163f89caaSJens Wiklander /* SPDX-License-Identifier: BSD-2-Clause */ 263f89caaSJens Wiklander /* 363f89caaSJens Wiklander * Copyright (c) 2017-2020, Linaro Limited 463f89caaSJens Wiklander */ 563f89caaSJens Wiklander 663f89caaSJens Wiklander #ifndef PKCS11_TA_ATTRIBUTES_H 763f89caaSJens Wiklander #define PKCS11_TA_ATTRIBUTES_H 863f89caaSJens Wiklander 963f89caaSJens Wiklander #include <stdbool.h> 1063f89caaSJens Wiklander #include <stddef.h> 1163f89caaSJens Wiklander #include <stdint.h> 1263f89caaSJens Wiklander #include <util.h> 1363f89caaSJens Wiklander 1463f89caaSJens Wiklander #include "pkcs11_helpers.h" 1563f89caaSJens Wiklander 1663f89caaSJens Wiklander /* 1763f89caaSJens Wiklander * Boolean property attributes (BPA): bit position in a 64 bit mask 1863f89caaSJens Wiklander * for boolean properties object can mandate as attribute, depending 1963f89caaSJens Wiklander * on the object. These attributes are often accessed and it is 2063f89caaSJens Wiklander * quicker to get them from a 64 bit field in the object instance 2163f89caaSJens Wiklander * rather than searching into the object attributes. 2263f89caaSJens Wiklander */ 2363f89caaSJens Wiklander #define PKCS11_BOOLPROPS_BASE 0 2463f89caaSJens Wiklander #define PKCS11_BOOLPROPS_MAX_COUNT 64 2563f89caaSJens Wiklander 2663f89caaSJens Wiklander enum boolprop_attr { 2763f89caaSJens Wiklander BPA_TOKEN = 0, 2863f89caaSJens Wiklander BPA_PRIVATE, 2963f89caaSJens Wiklander BPA_TRUSTED, 3063f89caaSJens Wiklander BPA_SENSITIVE, 3163f89caaSJens Wiklander BPA_ENCRYPT, 3263f89caaSJens Wiklander BPA_DECRYPT, 3363f89caaSJens Wiklander BPA_WRAP, 3463f89caaSJens Wiklander BPA_UNWRAP, 3563f89caaSJens Wiklander BPA_SIGN, 3663f89caaSJens Wiklander BPA_SIGN_RECOVER, 3763f89caaSJens Wiklander BPA_VERIFY, 3863f89caaSJens Wiklander BPA_VERIFY_RECOVER, 3963f89caaSJens Wiklander BPA_DERIVE, 4063f89caaSJens Wiklander BPA_EXTRACTABLE, 4163f89caaSJens Wiklander BPA_LOCAL, 4263f89caaSJens Wiklander BPA_NEVER_EXTRACTABLE, 4363f89caaSJens Wiklander BPA_ALWAYS_SENSITIVE, 4463f89caaSJens Wiklander BPA_MODIFIABLE, 4563f89caaSJens Wiklander BPA_COPYABLE, 4663f89caaSJens Wiklander BPA_DESTROYABLE, 4763f89caaSJens Wiklander BPA_ALWAYS_AUTHENTICATE, 4863f89caaSJens Wiklander BPA_WRAP_WITH_TRUSTED, 4963f89caaSJens Wiklander }; 5063f89caaSJens Wiklander 5163f89caaSJens Wiklander /* 5263f89caaSJens Wiklander * Header of a serialized memory object inside PKCS11 TA. 5363f89caaSJens Wiklander * 5463f89caaSJens Wiklander * @attrs_size: byte size of the serialized data 5563f89caaSJens Wiklander * @attrs_count: number of items in the blob 5663f89caaSJens Wiklander * @attrs: then starts the blob binary data 5763f89caaSJens Wiklander */ 5863f89caaSJens Wiklander struct obj_attrs { 5963f89caaSJens Wiklander uint32_t attrs_size; 6063f89caaSJens Wiklander uint32_t attrs_count; 6163f89caaSJens Wiklander uint8_t attrs[]; 6263f89caaSJens Wiklander }; 6363f89caaSJens Wiklander 6463f89caaSJens Wiklander /* 6563f89caaSJens Wiklander * init_attributes_head() - Allocate a reference for serialized attributes 6663f89caaSJens Wiklander * @head: *@head holds the retrieved pointer 6763f89caaSJens Wiklander * 6863f89caaSJens Wiklander * Retrieved pointer can be freed from a simple TEE_Free(reference). 6963f89caaSJens Wiklander * 7059a5257eSEtienne Carriere * Return PKCS11_CKR_OK on success or a PKCS11 return code. 7163f89caaSJens Wiklander */ 7263f89caaSJens Wiklander enum pkcs11_rc init_attributes_head(struct obj_attrs **head); 7363f89caaSJens Wiklander 7463f89caaSJens Wiklander /* 7563f89caaSJens Wiklander * add_attribute() - Update serialized attributes to add an entry. 7663f89caaSJens Wiklander * 7763f89caaSJens Wiklander * @head: *@head points to serialized attributes, 7863f89caaSJens Wiklander * can be reallocated as attributes are added 7963f89caaSJens Wiklander * @attribute: Attribute ID to add 8063f89caaSJens Wiklander * @data: Opaque data of attribute 8163f89caaSJens Wiklander * @size: Size of data 8263f89caaSJens Wiklander * 8359a5257eSEtienne Carriere * Return PKCS11_CKR_OK on success or a PKCS11 return code. 8463f89caaSJens Wiklander */ 8563f89caaSJens Wiklander enum pkcs11_rc add_attribute(struct obj_attrs **head, uint32_t attribute, 8663f89caaSJens Wiklander void *data, size_t size); 8763f89caaSJens Wiklander 8863f89caaSJens Wiklander /* 89fa247a2aSRuchika Gupta * Update serialized attributes to remove an empty entry. Can relocate the 90fa247a2aSRuchika Gupta * attribute list buffer. Only 1 instance of the entry is expected. 91fa247a2aSRuchika Gupta * 92fa247a2aSRuchika Gupta * Return PKCS11_CKR_OK on success or a PKCS11 return code. 93fa247a2aSRuchika Gupta */ 94fa247a2aSRuchika Gupta enum pkcs11_rc remove_empty_attribute(struct obj_attrs **head, uint32_t attrib); 95fa247a2aSRuchika Gupta 96fa247a2aSRuchika Gupta /* 9763f89caaSJens Wiklander * get_attribute_ptrs() - Get pointers to attributes with a given ID 9863f89caaSJens Wiklander * @head: Pointer to serialized attributes 9963f89caaSJens Wiklander * @attribute: Attribute ID to look for 10063f89caaSJens Wiklander * @attr: Array of pointers to the data inside @head 10163f89caaSJens Wiklander * @attr_size: Array of uint32_t holding the sizes of each value pointed to 10263f89caaSJens Wiklander * by @attr 10363f89caaSJens Wiklander * @count: Number of elements in the arrays above 10463f89caaSJens Wiklander * 10563f89caaSJens Wiklander * If *count == 0, count and return in *count the number of attributes matching 10663f89caaSJens Wiklander * the input attribute ID. 10763f89caaSJens Wiklander * 10863f89caaSJens Wiklander * If *count != 0, return the address and size of the attributes found, up to 10963f89caaSJens Wiklander * the occurrence number *count. attr and attr_size are expected large 11063f89caaSJens Wiklander * enough. attr is the output array of the values found. attr_size is the 11163f89caaSJens Wiklander * output array of the size of each value found. 11263f89caaSJens Wiklander * 11363f89caaSJens Wiklander * If attr_size != NULL, return in *attr_size attribute value size. 11463f89caaSJens Wiklander * If attr != NULL return in *attr the address of the attribute value. 11563f89caaSJens Wiklander */ 11663f89caaSJens Wiklander void get_attribute_ptrs(struct obj_attrs *head, uint32_t attribute, 11763f89caaSJens Wiklander void **attr, uint32_t *attr_size, size_t *count); 11863f89caaSJens Wiklander 11963f89caaSJens Wiklander /* 12063f89caaSJens Wiklander * get_attribute_ptrs() - Get pointer to the attribute of a given ID 12163f89caaSJens Wiklander * @head: Pointer to serialized attributes 12263f89caaSJens Wiklander * @attribute: Attribute ID 12363f89caaSJens Wiklander * @attr: *@attr holds the retrieved pointer to the attribute value 12463f89caaSJens Wiklander * @attr_size: Size of the attribute value 12563f89caaSJens Wiklander * 12663f89caaSJens Wiklander * If no matching attributes is found return PKCS11_RV_NOT_FOUND. 12763f89caaSJens Wiklander * If attr_size != NULL, return in *attr_size attribute value size. 12863f89caaSJens Wiklander * If attr != NULL, return in *attr the address of the attribute value. 12963f89caaSJens Wiklander * 13059a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 13163f89caaSJens Wiklander * code. 13263f89caaSJens Wiklander */ 13363f89caaSJens Wiklander enum pkcs11_rc get_attribute_ptr(struct obj_attrs *head, uint32_t attribute, 13463f89caaSJens Wiklander void **attr_ptr, uint32_t *attr_size); 13559a5257eSEtienne Carriere 13663f89caaSJens Wiklander /* 13763f89caaSJens Wiklander * get_attribute() - Copy out the attribute of a given ID 13863f89caaSJens Wiklander * @head: Pointer to serialized attributes 13963f89caaSJens Wiklander * @attribute: Attribute ID to look for 14063f89caaSJens Wiklander * @attr: holds the retrieved attribute value 14163f89caaSJens Wiklander * @attr_size: Size of the attribute value 14263f89caaSJens Wiklander * 14363f89caaSJens Wiklander * If attribute is not found, return PKCS11_RV_NOT_FOUND. 144d17c25d2SVesa Jääskeläinen * 145d17c25d2SVesa Jääskeläinen * If attr_size != NULL, check that attr has enough room for value (compare 146d17c25d2SVesa Jääskeläinen * against *attr_size), copy attribute value to attr and finally return actual 147d17c25d2SVesa Jääskeläinen * value size in *attr_size. 148d17c25d2SVesa Jääskeläinen * 149d17c25d2SVesa Jääskeläinen * If there is not enough room return PKCS11_CKR_BUFFER_TOO_SMALL with expected 150d17c25d2SVesa Jääskeläinen * size in *attr_size. 151d17c25d2SVesa Jääskeläinen * 152d17c25d2SVesa Jääskeläinen * If attr is NULL and attr_size != NULL return expected buffer size in 153d17c25d2SVesa Jääskeläinen * *attr_size. 15463f89caaSJens Wiklander * 15559a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 15663f89caaSJens Wiklander * code. 15763f89caaSJens Wiklander */ 15863f89caaSJens Wiklander enum pkcs11_rc get_attribute(struct obj_attrs *head, uint32_t attribute, 15963f89caaSJens Wiklander void *attr, uint32_t *attr_size); 16063f89caaSJens Wiklander 16163f89caaSJens Wiklander /* 162*2d25a9bcSRuchika Gupta * set_attribute() - Set the attribute of a given ID with value 163*2d25a9bcSRuchika Gupta * @head: Pointer to serialized attributes where attribute is to be set, 164*2d25a9bcSRuchika Gupta * can be relocated as attributes are modified/added 165*2d25a9bcSRuchika Gupta * @attribute: Attribute ID to look for 166*2d25a9bcSRuchika Gupta * @data: Holds the attribute value to be set 167*2d25a9bcSRuchika Gupta * @size: Size of the attribute value 168*2d25a9bcSRuchika Gupta * 169*2d25a9bcSRuchika Gupta * Return PKCS11_CKR_OK on success or a PKCS11 return code. 170*2d25a9bcSRuchika Gupta */ 171*2d25a9bcSRuchika Gupta enum pkcs11_rc set_attribute(struct obj_attrs **head, uint32_t attribute, 172*2d25a9bcSRuchika Gupta void *data, size_t size); 173*2d25a9bcSRuchika Gupta 174*2d25a9bcSRuchika Gupta /* 175*2d25a9bcSRuchika Gupta * modify_attributes_list() - Modify the value of attributes in destination 176*2d25a9bcSRuchika Gupta * attribute list (serialized attributes) based on the value of attributes in 177*2d25a9bcSRuchika Gupta * the source attribute list 178*2d25a9bcSRuchika Gupta * @dst: Pointer to serialized attrbutes where attributes are to be 179*2d25a9bcSRuchika Gupta * modified, can be relocated as attributes are modified 180*2d25a9bcSRuchika Gupta * @head: Serialized attributes containing attributes which need to be 181*2d25a9bcSRuchika Gupta * modified in the destination attribute list 182*2d25a9bcSRuchika Gupta * 183*2d25a9bcSRuchika Gupta * Return PKCS11_CKR_OK on success 184*2d25a9bcSRuchika Gupta */ 185*2d25a9bcSRuchika Gupta enum pkcs11_rc modify_attributes_list(struct obj_attrs **dst, 186*2d25a9bcSRuchika Gupta struct obj_attrs *head); 187*2d25a9bcSRuchika Gupta 188*2d25a9bcSRuchika Gupta /* 18963f89caaSJens Wiklander * get_u32_attribute() - Copy out the 32-bit attribute value of a given ID 19063f89caaSJens Wiklander * @head: Pointer to serialized attributes 19163f89caaSJens Wiklander * @attribute: Attribute ID 19263f89caaSJens Wiklander * @attr: holds the retrieved 32-bit attribute value 19363f89caaSJens Wiklander * 19463f89caaSJens Wiklander * If attribute is not found, return PKCS11_RV_NOT_FOUND. 19563f89caaSJens Wiklander * If the retreived attribute doesn't have a 4 byte sized value 19663f89caaSJens Wiklander * PKCS11_CKR_GENERAL_ERROR is returned. 19763f89caaSJens Wiklander * 19859a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 19963f89caaSJens Wiklander * code. 20063f89caaSJens Wiklander */ 20163f89caaSJens Wiklander 20263f89caaSJens Wiklander static inline enum pkcs11_rc get_u32_attribute(struct obj_attrs *head, 20363f89caaSJens Wiklander uint32_t attribute, 20463f89caaSJens Wiklander uint32_t *attr) 20563f89caaSJens Wiklander { 20663f89caaSJens Wiklander uint32_t size = sizeof(uint32_t); 20763f89caaSJens Wiklander enum pkcs11_rc rc = get_attribute(head, attribute, attr, &size); 20863f89caaSJens Wiklander 20963f89caaSJens Wiklander if (!rc && size != sizeof(uint32_t)) 21063f89caaSJens Wiklander return PKCS11_CKR_GENERAL_ERROR; 21163f89caaSJens Wiklander 21263f89caaSJens Wiklander return rc; 21363f89caaSJens Wiklander } 21463f89caaSJens Wiklander 21563f89caaSJens Wiklander /* 216dc99b202SRuchika Gupta * Return true if all attributes from the reference are found and match value 217dc99b202SRuchika Gupta * in the candidate attribute list. 218dc99b202SRuchika Gupta * 219dc99b202SRuchika Gupta * Return PKCS11_CKR_OK on success, or a PKCS11 return code. 220dc99b202SRuchika Gupta */ 221dc99b202SRuchika Gupta bool attributes_match_reference(struct obj_attrs *ref, 222dc99b202SRuchika Gupta struct obj_attrs *candidate); 223dc99b202SRuchika Gupta 224dc99b202SRuchika Gupta /* 22563f89caaSJens Wiklander * get_class() - Get class ID of an object 22663f89caaSJens Wiklander * @head: Pointer to serialized attributes 22763f89caaSJens Wiklander * 22863f89caaSJens Wiklander * Returns the class ID of an object on succes or returns 22963f89caaSJens Wiklander * PKCS11_CKO_UNDEFINED_ID on error. 23063f89caaSJens Wiklander */ 23163f89caaSJens Wiklander static inline enum pkcs11_class_id get_class(struct obj_attrs *head) 23263f89caaSJens Wiklander { 23363f89caaSJens Wiklander uint32_t class = 0; 23463f89caaSJens Wiklander uint32_t size = sizeof(class); 23563f89caaSJens Wiklander 23663f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_CLASS, &class, &size)) 23763f89caaSJens Wiklander return PKCS11_CKO_UNDEFINED_ID; 23863f89caaSJens Wiklander 23963f89caaSJens Wiklander return class; 24063f89caaSJens Wiklander } 24163f89caaSJens Wiklander 24263f89caaSJens Wiklander /* 24363f89caaSJens Wiklander * get_key_type() - Get the key type of an object 24463f89caaSJens Wiklander * @head: Pointer to serialized attributes 24563f89caaSJens Wiklander * 24663f89caaSJens Wiklander * Returns the key type of an object on success or returns 24763f89caaSJens Wiklander * PKCS11_CKK_UNDEFINED_ID on error. 24863f89caaSJens Wiklander */ 24963f89caaSJens Wiklander static inline enum pkcs11_key_type get_key_type(struct obj_attrs *head) 25063f89caaSJens Wiklander { 25163f89caaSJens Wiklander uint32_t type = 0; 25263f89caaSJens Wiklander uint32_t size = sizeof(type); 25363f89caaSJens Wiklander 25463f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_KEY_TYPE, &type, &size)) 25563f89caaSJens Wiklander return PKCS11_CKK_UNDEFINED_ID; 25663f89caaSJens Wiklander 25763f89caaSJens Wiklander return type; 25863f89caaSJens Wiklander } 25963f89caaSJens Wiklander 26063f89caaSJens Wiklander /* 26163f89caaSJens Wiklander * get_mechanism_type() - Get the mechanism type of an object 26263f89caaSJens Wiklander * @head: Pointer to serialized attributes 26363f89caaSJens Wiklander * 26463f89caaSJens Wiklander * Returns the mechanism type of an object on success or returns 26563f89caaSJens Wiklander * PKCS11_CKM_UNDEFINED_ID on error. 26663f89caaSJens Wiklander */ 26763f89caaSJens Wiklander static inline enum pkcs11_mechanism_id get_mechanism_type(struct obj_attrs *head) 26863f89caaSJens Wiklander { 26963f89caaSJens Wiklander uint32_t type = 0; 27063f89caaSJens Wiklander uint32_t size = sizeof(type); 27163f89caaSJens Wiklander 27263f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_MECHANISM_TYPE, &type, &size)) 27363f89caaSJens Wiklander return PKCS11_CKM_UNDEFINED_ID; 27463f89caaSJens Wiklander 27563f89caaSJens Wiklander return type; 27663f89caaSJens Wiklander } 27763f89caaSJens Wiklander 27863f89caaSJens Wiklander /* 27963f89caaSJens Wiklander * get_bool() - Get the bool value of an attribute 28063f89caaSJens Wiklander * @head: Pointer to serialized attributes 28163f89caaSJens Wiklander * @attribute: Attribute ID to look for 28263f89caaSJens Wiklander * 28363f89caaSJens Wiklander * May assert if attribute ID isn't of the boolean type. 28463f89caaSJens Wiklander * 28563f89caaSJens Wiklander * Returns the bool value of the supplied attribute ID on success if found 28663f89caaSJens Wiklander * else false. 28763f89caaSJens Wiklander */ 28863f89caaSJens Wiklander bool get_bool(struct obj_attrs *head, uint32_t attribute); 28963f89caaSJens Wiklander 29063f89caaSJens Wiklander #if CFG_TEE_TA_LOG_LEVEL > 0 29163f89caaSJens Wiklander /* Debug: dump object attributes to IMSG() trace console */ 29263f89caaSJens Wiklander void trace_attributes(const char *prefix, void *ref); 29363f89caaSJens Wiklander #else 29463f89caaSJens Wiklander static inline void trace_attributes(const char *prefix __unused, 29563f89caaSJens Wiklander void *ref __unused) 29663f89caaSJens Wiklander { 29763f89caaSJens Wiklander } 29863f89caaSJens Wiklander #endif /*CFG_TEE_TA_LOG_LEVEL*/ 29963f89caaSJens Wiklander #endif /*PKCS11_TA_ATTRIBUTES_H*/ 300