_PAL_GetObjectValue( CK_OBJECT_HANDLE xHandle,
CK_BYTE_PTR * ppucData,
CK_ULONG_PTR pulDataSize,
CK_BBOOL * pIsPrivate )
{
initialize_nvs_partition();
char * pcFileName = NULL;
CK_RV ulReturn = CKR_OK;
if( xHandle == eAwsDeviceCertificate )
{
pcFileName = pkcs11palFILE_NAME_CLIENT_CERTIFICATE;
*pIsPrivate = CK_FALSE;
}
else if( xHandle == eAwsDevicePrivateKey )
{
pcFileName = pkcs11palFILE_NAME_KEY;
*pIsPrivate = CK_TRUE;
}
else if( xHandle == eAwsDevicePublicKey )
{
/* Public and private key are stored together in same file. */
pcFileName = pkcs11palFILE_NAME_KEY;
*pIsPrivate = CK_FALSE;
}
else if( xHandle == eAwsCodeSigningKey )
{
pcFileName = pkcs11palFILE_CODE_SIGN_PUBLIC_KEY;
*pIsPrivate = CK_FALSE;
}
else if( xHandle == eAwsJITPCertificate )
{
pcFileName = pkcs11palFILE_JITP_CERTIFICATE;
*pIsPrivate = CK_FALSE;
}
else
{
ulReturn = CKR_OBJECT_HANDLE_INVALID;
}
if (ulReturn == CKR_OK)
{
ESP_LOGD(TAG, "Reading file %s", pcFileName);
nvs_handle handle;
esp_err_t err = nvs_open_from_partition(NVS_PART_NAME, NAMESPACE, NVS_READONLY, &handle);
if (err != ESP_OK) {
/* This can happen if namespace doesn't exist yet, so no files stored */
ESP_LOGD(TAG, "failed nvs open %d", err);
return CKR_OBJECT_HANDLE_INVALID;
}
size_t required_size = 0;
err = nvs_get_blob(handle, pcFileName, NULL, &required_size);
if (err != ESP_OK || required_size == 0) {
ESP_LOGE(TAG, "failed nvs get file size %d %d", err, required_size);
ulReturn = CKR_OBJECT_HANDLE_INVALID;
goto done;
}
uint8_t *data = pvPortMalloc(required_size);
if (data == NULL) {
ESP_LOGE(TAG, "malloc failed");
ulReturn = CKR_HOST_MEMORY;
goto done;
}
*ppucData = data;
err = nvs_get_blob(handle, pcFileName, data, &required_size);
if (err != ESP_OK) {
ESP_LOGE(TAG, "failed nvs get file %d", err);
vPortFree(data);
ulReturn = CKR_FUNCTION_FAILED;
goto done;
}
*pulDataSize = required_size;
done:
nvs_close(handle);
}
return ulReturn;
}