ta: pkcs11: Add API for releasing active processing

When error condition is detected in Cryptoki API side in bad argument
processing add support for terminating active processing to comply
with the

ta: pkcs11: Add API for releasing active processing

When error condition is detected in Cryptoki API side in bad argument
processing add support for terminating active processing to comply
with the specification.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Allocate command ID for key derivation

Allocate command ID for C_DeriveKey().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@lin

ta: pkcs11: Allocate command ID for key derivation

Allocate command ID for C_DeriveKey().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Allocate command ID for random number generation

Allocate command IDs for C_SeedRandom() and C_GenerateRandom()
functionality.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Revi

ta: pkcs11: Allocate command ID for random number generation

Allocate command IDs for C_SeedRandom() and C_GenerateRandom()
functionality.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add support for copying objects

Implement command PKCS11_CMD_COPY_OBJECT.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

ta: pkcs11: Add support for copying objects

Implement command PKCS11_CMD_COPY_OBJECT.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add support for modifying objects

Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carrie

ta: pkcs11: Add support for modifying objects

Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add support for getting object size and attribute value

Implement commands
- PKCS11_CMD_GET_OBJECT_SIZE
- PKCS11_CMD_GET_ATTRIBUTE_VALUE

Co-developed-by: Etienne Carriere <etienne.carri

ta: pkcs11: Add support for getting object size and attribute value

Implement commands
- PKCS11_CMD_GET_OBJECT_SIZE
- PKCS11_CMD_GET_ATTRIBUTE_VALUE

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Co-developed-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: define TA commands for finding objects

Adds commands
- PKCS11_CMD_FIND_OBJECTS_INIT
- PKCS11_CMD_FIND_OBJECTS
- PKCS11_CMD_FIND_OBJECTS_FINAL
in enum pkcs11_ta_cmd.

Co-developed-by: Eti

ta: pkcs11: define TA commands for finding objects

Adds commands
- PKCS11_CMD_FIND_OBJECTS_INIT
- PKCS11_CMD_FIND_OBJECTS
- PKCS11_CMD_FIND_OBJECTS_FINAL
in enum pkcs11_ta_cmd.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Co-developed-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add TEE Identity based authentication support

In C_InitToken() if PIN is NULL_PTR then it will activate TEE Identity
based authentication support for token.

Once activated:

- When ever

ta: pkcs11: Add TEE Identity based authentication support

In C_InitToken() if PIN is NULL_PTR then it will activate TEE Identity
based authentication support for token.

Once activated:

- When ever PIN is required client's TEE Identity will be used for
authentication
- PIN failure counters are disabled
- If new PIN is given as input it is in form of PIN ACL string
- It can be disabled with C_InitToken with non-zero PIN

Internally protected authentication path will be used for mode
determination.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Fix return value when trying to open parallel session

It is mandatory to have CKF_SERIAL_SESSION set when invoking
C_OpenSession(). When omitted CKR_SESSION_PARALLEL_NOT_SUPPORTED must b

ta: pkcs11: Fix return value when trying to open parallel session

It is mandatory to have CKF_SERIAL_SESSION set when invoking
C_OpenSession(). When omitted CKR_SESSION_PARALLEL_NOT_SUPPORTED must be
returned.

Specified in:
PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.6 Session management functions
C_OpenSession

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Define TA mechanisms for Key Generation

Adds the mechanisms PKCS11_CKM_GENERIC_SECRET_KEY_GEN
in enum pkcs11_mechanism_id.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org

ta: pkcs11: Define TA mechanisms for Key Generation

Adds the mechanisms PKCS11_CKM_GENERIC_SECRET_KEY_GEN
in enum pkcs11_mechanism_id.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Define command for Key Generation

Add command PKCS11_CMD_GENERATE_KEY in enum pkcs11_ta_cmd.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carri

ta: pkcs11: Define command for Key Generation

Add command PKCS11_CMD_GENERATE_KEY in enum pkcs11_ta_cmd.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: define TA command for signing/verification

Adds commands
- PKCS11_CMD_SIGN_INIT
- PKCS11_CMD_VERIFY_INIT
- PKCS11_CMD_SIGN_UPDATE
- PKCS11_CMD_VERIFY_UPDATE
- PKCS11_CMD_SIGN_FINAL
- PKC

ta: pkcs11: define TA command for signing/verification

Adds commands
- PKCS11_CMD_SIGN_INIT
- PKCS11_CMD_VERIFY_INIT
- PKCS11_CMD_SIGN_UPDATE
- PKCS11_CMD_VERIFY_UPDATE
- PKCS11_CMD_SIGN_FINAL
- PKCS11_CMD_VERIFY_FINAL
- PKCS11_CMD_SIGN_ONESHOT
- PKCS11_CMD_VERIFY_ONESHOT
in enum pkcs11_ta_cmd.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

ta: pkcs11: define TA mechanisms for HMAC modes

Adds the mechanisms
- PKCS11_CKM_MD5_HMAC
- PKCS11_CKM_SHA_1_HMAC
- PKCS11_CKM_SHA256_HMAC
- PKCS11_CKM_SHA224_HMAC
- PKCS11_CKM_SHA384_HMAC
- PKCS11_

ta: pkcs11: define TA mechanisms for HMAC modes

Adds the mechanisms
- PKCS11_CKM_MD5_HMAC
- PKCS11_CKM_SHA_1_HMAC
- PKCS11_CKM_SHA256_HMAC
- PKCS11_CKM_SHA224_HMAC
- PKCS11_CKM_SHA384_HMAC
- PKCS11_CKM_SHA512_HMAC
in enum pkcs11_mechanism_id.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

ta: pkcs11: minor fixes

Minor ID reordering in enum pkcs11_mechanism_id.

Fix inline comments referring to PKCS11_OK instead of PKCS11_CKR_OK.

Add 0x prefix in error trace in init_persistent_db().

ta: pkcs11: minor fixes

Minor ID reordering in enum pkcs11_mechanism_id.

Fix inline comments referring to PKCS11_OK instead of PKCS11_CKR_OK.

Add 0x prefix in error trace in init_persistent_db().

Use serialargs_get_session_from_handle() instead of the 2 step calls
to serialargs_get() and pkcs11_handle2session().

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: define TA command for encryption/decryption

Adds commands
- PKCS11_CMD_ENCRYPT_INIT
- PKCS11_CMD_DECRYPT_INIT
- PKCS11_CMD_ENCRYPT_UPDATE
- PKCS11_CMD_DECRYPT_UPDATE
- PKCS11_CMD_ENCRYPT

ta: pkcs11: define TA command for encryption/decryption

Adds commands
- PKCS11_CMD_ENCRYPT_INIT
- PKCS11_CMD_DECRYPT_INIT
- PKCS11_CMD_ENCRYPT_UPDATE
- PKCS11_CMD_DECRYPT_UPDATE
- PKCS11_CMD_ENCRYPT_FINAL
- PKCS11_CMD_ENCRYPT_FINAL
- PKCS11_CMD_ENCRYPT_ONESHOT
- PKCS11_CMD_DECRYPT_ONESHOT
in enum pkcs11_ta_cmd.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: define TA mechanisms for AES cipher modes

Adds the mechanisms
- PKCS11_CKM_AES_KEY_GEN
- PKCS11_CKM_AES_CBC
- PKCS11_CKM_AES_CTR
- PKCS11_CKM_AES_CTS
- PKCS11_CKM_AES_CBC_PAD
- PKCS11_CK

ta: pkcs11: define TA mechanisms for AES cipher modes

Adds the mechanisms
- PKCS11_CKM_AES_KEY_GEN
- PKCS11_CKM_AES_CBC
- PKCS11_CKM_AES_CTR
- PKCS11_CKM_AES_CTS
- PKCS11_CKM_AES_CBC_PAD
- PKCS11_CKM_AES_ECB_ENCRYPT_DATA
- PKCS11_CKM_AES_CBC_ENCRYPT_DATA
in enum pkcs11_mechanism_id.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: define TA commands for object creation/destruction

Add commands PKCS11_CMD_IMPORT_OBJECT and PKCS11_CMD_DESTROY_OBJECT
in enum pkcs11_ta_cmd.

Reviewed-by: Ricardo Salveti <ricardo@found

ta: pkcs11: define TA commands for object creation/destruction

Add commands PKCS11_CMD_IMPORT_OBJECT and PKCS11_CMD_DESTROY_OBJECT
in enum pkcs11_ta_cmd.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add vendor mechanism used for object import

Add PKCS11_PROCESSING_IMPORT and PKCS11_CKM_UNDEFINED_ID in
enum pkcs11_mechanism_id.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Rev

ta: pkcs11: add vendor mechanism used for object import

Add PKCS11_PROCESSING_IMPORT and PKCS11_CKM_UNDEFINED_ID in
enum pkcs11_mechanism_id.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add attributes/class/key type IDs in TA API

Add attributes/class/key type IDs in TA API.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski

ta: pkcs11: add attributes/class/key type IDs in TA API

Add attributes/class/key type IDs in TA API.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add object attribute ABI in TA header file

Define the ABI used to exchange attributes and lists of attributes
between the PKCS11 TA and its client.

Reviewed-by: Ricardo Salveti <ricardo

ta: pkcs11: add object attribute ABI in TA header file

Define the ABI used to exchange attributes and lists of attributes
between the PKCS11 TA and its client.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: simple typo fixes in comments in ta/pkcs11 tree

* changed "a input" to "an input" in pcks11_ta.h
* changed "the the" to "if the" in handle.c

Signed-off-by: Markus S. Wamser <github-dev@mail2013

ta: simple typo fixes in comments in ta/pkcs11 tree

* changed "a input" to "an input" in pcks11_ta.h
* changed "the the" to "if the" in handle.c

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: rename PKCS11_UNAVAILABLE_INFORMATION

Rename PKCS11_UNAVAILABLE_INFORMATION to PKCS11_CK_UNAVAILABLE_INFORMATION
as it relates to Cryptoki CK_UNAVAILABLE_INFORMATION identifier.

Reviewe

ta: pkcs11: rename PKCS11_UNAVAILABLE_INFORMATION

Rename PKCS11_UNAVAILABLE_INFORMATION to PKCS11_CK_UNAVAILABLE_INFORMATION
as it relates to Cryptoki CK_UNAVAILABLE_INFORMATION identifier.

Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[jw: fixup PKCS11_UNDEFINED_ID]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT

Implements login/logout support.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carrier

ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT

Implements login/logout support.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command PKCS11_CMD_SET_PIN

PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.

Acked-by: Rouven Czerwinski <r.czerwinski@p

ta: pkcs11: implement command PKCS11_CMD_SET_PIN

PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command PKCS11_CMD_INIT_PIN

PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
b

ta: pkcs11: implement command PKCS11_CMD_INIT_PIN

PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
be logged to current session in order to call this function

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...