ta: pkcs11: Add support for big key sizes for HMAC hash Mechanisms

Currently the support for maximum key size supported in HMAC hash
functions is limited by the underlying Global TEE implementation.

ta: pkcs11: Add support for big key sizes for HMAC hash Mechanisms

Currently the support for maximum key size supported in HMAC hash
functions is limited by the underlying Global TEE implementation.
The RFC 2202 and 4231 specify some HMAC test vectors where key size
is greater than the sizes as supported in current TEE implementation.
For such key sizes, greater than the maximum key size supported by TEE,
first hash the key and then use the resultant as the actual key to
HMAC.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11 : add support for HMAC modes for Sign/Verify

Add support for HMAC modes for hash functions - MD5, SHA1,
SHA256, SHA224, SHA284 and SHA512 in Sign/Verify operations.

PKCS#11 offers 2 HMAC

ta: pkcs11 : add support for HMAC modes for Sign/Verify

Add support for HMAC modes for hash functions - MD5, SHA1,
SHA256, SHA224, SHA284 and SHA512 in Sign/Verify operations.

PKCS#11 offers 2 HMAC methods for each hash function <h>,
CKM_<h>_HMAC and CKM_<h>_HMAC_GENERAL. Fixed tag length of the
output size of hash function i.e CKM_h_HMAC is currently supported.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

ta: sks: stringify error core KEY_SIZE_RANGE

Add string converter for PKCS11_CKR_KEY_SIZE_RANGE that can be returned
by check_created_attrs().

Actually check_created_attrs() is currently never call

ta: sks: stringify error core KEY_SIZE_RANGE

Add string converter for PKCS11_CKR_KEY_SIZE_RANGE that can be returned
by check_created_attrs().

Actually check_created_attrs() is currently never called. It is however
intended to key/object wrapping, derivation and generation.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: adds support for symmetric AES cipher modes

Adds support for the AES modes ECB, CBC, CTR and CTS.

Much infrastructure is added to handle mechanisms.

Reviewed-by: Vesa Jääskeläinen <ves

ta: pkcs11: adds support for symmetric AES cipher modes

Adds support for the AES modes ECB, CBC, CTR and CTS.

Much infrastructure is added to handle mechanisms.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: attribute helper functions

* Helper functions for object attributes management.
* Helper functions to safely parse client attributes template
to create a list of attributes for a objec

ta: pkcs11: attribute helper functions

* Helper functions for object attributes management.
* Helper functions to safely parse client attributes template
to create a list of attributes for a object in the PKCS11 ta.
* Helper functions for assigning or checking object attributes
according to PKCS#11 specification.
* Add id-to-string conversion for attribute/class/key types.
* Helper functions to analyze object attributes.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: add id-to-string conversion for new TA commands

Add missing user authentication commands id-to-string conversion.
Add new import/destroy commands id-to-string conversion.

Reviewed-by: R

ta: pkcs11: add id-to-string conversion for new TA commands

Add missing user authentication commands id-to-string conversion.
Add new import/destroy commands id-to-string conversion.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion

Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
ca

ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion

Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
caller in PKCS#11 return code format.

The function returns PKCS11_CKR_GENERAL_ERROR for TEE_Result values that
do not strictly match a PKCS#11 return code.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: add mechanism info and session command to helpers

Add mechanism info and session management command IDs in debug
helpers of the PKCS11 TA.

Signed-off-by: Etienne Carriere <etienne.carri

ta: pkcs11: add mechanism info and session command to helpers

Add mechanism info and session management command IDs in debug
helpers of the PKCS11 TA.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: API for slot/token information

Define invocation commands to carry the request related to
PKCS#11 API functions related to slot and token information:
- get the list of the slots, relate

ta: pkcs11: API for slot/token information

Define invocation commands to carry the request related to
PKCS#11 API functions related to slot and token information:
- get the list of the slots, related to CK function C_GetSlotList(),
- get information from a slot, related to C_GetSlotInfo(),
- get information from a token, related to C_GetTokenInfo(),
- get the list of mechanisms supported by a token, C_GetMechanismList(),
- get information a mechanism from a token, C_GetMechanismInfo().

The TA API involves several byte serialization of invocation
parameters data inside TEE invocation input/output memory reference
parameters.

This change introduces the command APIs and some debug helpers for
the newly defined slot/token flags.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: define pkcs11 return codes

This change introduces PKCS11 return codes used internally in the
TA to get a PKCS#11 compliant status of the requested operation
and also reported to the call

ta: pkcs11: define pkcs11 return codes

This change introduces PKCS11 return codes used internally in the
TA to get a PKCS#11 compliant status of the requested operation
and also reported to the caller client providing a cryptoki
compliant return value for the client API functions.

There are PCSK11 TA specific return values that are defined and
used only internally in the TA: PKCS11_RVçNOT_FOUND and
PKCS11_RV_NOT_IMPLEMENTED.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: add debug trace at command entry/exit

Add debug traces at entry and exit of the command invocation handler
of the TA. Prints TA command as a readable string thanks to ck_helpers.c

Signe

ta: pkcs11: add debug trace at command entry/exit

Add debug traces at entry and exit of the command invocation handler
of the TA. Prints TA command as a readable string thanks to ck_helpers.c

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: string debug trace for ta command ids

ck_helper.c/.h provide will helper functions for IDs. This change
starts with providing a string ID for a numerical command ID.

Matching IDs a stri

ta: pkcs11: string debug trace for ta command ids

ck_helper.c/.h provide will helper functions for IDs. This change
starts with providing a string ID for a numerical command ID.

Matching IDs a strings are stored in a constant array. Macros
PKCS11_ID() ease definition of ID/string conversion arrays content.
Function id2str() finds the string for a IDs possibly skip a given
prefix, i.e. printing "ENCRYPT" instead of "PKCS11_CKFM_ENCRYPT".

TA command IDs are the first introduced ID/string conversion util.
Function id2str_ta_cmd() return string "PKCS11_CMD_..." for a known
command ID.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...