ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE

Add PKCS11_CKA_CHECK_VALUE as an optional attribute of symmetric
key and certificate objects . As per the PKCS#11 specification, key
c

ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE

Add PKCS11_CKA_CHECK_VALUE as an optional attribute of symmetric
key and certificate objects . As per the PKCS#11 specification, key
check value attribute is optional therefore add pkcs11 TA configuration
switch CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE to embed or not the support.

When supported, as per the spec, the attribute can be either the
legitimate value recomputed by the PKCS#11 token or a zero-sized value
called a no-value for when client does not want the attribute to set
in an object.

This change adds the support for the pcks11 TA commands related to
Cryptoki API functions C_GenerateKey(), C_CreateObject(), C_CopyObject(),
C_SetAttributeValue(), C_UnwrapKey() and C_DeriveKey(). TA command
related to C_FindOjects() support the attribute without any change.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: add OP-TEE hidden attribute extension

Attributes which has hidden OP-TEE vendor flag specified are not exported
to user space nor can be imported from user space.

Signed-off-by: Vesa Jä

ta: pkcs11: add OP-TEE hidden attribute extension

Attributes which has hidden OP-TEE vendor flag specified are not exported
to user space nor can be imported from user space.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>

show more ...

ta: pkcs11: Copy secret key data for wrapping

Currently the secret-key data is returned as a pointer to
the key attribute parameter. But the RSA private key
constitites of multiple parameters, some

ta: pkcs11: Copy secret key data for wrapping

Currently the secret-key data is returned as a pointer to
the key attribute parameter. But the RSA private key
constitites of multiple parameters, some memory has to be
allocated and populated. After the unwrapping an allocated
memory has to be freed. To generalise, return the secret
key value as a copy.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add implementation for wrapping keys

Add implementation for handling C_WrapKey() for mechanisms :
CKM_AES_ECB
CKM_AES_CBC

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add implementation for wrapping keys

Add implementation for handling C_WrapKey() for mechanisms :
CKM_AES_ECB
CKM_AES_CBC

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add helper for setting up CKA_ID value

When generating a new key pair object adds CKA_ID attribute from paired
object template if value given.

Reviewed-by: Etienne Carriere <etienne.car

ta: pkcs11: Add helper for setting up CKA_ID value

When generating a new key pair object adds CKA_ID attribute from paired
object template if value given.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Co-developed-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add support for digest operations

Implements support for digest operations as specified in:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.10 Me

ta: pkcs11: Add support for digest operations

Implements support for digest operations as specified in:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.10 Message digesting functions

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add API for releasing active processing

When error condition is detected in Cryptoki API side in bad argument
processing add support for terminating active processing to comply
with the

ta: pkcs11: Add API for releasing active processing

When error condition is detected in Cryptoki API side in bad argument
processing add support for terminating active processing to comply
with the specification.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add function to set key data

Earlier derive_key_by_symm_enc() was used to derive key
by cipher operation and set the derived key value in
the object attributes. Simplify it to just deriv

ta: pkcs11: Add function to set key data

Earlier derive_key_by_symm_enc() was used to derive key
by cipher operation and set the derived key value in
the object attributes. Simplify it to just derive the
key and return the derived key value to calling function.
Separate function is created to add this derived key value
in the key object.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add support for modifying objects

Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carrie

ta: pkcs11: Add support for modifying objects

Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Deal with the private objects in C_Logout

The logic to deal with the private objects was missing in the
C_Logout() implementation.
PKCS#11 specification states that :
When C_Logout succe

ta: pkcs11: Deal with the private objects in C_Logout

The logic to deal with the private objects was missing in the
C_Logout() implementation.
PKCS#11 specification states that :
When C_Logout successfully executes, any of the application’s
handles to private objects should become invalid (even if a user
is later logged back into the token, those handles remain invalid).
In addition, all private session objects from sessions belonging
to the application should also be destroyed.

In addition, also release any ongoing cryptographic or
object-finding operations that may be associated with the session
while logging out.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add support for getting object size and attribute value

Implement commands
- PKCS11_CMD_GET_OBJECT_SIZE
- PKCS11_CMD_GET_ATTRIBUTE_VALUE

Co-developed-by: Etienne Carriere <etienne.carri

ta: pkcs11: Add support for getting object size and attribute value

Implement commands
- PKCS11_CMD_GET_OBJECT_SIZE
- PKCS11_CMD_GET_ATTRIBUTE_VALUE

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Co-developed-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add class_id in create_attributes_from_template()

Add a parameter to pass pkcs11_class_id. The parameter will be
used when attributes need to be created for a template
supporting public

ta: pkcs11: Add class_id in create_attributes_from_template()

Add a parameter to pass pkcs11_class_id. The parameter will be
used when attributes need to be created for a template
supporting public or private class key. It is unused for now.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: adds support for symmetric AES cipher modes

Adds support for the AES modes ECB, CBC, CTR and CTS.

Much infrastructure is added to handle mechanisms.

Reviewed-by: Vesa Jääskeläinen <ves

ta: pkcs11: adds support for symmetric AES cipher modes

Adds support for the AES modes ECB, CBC, CTR and CTS.

Much infrastructure is added to handle mechanisms.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: attribute helper functions

* Helper functions for object attributes management.
* Helper functions to safely parse client attributes template
to create a list of attributes for a objec

ta: pkcs11: attribute helper functions

* Helper functions for object attributes management.
* Helper functions to safely parse client attributes template
to create a list of attributes for a object in the PKCS11 ta.
* Helper functions for assigning or checking object attributes
according to PKCS#11 specification.
* Add id-to-string conversion for attribute/class/key types.
* Helper functions to analyze object attributes.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...