ta: pkcs11: Forbid derivation by encryption from AES encryption keys

Enforce that AES keys should not be allowed for both 'derivation by
encryption' and ciphering. This is not explicitly mentioned i

ta: pkcs11: Forbid derivation by encryption from AES encryption keys

Enforce that AES keys should not be allowed for both 'derivation by
encryption' and ciphering. This is not explicitly mentioned in
the PKCS#11 specifications v2.4 and v3.0 but is essential to avoid
attacks where derived key can be revealed by doing data encryption
using parent key.

Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add implementation for key derivation

Add code for handling C_DeriveKey() for mechanisms :
CKM_AES_ECB_ENCRYPT_DATA
CKM_AES_CBC_ENCRYPT_DATA

Reviewed-by: Etienne Carriere <etienne.carri

ta: pkcs11: Add implementation for key derivation

Add code for handling C_DeriveKey() for mechanisms :
CKM_AES_ECB_ENCRYPT_DATA
CKM_AES_CBC_ENCRYPT_DATA

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Allocate command ID for key derivation

Allocate command ID for C_DeriveKey().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@lin

ta: pkcs11: Allocate command ID for key derivation

Allocate command ID for C_DeriveKey().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: private key can also be public

Even thou normal operations should mark private key a private with
CKA_PRIVATE attribute it is possible that someone could do
unexpected choise.

Specifica

ta: pkcs11: private key can also be public

Even thou normal operations should mark private key a private with
CKA_PRIVATE attribute it is possible that someone could do
unexpected choise.

Specification does not state that private key class itself means that it
is private, specification only states that CKA_PRIVATE is in control of
the privacy of the object.

This commit moves object class CKO_PRIVATE_KEY processing to normal
handling of CKA_PRIVATE.

CKA_PRIVATE is specified in:
PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
4.4 Storage Objects

Possibility of having private key object with CKA_PRIVATE as false:
PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
4.9 Private key objects

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Correct the return type of functions and typos

Correct return types of few functions and few typos.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne C

ta: pkcs11: Correct the return type of functions and typos

Correct return types of few functions and few typos.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Add key size check for AES type of key

For AES Keys, the allowed lengths are 16, 24 or 32 bytes.
Return error if the key length passed when creating keys
is not one of these.

If not che

ta: pkcs11: Add key size check for AES type of key

For AES Keys, the allowed lengths are 16, 24 or 32 bytes.
Return error if the key length passed when creating keys
is not one of these.

If not checked when creating keys, error
CKR_MECHANISM_INVALID is returned later when trying
to use invalid keys which is ambiguous.The right approach
is to disallow creation of such keys.

Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Fix interpretation of CKA_VALUE_LEN for Generic Secrets

PKCS#11 specification [1] section 2.6.3 states that - For
CKM_GENERIC_SECRET_KEY_GEN mechanism, the ulMinKeySize and
ulMaxKeySize

ta: pkcs11: Fix interpretation of CKA_VALUE_LEN for Generic Secrets

PKCS#11 specification [1] section 2.6.3 states that - For
CKM_GENERIC_SECRET_KEY_GEN mechanism, the ulMinKeySize and
ulMaxKeySize fields of the CK_MECHANISM_INFO structure
specify the supported range of key sizes, in bits.

Based on this, assumption was being made in the code that key length
specified by CKA_VALUE_LEN for keys of type CKK_GENERIC_SECRET is also
in bits. This assumption is not correct as per Section 2.6.2 in [1].
Special handling in code for CKK_GENERIC_SECRET for handling keysize
in bits has been now removed.

[1] - PKCS #11 Cryptographic Token Interface Current Mechanisms
Specification Version 2.40

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: Close file handle after object has been created

When creating a object file handle was left open. This was observed in
tee-supplicant as open file handles.

This fixes the situation so t

ta: pkcs11: Close file handle after object has been created

When creating a object file handle was left open. This was observed in
tee-supplicant as open file handles.

This fixes the situation so that file handles are not left open.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add implementation for random number generation

Add code for handling C_SeedRandom() and C_GenerateRandom() functionality.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed

ta: pkcs11: Add implementation for random number generation

Add code for handling C_SeedRandom() and C_GenerateRandom() functionality.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Allocate command ID for random number generation

Allocate command IDs for C_SeedRandom() and C_GenerateRandom()
functionality.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Revi

ta: pkcs11: Allocate command ID for random number generation

Allocate command IDs for C_SeedRandom() and C_GenerateRandom()
functionality.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: fix TEE identity authentication token reference

Correct token reference pass to verify client credentials.

Fixes: 1a27b197 ("ta: pkcs11: Add TEE Identity based authentication support")

ta: pkcs11: fix TEE identity authentication token reference

Correct token reference pass to verify client credentials.

Fixes: 1a27b197 ("ta: pkcs11: Add TEE Identity based authentication support")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: pkcs11: forbid change of CKA_PRIVATE from true to false on object copy

In C_CopyObject(), forbid copying of an object with a template
which attempts to change the attribute CKA_PRIVATE from true

ta: pkcs11: forbid change of CKA_PRIVATE from true to false on object copy

In C_CopyObject(), forbid copying of an object with a template
which attempts to change the attribute CKA_PRIVATE from true to false.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add support for copying objects

Implement command PKCS11_CMD_COPY_OBJECT.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

ta: pkcs11: Add support for copying objects

Implement command PKCS11_CMD_COPY_OBJECT.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add support for modifying objects

Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carrie

ta: pkcs11: Add support for modifying objects

Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: avb: copy data to temporary buffers

Use intermediate temporary buffers instead of directly supplying
non-secure buffers to TEE_ReadObjectData()/TEE_CreatePersistentObject().
This fixes TA panics

ta: avb: copy data to temporary buffers

Use intermediate temporary buffers instead of directly supplying
non-secure buffers to TEE_ReadObjectData()/TEE_CreatePersistentObject().
This fixes TA panics while accessing persistent objects:

E/TC:? 0 TA panicked with code 0xffff0001
E/LD: Status of TA 023f8f1a-292a-432b-8fc4-de8471358067
...
D/TC:? 0 user_ta_enter:176 tee_user_ta_enter: TA panicked with
code 0xffff0001

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta/pkcs11: Use LIST_FOREACH_SAFE when removing objects from list

When traversing object list to remove objects, use LIST_FOREACH_SAFE
to avoid segmentation fault.

Signed-off-by: Ruchika Gupta <ruch

ta/pkcs11: Use LIST_FOREACH_SAFE when removing objects from list

When traversing object list to remove objects, use LIST_FOREACH_SAFE
to avoid segmentation fault.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add debug string for PKCS11_CKA_KEY_GEN_MECHANISM

Add missing attribute debug string for PKCS11_CKA_KEY_GEN_MECHANISM.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by:

ta: pkcs11: add debug string for PKCS11_CKA_KEY_GEN_MECHANISM

Add missing attribute debug string for PKCS11_CKA_KEY_GEN_MECHANISM.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Fix serialization handling for non-indirect attributes

Both sides of serialization and de-serialization must match the logic.

Only TEMPLATE based arguments has indirect attributes so de

ta: pkcs11: Fix serialization handling for non-indirect attributes

Both sides of serialization and de-serialization must match the logic.

Only TEMPLATE based arguments has indirect attributes so detect them and
handle them specifically.

Otherwise use standard attribute handling code for other attributes.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: get_attribute: fix return value when querying value size

When C_GetAttributeValue() is issued with attribute with pValue == NULL:
- Size of the attribute value should be returned
- Retur

ta: pkcs11: get_attribute: fix return value when querying value size

When C_GetAttributeValue() is issued with attribute with pValue == NULL:
- Size of the attribute value should be returned
- Return value should be CKR_OK

If pValue != NULL and value does not fit then CKR_BUFFER_TOO_SMALL should
be returned.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: get_attribute: fix returning values into larger buffer

It is completely fine for callee to allocate more memory than what is
needed.

Now attributes value is wholly copied and copied dat

ta: pkcs11: get_attribute: fix returning values into larger buffer

It is completely fine for callee to allocate more memory than what is
needed.

Now attributes value is wholly copied and copied data amount is returned.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: fix get attribute data alignment problem

In OP-TEE there is no behind the scenes handler that would fix data
alignment problems.

Use aligned variables when accessing struct variables.

ta: pkcs11: fix get attribute data alignment problem

In OP-TEE there is no behind the scenes handler that would fix data
alignment problems.

Use aligned variables when accessing struct variables.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

Install in-tree TAs into $(TA_DEV_KIT_DIR)/ta

In order for a build environment to easily pick all the in-tree TAs, and
not depend too much on the layout of the out directory, copy them into
the "dev

Install in-tree TAs into $(TA_DEV_KIT_DIR)/ta

In order for a build environment to easily pick all the in-tree TAs, and
not depend too much on the layout of the out directory, copy them into
the "dev kit" directory similar to what is already done for TA shared
libraries when CFG_ULIBS_SHARED=y. Libraries are copied to
$(TA_DEV_KIT_DIR)/lib/*.ta so let's use $(TA_DEV_KIT_DIR)/ta/*.ta
for the in-tree TAs.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: link.mk: add dependency of the .ta file on the signing script

The signing script is used to generate the .ta file from the .elf input.
Therefore this dependency needs to be declared. Fixes the f

ta: link.mk: add dependency of the .ta file on the signing script

The signing script is used to generate the .ta file from the .elf input.
Therefore this dependency needs to be declared. Fixes the following
issue:

$ make -s out/arm-plat-vexpress/ta/pkcs11/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta
python3: can't open file 'out/arm-plat-vexpress/export-ta_arm32/scripts/sign_encrypt.py': [Errno 2] No such file or directory
make: *** [ta/arch/arm/link.mk:114: out/arm-plat-vexpress/ta/pkcs11/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta] Error 2

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: Don't load objects that don't match the search during find

Don't load all persistent object attributes in find_objects_init().
Instead, temporary load object attributes and release them

ta: pkcs11: Don't load objects that don't match the search during find

Don't load all persistent object attributes in find_objects_init().
Instead, temporary load object attributes and release them if not matching
the current search.

Move object attribute loading from token_obj_matches_ref() to
load_persistent_object_attributes() and introduce counterpart
release_persistent_object_attributes().

Changes attributes_match_reference() to always return true when reference
is empty (match all case).

Remove token_obj_matches_ref() since attributes_match_reference() can be
called straight from load_persistent_object_attributes().

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

ta: link.mk: export trace_ext_prefix and trace_level

Global data defined in user_ta_header.c need to be made visible to
shared libraries because they may be referenced by them. For example,
trace_le

ta: link.mk: export trace_ext_prefix and trace_level

Global data defined in user_ta_header.c need to be made visible to
shared libraries because they may be referenced by them. For example,
trace_level is ultimately referenced by the trace macros (IMSG() and
similar). Therefore, when IMSG() is called in a shared library, the
dynamic loader (ldelf) needs to locate the trace_level symbol in the
TA. But since a TA is a "main executable" and not a shared library,
the linker by default will not add all global symbols to the dynamic
symbol table (.dynsym section). Instead those symbols are put in the
static symbol table (.symtab) which is typically not used at run time
and discarded when executables are stripped. In any case, ldelf only
uses the dynamic symbol table.

Add trace_ext_prefix and trace_level to the list of exported symbols to
fix the IMSG() issue.

Link: https://github.com/OP-TEE/optee_client/issues/242#issuecomment-755378055
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...