ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN

PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already

ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN

PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already done and destroy objects that can be. As objects are not yet
supported in the TA, this later feature is not implemented.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: define TA commands related to session management

Define commands PKCS11_CMD_CLOSE_SESSION, PKCS11_CMD_CLOSE_SESSION,
PKCS11_CMD_CLOSE_SESSION and PKCS11_CMD_CLOSE_SESSION and related
res

ta: pkcs11: define TA commands related to session management

Define commands PKCS11_CMD_CLOSE_SESSION, PKCS11_CMD_CLOSE_SESSION,
PKCS11_CMD_CLOSE_SESSION and PKCS11_CMD_CLOSE_SESSION and related
resources in the PKCS11 TA API.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: define mechanism info resources in ta api

Define mechanism info structure returned by the TA on command
PKCS11_CMD_MECHANISM_INFO related to client API function
C_GetMechanismInfo().

Th

ta: pkcs11: define mechanism info resources in ta api

Define mechanism info structure returned by the TA on command
PKCS11_CMD_MECHANISM_INFO related to client API function
C_GetMechanismInfo().

This change also define mechanism identifier for AES ECB in the TA API
even if this mechanism is not yet supported by the TA. This change is
needed to serve as an example of a mechanism for which a client can
invoke the PKCS11 TA to get information from.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: fix token flags as per specification

Fix the token flags position that are expected to match the PKCS#11
specification and did not.

Fixes: a67dc424ff106 ("ta: pkcs11: API for slot/token

ta: pkcs11: fix token flags as per specification

Fix the token flags position that are expected to match the PKCS#11
specification and did not.

Fixes: a67dc424ff106 ("ta: pkcs11: API for slot/token information")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: identify user as per define user types

Define users with CKU User Type in Cryptoki API:
PKCS11_CKU_SO and PKCS11_CKU_USER. They will be used as identifiers
for login and related PKCS#11

ta: pkcs11: identify user as per define user types

Define users with CKU User Type in Cryptoki API:
PKCS11_CKU_SO and PKCS11_CKU_USER. They will be used as identifiers
for login and related PKCS#11 API functions.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: API for slot/token information

Define invocation commands to carry the request related to
PKCS#11 API functions related to slot and token information:
- get the list of the slots, relate

ta: pkcs11: API for slot/token information

Define invocation commands to carry the request related to
PKCS#11 API functions related to slot and token information:
- get the list of the slots, related to CK function C_GetSlotList(),
- get information from a slot, related to C_GetSlotInfo(),
- get information from a token, related to C_GetTokenInfo(),
- get the list of mechanisms supported by a token, C_GetMechanismList(),
- get information a mechanism from a token, C_GetMechanismInfo().

The TA API involves several byte serialization of invocation
parameters data inside TEE invocation input/output memory reference
parameters.

This change introduces the command APIs and some debug helpers for
the newly defined slot/token flags.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: enumerate ta command ids

Enumerate RA command IDs rather than using macros.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

ta: pkcs11: enumerate ta command ids

Enumerate RA command IDs rather than using macros.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: change TA API to mandate param#0 as in/out memref

Change TA API so that invocation parameter #0 is always used as
an input/output memory reference. Output buffer is always used to
store

ta: pkcs11: change TA API to mandate param#0 as in/out memref

Change TA API so that invocation parameter #0 is always used as
an input/output memory reference. Output buffer is always used to
store a PKCS#11 compliant status to the client.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: define pkcs11 return codes

This change introduces PKCS11 return codes used internally in the
TA to get a PKCS#11 compliant status of the requested operation
and also reported to the call

ta: pkcs11: define pkcs11 return codes

This change introduces PKCS11 return codes used internally in the
TA to get a PKCS#11 compliant status of the requested operation
and also reported to the caller client providing a cryptoki
compliant return value for the client API functions.

There are PCSK11 TA specific return values that are defined and
used only internally in the TA: PKCS11_RVçNOT_FOUND and
PKCS11_RV_NOT_IMPLEMENTED.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: invocation command PKCS11

Introduce a first invocation command for the TA: PKCS11_CMD_PING
can be used the check TA presence and possibly retrieve TA version
information if client provid

ta: pkcs11: invocation command PKCS11

Introduce a first invocation command for the TA: PKCS11_CMD_PING
can be used the check TA presence and possibly retrieve TA version
information if client provides an output buffer.

Add helpers to trace command and parameters configuration.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: specific IDs in TA API

Define PKCS11_UNAVAILABLE_INFORMATION to reflect the PKCS#11 specific
IDCK_UNAVAILABLE_INFORMATION. It is used as PKCS11_UNDEFINED_ID for
invalid or not applicable

ta: pkcs11: specific IDs in TA API

Define PKCS11_UNAVAILABLE_INFORMATION to reflect the PKCS#11 specific
IDCK_UNAVAILABLE_INFORMATION. It is used as PKCS11_UNDEFINED_ID for
invalid or not applicable IDs.

Define PKCS11_TRUE/PKCS11_FALSE for boolean attributes.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: base for PKCS#11 services and TA API

PKCS11 TA aims at providing PKCS#11 compliant services through a
trusted application operating as a secure service provider. This
is the first step f

ta: pkcs11: base for PKCS#11 services and TA API

PKCS11 TA aims at providing PKCS#11 compliant services through a
trusted application operating as a secure service provider. This
is the first step for the PKCS#11 TA that introduces the TA skeleton
source file tree.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...