163f89caaSJens Wiklander /* SPDX-License-Identifier: BSD-2-Clause */ 263f89caaSJens Wiklander /* 363f89caaSJens Wiklander * Copyright (c) 2017-2020, Linaro Limited 463f89caaSJens Wiklander */ 563f89caaSJens Wiklander 663f89caaSJens Wiklander #ifndef PKCS11_TA_ATTRIBUTES_H 763f89caaSJens Wiklander #define PKCS11_TA_ATTRIBUTES_H 863f89caaSJens Wiklander 963f89caaSJens Wiklander #include <stdbool.h> 1063f89caaSJens Wiklander #include <stddef.h> 1163f89caaSJens Wiklander #include <stdint.h> 1263f89caaSJens Wiklander #include <util.h> 1363f89caaSJens Wiklander 1463f89caaSJens Wiklander #include "pkcs11_helpers.h" 1563f89caaSJens Wiklander 1663f89caaSJens Wiklander /* 1763f89caaSJens Wiklander * Boolean property attributes (BPA): bit position in a 64 bit mask 1863f89caaSJens Wiklander * for boolean properties object can mandate as attribute, depending 1963f89caaSJens Wiklander * on the object. These attributes are often accessed and it is 2063f89caaSJens Wiklander * quicker to get them from a 64 bit field in the object instance 2163f89caaSJens Wiklander * rather than searching into the object attributes. 2263f89caaSJens Wiklander */ 2363f89caaSJens Wiklander #define PKCS11_BOOLPROPS_BASE 0 2463f89caaSJens Wiklander #define PKCS11_BOOLPROPS_MAX_COUNT 64 2563f89caaSJens Wiklander 2663f89caaSJens Wiklander enum boolprop_attr { 2763f89caaSJens Wiklander BPA_TOKEN = 0, 2863f89caaSJens Wiklander BPA_PRIVATE, 2963f89caaSJens Wiklander BPA_TRUSTED, 3063f89caaSJens Wiklander BPA_SENSITIVE, 3163f89caaSJens Wiklander BPA_ENCRYPT, 3263f89caaSJens Wiklander BPA_DECRYPT, 3363f89caaSJens Wiklander BPA_WRAP, 3463f89caaSJens Wiklander BPA_UNWRAP, 3563f89caaSJens Wiklander BPA_SIGN, 3663f89caaSJens Wiklander BPA_SIGN_RECOVER, 3763f89caaSJens Wiklander BPA_VERIFY, 3863f89caaSJens Wiklander BPA_VERIFY_RECOVER, 3963f89caaSJens Wiklander BPA_DERIVE, 4063f89caaSJens Wiklander BPA_EXTRACTABLE, 4163f89caaSJens Wiklander BPA_LOCAL, 4263f89caaSJens Wiklander BPA_NEVER_EXTRACTABLE, 4363f89caaSJens Wiklander BPA_ALWAYS_SENSITIVE, 4463f89caaSJens Wiklander BPA_MODIFIABLE, 4563f89caaSJens Wiklander BPA_COPYABLE, 4663f89caaSJens Wiklander BPA_DESTROYABLE, 4763f89caaSJens Wiklander BPA_ALWAYS_AUTHENTICATE, 4863f89caaSJens Wiklander BPA_WRAP_WITH_TRUSTED, 4963f89caaSJens Wiklander }; 5063f89caaSJens Wiklander 5163f89caaSJens Wiklander /* 5263f89caaSJens Wiklander * Header of a serialized memory object inside PKCS11 TA. 5363f89caaSJens Wiklander * 5463f89caaSJens Wiklander * @attrs_size: byte size of the serialized data 5563f89caaSJens Wiklander * @attrs_count: number of items in the blob 5663f89caaSJens Wiklander * @attrs: then starts the blob binary data 5763f89caaSJens Wiklander */ 5863f89caaSJens Wiklander struct obj_attrs { 5963f89caaSJens Wiklander uint32_t attrs_size; 6063f89caaSJens Wiklander uint32_t attrs_count; 6163f89caaSJens Wiklander uint8_t attrs[]; 6263f89caaSJens Wiklander }; 6363f89caaSJens Wiklander 6463f89caaSJens Wiklander /* 6563f89caaSJens Wiklander * init_attributes_head() - Allocate a reference for serialized attributes 6663f89caaSJens Wiklander * @head: *@head holds the retrieved pointer 6763f89caaSJens Wiklander * 6863f89caaSJens Wiklander * Retrieved pointer can be freed from a simple TEE_Free(reference). 6963f89caaSJens Wiklander * 70*59a5257eSEtienne Carriere * Return PKCS11_CKR_OK on success or a PKCS11 return code. 7163f89caaSJens Wiklander */ 7263f89caaSJens Wiklander enum pkcs11_rc init_attributes_head(struct obj_attrs **head); 7363f89caaSJens Wiklander 7463f89caaSJens Wiklander /* 7563f89caaSJens Wiklander * add_attribute() - Update serialized attributes to add an entry. 7663f89caaSJens Wiklander * 7763f89caaSJens Wiklander * @head: *@head points to serialized attributes, 7863f89caaSJens Wiklander * can be reallocated as attributes are added 7963f89caaSJens Wiklander * @attribute: Attribute ID to add 8063f89caaSJens Wiklander * @data: Opaque data of attribute 8163f89caaSJens Wiklander * @size: Size of data 8263f89caaSJens Wiklander * 83*59a5257eSEtienne Carriere * Return PKCS11_CKR_OK on success or a PKCS11 return code. 8463f89caaSJens Wiklander */ 8563f89caaSJens Wiklander enum pkcs11_rc add_attribute(struct obj_attrs **head, uint32_t attribute, 8663f89caaSJens Wiklander void *data, size_t size); 8763f89caaSJens Wiklander 8863f89caaSJens Wiklander /* 8963f89caaSJens Wiklander * get_attribute_ptrs() - Get pointers to attributes with a given ID 9063f89caaSJens Wiklander * @head: Pointer to serialized attributes 9163f89caaSJens Wiklander * @attribute: Attribute ID to look for 9263f89caaSJens Wiklander * @attr: Array of pointers to the data inside @head 9363f89caaSJens Wiklander * @attr_size: Array of uint32_t holding the sizes of each value pointed to 9463f89caaSJens Wiklander * by @attr 9563f89caaSJens Wiklander * @count: Number of elements in the arrays above 9663f89caaSJens Wiklander * 9763f89caaSJens Wiklander * If *count == 0, count and return in *count the number of attributes matching 9863f89caaSJens Wiklander * the input attribute ID. 9963f89caaSJens Wiklander * 10063f89caaSJens Wiklander * If *count != 0, return the address and size of the attributes found, up to 10163f89caaSJens Wiklander * the occurrence number *count. attr and attr_size are expected large 10263f89caaSJens Wiklander * enough. attr is the output array of the values found. attr_size is the 10363f89caaSJens Wiklander * output array of the size of each value found. 10463f89caaSJens Wiklander * 10563f89caaSJens Wiklander * If attr_size != NULL, return in *attr_size attribute value size. 10663f89caaSJens Wiklander * If attr != NULL return in *attr the address of the attribute value. 10763f89caaSJens Wiklander */ 10863f89caaSJens Wiklander void get_attribute_ptrs(struct obj_attrs *head, uint32_t attribute, 10963f89caaSJens Wiklander void **attr, uint32_t *attr_size, size_t *count); 11063f89caaSJens Wiklander 11163f89caaSJens Wiklander /* 11263f89caaSJens Wiklander * get_attribute_ptrs() - Get pointer to the attribute of a given ID 11363f89caaSJens Wiklander * @head: Pointer to serialized attributes 11463f89caaSJens Wiklander * @attribute: Attribute ID 11563f89caaSJens Wiklander * @attr: *@attr holds the retrieved pointer to the attribute value 11663f89caaSJens Wiklander * @attr_size: Size of the attribute value 11763f89caaSJens Wiklander * 11863f89caaSJens Wiklander * If no matching attributes is found return PKCS11_RV_NOT_FOUND. 11963f89caaSJens Wiklander * If attr_size != NULL, return in *attr_size attribute value size. 12063f89caaSJens Wiklander * If attr != NULL, return in *attr the address of the attribute value. 12163f89caaSJens Wiklander * 122*59a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 12363f89caaSJens Wiklander * code. 12463f89caaSJens Wiklander */ 12563f89caaSJens Wiklander enum pkcs11_rc get_attribute_ptr(struct obj_attrs *head, uint32_t attribute, 12663f89caaSJens Wiklander void **attr_ptr, uint32_t *attr_size); 127*59a5257eSEtienne Carriere 12863f89caaSJens Wiklander /* 12963f89caaSJens Wiklander * get_attribute() - Copy out the attribute of a given ID 13063f89caaSJens Wiklander * @head: Pointer to serialized attributes 13163f89caaSJens Wiklander * @attribute: Attribute ID to look for 13263f89caaSJens Wiklander * @attr: holds the retrieved attribute value 13363f89caaSJens Wiklander * @attr_size: Size of the attribute value 13463f89caaSJens Wiklander * 13563f89caaSJens Wiklander * If attribute is not found, return PKCS11_RV_NOT_FOUND. 13663f89caaSJens Wiklander * If attr_size != NULL, check *attr_size matches attributes size and return 13763f89caaSJens Wiklander * PKCS11_CKR_BUFFER_TOO_SMALL with expected size in *attr_size. 13863f89caaSJens Wiklander * If attr != NULL and attr_size is NULL or gives expected buffer size, 13963f89caaSJens Wiklander * copy attribute value into attr. 14063f89caaSJens Wiklander * 141*59a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 14263f89caaSJens Wiklander * code. 14363f89caaSJens Wiklander */ 14463f89caaSJens Wiklander enum pkcs11_rc get_attribute(struct obj_attrs *head, uint32_t attribute, 14563f89caaSJens Wiklander void *attr, uint32_t *attr_size); 14663f89caaSJens Wiklander 14763f89caaSJens Wiklander /* 14863f89caaSJens Wiklander * get_u32_attribute() - Copy out the 32-bit attribute value of a given ID 14963f89caaSJens Wiklander * @head: Pointer to serialized attributes 15063f89caaSJens Wiklander * @attribute: Attribute ID 15163f89caaSJens Wiklander * @attr: holds the retrieved 32-bit attribute value 15263f89caaSJens Wiklander * 15363f89caaSJens Wiklander * If attribute is not found, return PKCS11_RV_NOT_FOUND. 15463f89caaSJens Wiklander * If the retreived attribute doesn't have a 4 byte sized value 15563f89caaSJens Wiklander * PKCS11_CKR_GENERAL_ERROR is returned. 15663f89caaSJens Wiklander * 157*59a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 15863f89caaSJens Wiklander * code. 15963f89caaSJens Wiklander */ 16063f89caaSJens Wiklander 16163f89caaSJens Wiklander static inline enum pkcs11_rc get_u32_attribute(struct obj_attrs *head, 16263f89caaSJens Wiklander uint32_t attribute, 16363f89caaSJens Wiklander uint32_t *attr) 16463f89caaSJens Wiklander { 16563f89caaSJens Wiklander uint32_t size = sizeof(uint32_t); 16663f89caaSJens Wiklander enum pkcs11_rc rc = get_attribute(head, attribute, attr, &size); 16763f89caaSJens Wiklander 16863f89caaSJens Wiklander if (!rc && size != sizeof(uint32_t)) 16963f89caaSJens Wiklander return PKCS11_CKR_GENERAL_ERROR; 17063f89caaSJens Wiklander 17163f89caaSJens Wiklander return rc; 17263f89caaSJens Wiklander } 17363f89caaSJens Wiklander 17463f89caaSJens Wiklander /* 17563f89caaSJens Wiklander * get_class() - Get class ID of an object 17663f89caaSJens Wiklander * @head: Pointer to serialized attributes 17763f89caaSJens Wiklander * 17863f89caaSJens Wiklander * Returns the class ID of an object on succes or returns 17963f89caaSJens Wiklander * PKCS11_CKO_UNDEFINED_ID on error. 18063f89caaSJens Wiklander */ 18163f89caaSJens Wiklander static inline enum pkcs11_class_id get_class(struct obj_attrs *head) 18263f89caaSJens Wiklander { 18363f89caaSJens Wiklander uint32_t class = 0; 18463f89caaSJens Wiklander uint32_t size = sizeof(class); 18563f89caaSJens Wiklander 18663f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_CLASS, &class, &size)) 18763f89caaSJens Wiklander return PKCS11_CKO_UNDEFINED_ID; 18863f89caaSJens Wiklander 18963f89caaSJens Wiklander return class; 19063f89caaSJens Wiklander } 19163f89caaSJens Wiklander 19263f89caaSJens Wiklander /* 19363f89caaSJens Wiklander * get_key_type() - Get the key type of an object 19463f89caaSJens Wiklander * @head: Pointer to serialized attributes 19563f89caaSJens Wiklander * 19663f89caaSJens Wiklander * Returns the key type of an object on success or returns 19763f89caaSJens Wiklander * PKCS11_CKK_UNDEFINED_ID on error. 19863f89caaSJens Wiklander */ 19963f89caaSJens Wiklander static inline enum pkcs11_key_type get_key_type(struct obj_attrs *head) 20063f89caaSJens Wiklander { 20163f89caaSJens Wiklander uint32_t type = 0; 20263f89caaSJens Wiklander uint32_t size = sizeof(type); 20363f89caaSJens Wiklander 20463f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_KEY_TYPE, &type, &size)) 20563f89caaSJens Wiklander return PKCS11_CKK_UNDEFINED_ID; 20663f89caaSJens Wiklander 20763f89caaSJens Wiklander return type; 20863f89caaSJens Wiklander } 20963f89caaSJens Wiklander 21063f89caaSJens Wiklander /* 21163f89caaSJens Wiklander * get_mechanism_type() - Get the mechanism type of an object 21263f89caaSJens Wiklander * @head: Pointer to serialized attributes 21363f89caaSJens Wiklander * 21463f89caaSJens Wiklander * Returns the mechanism type of an object on success or returns 21563f89caaSJens Wiklander * PKCS11_CKM_UNDEFINED_ID on error. 21663f89caaSJens Wiklander */ 21763f89caaSJens Wiklander static inline enum pkcs11_mechanism_id get_mechanism_type(struct obj_attrs *head) 21863f89caaSJens Wiklander { 21963f89caaSJens Wiklander uint32_t type = 0; 22063f89caaSJens Wiklander uint32_t size = sizeof(type); 22163f89caaSJens Wiklander 22263f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_MECHANISM_TYPE, &type, &size)) 22363f89caaSJens Wiklander return PKCS11_CKM_UNDEFINED_ID; 22463f89caaSJens Wiklander 22563f89caaSJens Wiklander return type; 22663f89caaSJens Wiklander } 22763f89caaSJens Wiklander 22863f89caaSJens Wiklander /* 22963f89caaSJens Wiklander * get_bool() - Get the bool value of an attribute 23063f89caaSJens Wiklander * @head: Pointer to serialized attributes 23163f89caaSJens Wiklander * @attribute: Attribute ID to look for 23263f89caaSJens Wiklander * 23363f89caaSJens Wiklander * May assert if attribute ID isn't of the boolean type. 23463f89caaSJens Wiklander * 23563f89caaSJens Wiklander * Returns the bool value of the supplied attribute ID on success if found 23663f89caaSJens Wiklander * else false. 23763f89caaSJens Wiklander */ 23863f89caaSJens Wiklander bool get_bool(struct obj_attrs *head, uint32_t attribute); 23963f89caaSJens Wiklander 24063f89caaSJens Wiklander #if CFG_TEE_TA_LOG_LEVEL > 0 24163f89caaSJens Wiklander /* Debug: dump object attributes to IMSG() trace console */ 24263f89caaSJens Wiklander void trace_attributes(const char *prefix, void *ref); 24363f89caaSJens Wiklander #else 24463f89caaSJens Wiklander static inline void trace_attributes(const char *prefix __unused, 24563f89caaSJens Wiklander void *ref __unused) 24663f89caaSJens Wiklander { 24763f89caaSJens Wiklander } 24863f89caaSJens Wiklander #endif /*CFG_TEE_TA_LOG_LEVEL*/ 24963f89caaSJens Wiklander #endif /*PKCS11_TA_ATTRIBUTES_H*/ 250