ta: pkcs11: drop derive from AES_ECB

Drop key derivation as a capability of mechanisms AES_ECB as not part
of the PKCS#11 specification.

Reported-by: Ricardo Salveti <ricardo@foundries.io>
Signed-o

ta: pkcs11: drop derive from AES_ECB

Drop key derivation as a capability of mechanisms AES_ECB as not part
of the PKCS#11 specification.

Reported-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: support for mechanism embedded in a token

Implement token_capabilities.c to centralize the mechanisms supported
by a token. As PKCS11 TA can implemented several token, each token
may pro

ta: pkcs11: support for mechanism embedded in a token

Implement token_capabilities.c to centralize the mechanisms supported
by a token. As PKCS11 TA can implemented several token, each token
may provide support for a restricted list of mechanisms and processing
over these mechanisms.

Array pkcs11_modes[] is used to strictly define the processing that
are allowed for a mechanism as per PKCS#11 specification.

Conversion of a mechanism ID into a debug friendly string is implemented
in token_capabilities.c rather than pkcs11_helpers.c as for the other
string helpers since the source file already defines the list of the
valid mechanism IDs, hence an indirection from id2str_mechanism()
to mechanism_string_id().

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...