ta: pkcs11: Remove class and key check for indirect attributes

In sanitize_indirect_attributes(), class and key check is performed
to check that the indirect attribute is provided only for particula

ta: pkcs11: Remove class and key check for indirect attributes

In sanitize_indirect_attributes(), class and key check is performed
to check that the indirect attribute is provided only for particular
type of key objects. This check causes issue in case an indirect
template further has pointer to another indirect template. It is not
essential for an indirect template to have class and key attributes.

When creating objects for classes which don't support the indirect
template, this would result in scenario where error is not returned.
However, the indirect attribute won't get added to the created object.
This is inline with how the other attributes are dealt with currently.
eg. if while creating a secret key, a public key attribute is passed,
it is currently ignored rather than returning error. A probable
fix is to check all the attributes in the user provided template with
the attributes of the type of object which needs to be created.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: use a temporary list for object under creation

This change removes the hacky handling of whether object was previously
in a list of not. This is replaced by default registering pkcs11 ob

ta: pkcs11: use a temporary list for object under creation

This change removes the hacky handling of whether object was previously
in a list of not. This is replaced by default registering pkcs11 objects
in a temporary list at object allocation so it can be blindly removed
from its list when destroyed and can be safely moved to its destination
list (either a session object list or a token object list) when
object is successfully created.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: fix comment stating no mechanism is supported

Remove the inline comment that states the implementation does not yet
support any mechanism as is it not true.

Signed-off-by: Etienne Carri

ta: pkcs11: fix comment stating no mechanism is supported

Remove the inline comment that states the implementation does not yet
support any mechanism as is it not true.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add restriction in C_GetAttributeValue()

Support for getting indirect template attributes using
C_GetAttributeValue() is not supported as of now. Explicitly
return error if such attribut

ta: pkcs11: Add restriction in C_GetAttributeValue()

Support for getting indirect template attributes using
C_GetAttributeValue() is not supported as of now. Explicitly
return error if such attribute value is requested.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add sanitize function for symmetric keys

The specification [1] mandates some rules for CKA_VALUE and
CKA_VALUE_LEN for keys of type CKO_GENERIC_SECRET in Table 45,
Table 47. These checks

ta: pkcs11: Add sanitize function for symmetric keys

The specification [1] mandates some rules for CKA_VALUE and
CKA_VALUE_LEN for keys of type CKO_GENERIC_SECRET in Table 45,
Table 47. These checks were missing in current implementation.
Add explicit checks for this when creating such objects.

[1] - PKCS #11 Cryptographic Token Interface Current Mechanisms
Specification Version 2.40 Plus Errata 01

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Modify optional attributes for symmetric key

CKA_VALUE_LEN attribute may not be required for some
CKO_GENERIC_SECRET type keys eg CKK_DES etc. So, move the
attribute from opt_or_null arr

ta: pkcs11: Modify optional attributes for symmetric key

CKA_VALUE_LEN attribute may not be required for some
CKO_GENERIC_SECRET type keys eg CKK_DES etc. So, move the
attribute from opt_or_null array to optional so that this attribute
doesn't get added by default as NULL if not present in the
user supplied template.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Make it possible to disable support for C_DigestKey()

By default C_DigestKey() functions as specified in specifciation.

To disable the functionality:
CFG_PKCS11_TA_ALLOW_DIGEST_KEY = n

ta: pkcs11: Make it possible to disable support for C_DigestKey()

By default C_DigestKey() functions as specified in specifciation.

To disable the functionality:
CFG_PKCS11_TA_ALLOW_DIGEST_KEY = n

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add support for digest operations

Implements support for digest operations as specified in:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.10 Me

ta: pkcs11: Add support for digest operations

Implements support for digest operations as specified in:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.10 Message digesting functions

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add API for releasing active processing

When error condition is detected in Cryptoki API side in bad argument
processing add support for terminating active processing to comply
with the

ta: pkcs11: Add API for releasing active processing

When error condition is detected in Cryptoki API side in bad argument
processing add support for terminating active processing to comply
with the specification.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add debug helper for PKCS11_CKR_ATTRIBUTE_SENSITIVE

Add debug symbol into return code table.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne

ta: pkcs11: Add debug helper for PKCS11_CKR_ATTRIBUTE_SENSITIVE

Add debug symbol into return code table.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Fix error code returned by entry_processing_key()

check_parent_attrs_against_processing() checks if the right attributes
are set in the key to be used for a cryptgraphic purpose. It retu

ta: pkcs11: Fix error code returned by entry_processing_key()

check_parent_attrs_against_processing() checks if the right attributes
are set in the key to be used for a cryptgraphic purpose. It returns
error - CKR_KEY_FUNCTION_NOT_PERMITTED if this is not the case.
For C_DeriveKey(), C_UnwrapKey(), CKR_KEY_FUNCTION_NOT_PERMITTED is not
specified in the error code list. So, for such errors return
CKR_KEY_TYPE_INCONSISTENT instead.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: relocate shared session object db to client session

PKCS11 has concept of shared objects between different PKCS11 sessions
which need to work.

As in OP-TEE context there can be multiple

ta: pkcs11: relocate shared session object db to client session

PKCS11 has concept of shared objects between different PKCS11 sessions
which need to work.

As in OP-TEE context there can be multiple callers which should not share
the objects use OP-TEE client session association to separate those from
each other.

Specified in:
PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40
2.6 Sessions

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Rename entry_derive_key() to make it more generic

entry_derive_key() is renamed to entry_processing_key() and
parameter is added to pass processing information to it.
This is done becaus

ta: pkcs11: Rename entry_derive_key() to make it more generic

entry_derive_key() is renamed to entry_processing_key() and
parameter is added to pass processing information to it.
This is done because the flow for key derivation and key
unwrapping is very similar and this function can be reused.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add function to set key data

Earlier derive_key_by_symm_enc() was used to derive key
by cipher operation and set the derived key value in
the object attributes. Simplify it to just deriv

ta: pkcs11: Add function to set key data

Earlier derive_key_by_symm_enc() was used to derive key
by cipher operation and set the derived key value in
the object attributes. Simplify it to just derive the
key and return the derived key value to calling function.
Separate function is created to add this derived key value
in the key object.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Remove check from entry_derive_key()

Explicit checking for invalid mechanism is no longer required
in entry_derive_key() as this is taken care of by call to
check_mechanism_against_proce

ta: pkcs11: Remove check from entry_derive_key()

Explicit checking for invalid mechanism is no longer required
in entry_derive_key() as this is taken care of by call to
check_mechanism_against_processing().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Correct error returned when processing mechanisms

check_mechanism_against_processing() checks if a mechanism is
supported for the selected function. If mechanism specified
cannot be used

ta: pkcs11: Correct error returned when processing mechanisms

check_mechanism_against_processing() checks if a mechanism is
supported for the selected function. If mechanism specified
cannot be used in the selected token with the selected function,
the error code is expected to be CKR_MECHANISM_INVALID.
Earlier check_mechanism_against_processing()
was returning error code CKR_KEY_FUNCTION_NOT_PERMITTED when doing
such checking which is not correct.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Update attributes in persistent storage

For token objects, for any modification in attributes,
the attributes also need to be updated in the objects
persistent storage. These modificatio

ta: pkcs11: Update attributes in persistent storage

For token objects, for any modification in attributes,
the attributes also need to be updated in the objects
persistent storage. These modifications are done when
C_SetAttributeValue() is used.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Correct the error in tracing indirect attributes

When tracing indirect attributes, size passed in
trace_attributes_from_api_head() was not correct resulting in
error.

Reviewed-by: Etien

ta: pkcs11: Correct the error in tracing indirect attributes

When tracing indirect attributes, size passed in
trace_attributes_from_api_head() was not correct resulting in
error.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Fix class check when sanitizing indirect attributes

Indirect attributes are expected only for keys. Correct this
check in sanitize_indirect_attr().

Reviewed-by: Etienne Carriere <etienn

ta: pkcs11: Fix class check when sanitizing indirect attributes

Indirect attributes are expected only for keys. Correct this
check in sanitize_indirect_attr().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Forbid derivation by encryption from AES encryption keys

Enforce that AES keys should not be allowed for both 'derivation by
encryption' and ciphering. This is not explicitly mentioned i

ta: pkcs11: Forbid derivation by encryption from AES encryption keys

Enforce that AES keys should not be allowed for both 'derivation by
encryption' and ciphering. This is not explicitly mentioned in
the PKCS#11 specifications v2.4 and v3.0 but is essential to avoid
attacks where derived key can be revealed by doing data encryption
using parent key.

Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add implementation for key derivation

Add code for handling C_DeriveKey() for mechanisms :
CKM_AES_ECB_ENCRYPT_DATA
CKM_AES_CBC_ENCRYPT_DATA

Reviewed-by: Etienne Carriere <etienne.carri

ta: pkcs11: Add implementation for key derivation

Add code for handling C_DeriveKey() for mechanisms :
CKM_AES_ECB_ENCRYPT_DATA
CKM_AES_CBC_ENCRYPT_DATA

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Allocate command ID for key derivation

Allocate command ID for C_DeriveKey().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@lin

ta: pkcs11: Allocate command ID for key derivation

Allocate command ID for C_DeriveKey().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: private key can also be public

Even thou normal operations should mark private key a private with
CKA_PRIVATE attribute it is possible that someone could do
unexpected choise.

Specifica

ta: pkcs11: private key can also be public

Even thou normal operations should mark private key a private with
CKA_PRIVATE attribute it is possible that someone could do
unexpected choise.

Specification does not state that private key class itself means that it
is private, specification only states that CKA_PRIVATE is in control of
the privacy of the object.

This commit moves object class CKO_PRIVATE_KEY processing to normal
handling of CKA_PRIVATE.

CKA_PRIVATE is specified in:
PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
4.4 Storage Objects

Possibility of having private key object with CKA_PRIVATE as false:
PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
4.9 Private key objects

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Correct the return type of functions and typos

Correct return types of few functions and few typos.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne C

ta: pkcs11: Correct the return type of functions and typos

Correct return types of few functions and few typos.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add key size check for AES type of key

For AES Keys, the allowed lengths are 16, 24 or 32 bytes.
Return error if the key length passed when creating keys
is not one of these.

If not che

ta: pkcs11: Add key size check for AES type of key

For AES Keys, the allowed lengths are 16, 24 or 32 bytes.
Return error if the key length passed when creating keys
is not one of these.

If not checked when creating keys, error
CKR_MECHANISM_INVALID is returned later when trying
to use invalid keys which is ambiguous.The right approach
is to disallow creation of such keys.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...