163f89caaSJens Wiklander /* SPDX-License-Identifier: BSD-2-Clause */ 263f89caaSJens Wiklander /* 363f89caaSJens Wiklander * Copyright (c) 2017-2020, Linaro Limited 463f89caaSJens Wiklander */ 563f89caaSJens Wiklander 663f89caaSJens Wiklander #ifndef PKCS11_TA_ATTRIBUTES_H 763f89caaSJens Wiklander #define PKCS11_TA_ATTRIBUTES_H 863f89caaSJens Wiklander 963f89caaSJens Wiklander #include <stdbool.h> 1063f89caaSJens Wiklander #include <stddef.h> 1163f89caaSJens Wiklander #include <stdint.h> 1263f89caaSJens Wiklander #include <util.h> 1363f89caaSJens Wiklander 1463f89caaSJens Wiklander #include "pkcs11_helpers.h" 1563f89caaSJens Wiklander 1663f89caaSJens Wiklander /* 1763f89caaSJens Wiklander * Boolean property attributes (BPA): bit position in a 64 bit mask 1863f89caaSJens Wiklander * for boolean properties object can mandate as attribute, depending 1963f89caaSJens Wiklander * on the object. These attributes are often accessed and it is 2063f89caaSJens Wiklander * quicker to get them from a 64 bit field in the object instance 2163f89caaSJens Wiklander * rather than searching into the object attributes. 2263f89caaSJens Wiklander */ 2363f89caaSJens Wiklander #define PKCS11_BOOLPROPS_BASE 0 2463f89caaSJens Wiklander #define PKCS11_BOOLPROPS_MAX_COUNT 64 2563f89caaSJens Wiklander 2663f89caaSJens Wiklander enum boolprop_attr { 2763f89caaSJens Wiklander BPA_TOKEN = 0, 2863f89caaSJens Wiklander BPA_PRIVATE, 2963f89caaSJens Wiklander BPA_TRUSTED, 3063f89caaSJens Wiklander BPA_SENSITIVE, 3163f89caaSJens Wiklander BPA_ENCRYPT, 3263f89caaSJens Wiklander BPA_DECRYPT, 3363f89caaSJens Wiklander BPA_WRAP, 3463f89caaSJens Wiklander BPA_UNWRAP, 3563f89caaSJens Wiklander BPA_SIGN, 3663f89caaSJens Wiklander BPA_SIGN_RECOVER, 3763f89caaSJens Wiklander BPA_VERIFY, 3863f89caaSJens Wiklander BPA_VERIFY_RECOVER, 3963f89caaSJens Wiklander BPA_DERIVE, 4063f89caaSJens Wiklander BPA_EXTRACTABLE, 4163f89caaSJens Wiklander BPA_LOCAL, 4263f89caaSJens Wiklander BPA_NEVER_EXTRACTABLE, 4363f89caaSJens Wiklander BPA_ALWAYS_SENSITIVE, 4463f89caaSJens Wiklander BPA_MODIFIABLE, 4563f89caaSJens Wiklander BPA_COPYABLE, 4663f89caaSJens Wiklander BPA_DESTROYABLE, 4763f89caaSJens Wiklander BPA_ALWAYS_AUTHENTICATE, 4863f89caaSJens Wiklander BPA_WRAP_WITH_TRUSTED, 4963f89caaSJens Wiklander }; 5063f89caaSJens Wiklander 5163f89caaSJens Wiklander /* 5263f89caaSJens Wiklander * Header of a serialized memory object inside PKCS11 TA. 5363f89caaSJens Wiklander * 5463f89caaSJens Wiklander * @attrs_size: byte size of the serialized data 5563f89caaSJens Wiklander * @attrs_count: number of items in the blob 5663f89caaSJens Wiklander * @attrs: then starts the blob binary data 5763f89caaSJens Wiklander */ 5863f89caaSJens Wiklander struct obj_attrs { 5963f89caaSJens Wiklander uint32_t attrs_size; 6063f89caaSJens Wiklander uint32_t attrs_count; 6163f89caaSJens Wiklander uint8_t attrs[]; 6263f89caaSJens Wiklander }; 6363f89caaSJens Wiklander 6463f89caaSJens Wiklander /* 6563f89caaSJens Wiklander * init_attributes_head() - Allocate a reference for serialized attributes 6663f89caaSJens Wiklander * @head: *@head holds the retrieved pointer 6763f89caaSJens Wiklander * 6863f89caaSJens Wiklander * Retrieved pointer can be freed from a simple TEE_Free(reference). 6963f89caaSJens Wiklander * 7059a5257eSEtienne Carriere * Return PKCS11_CKR_OK on success or a PKCS11 return code. 7163f89caaSJens Wiklander */ 7263f89caaSJens Wiklander enum pkcs11_rc init_attributes_head(struct obj_attrs **head); 7363f89caaSJens Wiklander 7463f89caaSJens Wiklander /* 7563f89caaSJens Wiklander * add_attribute() - Update serialized attributes to add an entry. 7663f89caaSJens Wiklander * 7763f89caaSJens Wiklander * @head: *@head points to serialized attributes, 7863f89caaSJens Wiklander * can be reallocated as attributes are added 7963f89caaSJens Wiklander * @attribute: Attribute ID to add 8063f89caaSJens Wiklander * @data: Opaque data of attribute 8163f89caaSJens Wiklander * @size: Size of data 8263f89caaSJens Wiklander * 8359a5257eSEtienne Carriere * Return PKCS11_CKR_OK on success or a PKCS11 return code. 8463f89caaSJens Wiklander */ 8563f89caaSJens Wiklander enum pkcs11_rc add_attribute(struct obj_attrs **head, uint32_t attribute, 8663f89caaSJens Wiklander void *data, size_t size); 8763f89caaSJens Wiklander 8863f89caaSJens Wiklander /* 89fa247a2aSRuchika Gupta * Update serialized attributes to remove an empty entry. Can relocate the 90fa247a2aSRuchika Gupta * attribute list buffer. Only 1 instance of the entry is expected. 91fa247a2aSRuchika Gupta * 92fa247a2aSRuchika Gupta * Return PKCS11_CKR_OK on success or a PKCS11 return code. 93fa247a2aSRuchika Gupta */ 94fa247a2aSRuchika Gupta enum pkcs11_rc remove_empty_attribute(struct obj_attrs **head, uint32_t attrib); 95fa247a2aSRuchika Gupta 96fa247a2aSRuchika Gupta /* 9763f89caaSJens Wiklander * get_attribute_ptrs() - Get pointers to attributes with a given ID 9863f89caaSJens Wiklander * @head: Pointer to serialized attributes 9963f89caaSJens Wiklander * @attribute: Attribute ID to look for 10063f89caaSJens Wiklander * @attr: Array of pointers to the data inside @head 10163f89caaSJens Wiklander * @attr_size: Array of uint32_t holding the sizes of each value pointed to 10263f89caaSJens Wiklander * by @attr 10363f89caaSJens Wiklander * @count: Number of elements in the arrays above 10463f89caaSJens Wiklander * 10563f89caaSJens Wiklander * If *count == 0, count and return in *count the number of attributes matching 10663f89caaSJens Wiklander * the input attribute ID. 10763f89caaSJens Wiklander * 10863f89caaSJens Wiklander * If *count != 0, return the address and size of the attributes found, up to 10963f89caaSJens Wiklander * the occurrence number *count. attr and attr_size are expected large 11063f89caaSJens Wiklander * enough. attr is the output array of the values found. attr_size is the 11163f89caaSJens Wiklander * output array of the size of each value found. 11263f89caaSJens Wiklander * 11363f89caaSJens Wiklander * If attr_size != NULL, return in *attr_size attribute value size. 11463f89caaSJens Wiklander * If attr != NULL return in *attr the address of the attribute value. 11563f89caaSJens Wiklander */ 11663f89caaSJens Wiklander void get_attribute_ptrs(struct obj_attrs *head, uint32_t attribute, 11763f89caaSJens Wiklander void **attr, uint32_t *attr_size, size_t *count); 11863f89caaSJens Wiklander 11963f89caaSJens Wiklander /* 12063f89caaSJens Wiklander * get_attribute_ptrs() - Get pointer to the attribute of a given ID 12163f89caaSJens Wiklander * @head: Pointer to serialized attributes 12263f89caaSJens Wiklander * @attribute: Attribute ID 12363f89caaSJens Wiklander * @attr: *@attr holds the retrieved pointer to the attribute value 12463f89caaSJens Wiklander * @attr_size: Size of the attribute value 12563f89caaSJens Wiklander * 12663f89caaSJens Wiklander * If no matching attributes is found return PKCS11_RV_NOT_FOUND. 12763f89caaSJens Wiklander * If attr_size != NULL, return in *attr_size attribute value size. 12863f89caaSJens Wiklander * If attr != NULL, return in *attr the address of the attribute value. 12963f89caaSJens Wiklander * 13059a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 13163f89caaSJens Wiklander * code. 13263f89caaSJens Wiklander */ 13363f89caaSJens Wiklander enum pkcs11_rc get_attribute_ptr(struct obj_attrs *head, uint32_t attribute, 13463f89caaSJens Wiklander void **attr_ptr, uint32_t *attr_size); 13559a5257eSEtienne Carriere 13663f89caaSJens Wiklander /* 13763f89caaSJens Wiklander * get_attribute() - Copy out the attribute of a given ID 13863f89caaSJens Wiklander * @head: Pointer to serialized attributes 13963f89caaSJens Wiklander * @attribute: Attribute ID to look for 14063f89caaSJens Wiklander * @attr: holds the retrieved attribute value 14163f89caaSJens Wiklander * @attr_size: Size of the attribute value 14263f89caaSJens Wiklander * 14363f89caaSJens Wiklander * If attribute is not found, return PKCS11_RV_NOT_FOUND. 144*d17c25d2SVesa Jääskeläinen * 145*d17c25d2SVesa Jääskeläinen * If attr_size != NULL, check that attr has enough room for value (compare 146*d17c25d2SVesa Jääskeläinen * against *attr_size), copy attribute value to attr and finally return actual 147*d17c25d2SVesa Jääskeläinen * value size in *attr_size. 148*d17c25d2SVesa Jääskeläinen * 149*d17c25d2SVesa Jääskeläinen * If there is not enough room return PKCS11_CKR_BUFFER_TOO_SMALL with expected 150*d17c25d2SVesa Jääskeläinen * size in *attr_size. 151*d17c25d2SVesa Jääskeläinen * 152*d17c25d2SVesa Jääskeläinen * If attr is NULL and attr_size != NULL return expected buffer size in 153*d17c25d2SVesa Jääskeläinen * *attr_size. 15463f89caaSJens Wiklander * 15559a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 15663f89caaSJens Wiklander * code. 15763f89caaSJens Wiklander */ 15863f89caaSJens Wiklander enum pkcs11_rc get_attribute(struct obj_attrs *head, uint32_t attribute, 15963f89caaSJens Wiklander void *attr, uint32_t *attr_size); 16063f89caaSJens Wiklander 16163f89caaSJens Wiklander /* 16263f89caaSJens Wiklander * get_u32_attribute() - Copy out the 32-bit attribute value of a given ID 16363f89caaSJens Wiklander * @head: Pointer to serialized attributes 16463f89caaSJens Wiklander * @attribute: Attribute ID 16563f89caaSJens Wiklander * @attr: holds the retrieved 32-bit attribute value 16663f89caaSJens Wiklander * 16763f89caaSJens Wiklander * If attribute is not found, return PKCS11_RV_NOT_FOUND. 16863f89caaSJens Wiklander * If the retreived attribute doesn't have a 4 byte sized value 16963f89caaSJens Wiklander * PKCS11_CKR_GENERAL_ERROR is returned. 17063f89caaSJens Wiklander * 17159a5257eSEtienne Carriere * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 17263f89caaSJens Wiklander * code. 17363f89caaSJens Wiklander */ 17463f89caaSJens Wiklander 17563f89caaSJens Wiklander static inline enum pkcs11_rc get_u32_attribute(struct obj_attrs *head, 17663f89caaSJens Wiklander uint32_t attribute, 17763f89caaSJens Wiklander uint32_t *attr) 17863f89caaSJens Wiklander { 17963f89caaSJens Wiklander uint32_t size = sizeof(uint32_t); 18063f89caaSJens Wiklander enum pkcs11_rc rc = get_attribute(head, attribute, attr, &size); 18163f89caaSJens Wiklander 18263f89caaSJens Wiklander if (!rc && size != sizeof(uint32_t)) 18363f89caaSJens Wiklander return PKCS11_CKR_GENERAL_ERROR; 18463f89caaSJens Wiklander 18563f89caaSJens Wiklander return rc; 18663f89caaSJens Wiklander } 18763f89caaSJens Wiklander 18863f89caaSJens Wiklander /* 189dc99b202SRuchika Gupta * Return true if all attributes from the reference are found and match value 190dc99b202SRuchika Gupta * in the candidate attribute list. 191dc99b202SRuchika Gupta * 192dc99b202SRuchika Gupta * Return PKCS11_CKR_OK on success, or a PKCS11 return code. 193dc99b202SRuchika Gupta */ 194dc99b202SRuchika Gupta bool attributes_match_reference(struct obj_attrs *ref, 195dc99b202SRuchika Gupta struct obj_attrs *candidate); 196dc99b202SRuchika Gupta 197dc99b202SRuchika Gupta /* 19863f89caaSJens Wiklander * get_class() - Get class ID of an object 19963f89caaSJens Wiklander * @head: Pointer to serialized attributes 20063f89caaSJens Wiklander * 20163f89caaSJens Wiklander * Returns the class ID of an object on succes or returns 20263f89caaSJens Wiklander * PKCS11_CKO_UNDEFINED_ID on error. 20363f89caaSJens Wiklander */ 20463f89caaSJens Wiklander static inline enum pkcs11_class_id get_class(struct obj_attrs *head) 20563f89caaSJens Wiklander { 20663f89caaSJens Wiklander uint32_t class = 0; 20763f89caaSJens Wiklander uint32_t size = sizeof(class); 20863f89caaSJens Wiklander 20963f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_CLASS, &class, &size)) 21063f89caaSJens Wiklander return PKCS11_CKO_UNDEFINED_ID; 21163f89caaSJens Wiklander 21263f89caaSJens Wiklander return class; 21363f89caaSJens Wiklander } 21463f89caaSJens Wiklander 21563f89caaSJens Wiklander /* 21663f89caaSJens Wiklander * get_key_type() - Get the key type of an object 21763f89caaSJens Wiklander * @head: Pointer to serialized attributes 21863f89caaSJens Wiklander * 21963f89caaSJens Wiklander * Returns the key type of an object on success or returns 22063f89caaSJens Wiklander * PKCS11_CKK_UNDEFINED_ID on error. 22163f89caaSJens Wiklander */ 22263f89caaSJens Wiklander static inline enum pkcs11_key_type get_key_type(struct obj_attrs *head) 22363f89caaSJens Wiklander { 22463f89caaSJens Wiklander uint32_t type = 0; 22563f89caaSJens Wiklander uint32_t size = sizeof(type); 22663f89caaSJens Wiklander 22763f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_KEY_TYPE, &type, &size)) 22863f89caaSJens Wiklander return PKCS11_CKK_UNDEFINED_ID; 22963f89caaSJens Wiklander 23063f89caaSJens Wiklander return type; 23163f89caaSJens Wiklander } 23263f89caaSJens Wiklander 23363f89caaSJens Wiklander /* 23463f89caaSJens Wiklander * get_mechanism_type() - Get the mechanism type of an object 23563f89caaSJens Wiklander * @head: Pointer to serialized attributes 23663f89caaSJens Wiklander * 23763f89caaSJens Wiklander * Returns the mechanism type of an object on success or returns 23863f89caaSJens Wiklander * PKCS11_CKM_UNDEFINED_ID on error. 23963f89caaSJens Wiklander */ 24063f89caaSJens Wiklander static inline enum pkcs11_mechanism_id get_mechanism_type(struct obj_attrs *head) 24163f89caaSJens Wiklander { 24263f89caaSJens Wiklander uint32_t type = 0; 24363f89caaSJens Wiklander uint32_t size = sizeof(type); 24463f89caaSJens Wiklander 24563f89caaSJens Wiklander if (get_attribute(head, PKCS11_CKA_MECHANISM_TYPE, &type, &size)) 24663f89caaSJens Wiklander return PKCS11_CKM_UNDEFINED_ID; 24763f89caaSJens Wiklander 24863f89caaSJens Wiklander return type; 24963f89caaSJens Wiklander } 25063f89caaSJens Wiklander 25163f89caaSJens Wiklander /* 25263f89caaSJens Wiklander * get_bool() - Get the bool value of an attribute 25363f89caaSJens Wiklander * @head: Pointer to serialized attributes 25463f89caaSJens Wiklander * @attribute: Attribute ID to look for 25563f89caaSJens Wiklander * 25663f89caaSJens Wiklander * May assert if attribute ID isn't of the boolean type. 25763f89caaSJens Wiklander * 25863f89caaSJens Wiklander * Returns the bool value of the supplied attribute ID on success if found 25963f89caaSJens Wiklander * else false. 26063f89caaSJens Wiklander */ 26163f89caaSJens Wiklander bool get_bool(struct obj_attrs *head, uint32_t attribute); 26263f89caaSJens Wiklander 26363f89caaSJens Wiklander #if CFG_TEE_TA_LOG_LEVEL > 0 26463f89caaSJens Wiklander /* Debug: dump object attributes to IMSG() trace console */ 26563f89caaSJens Wiklander void trace_attributes(const char *prefix, void *ref); 26663f89caaSJens Wiklander #else 26763f89caaSJens Wiklander static inline void trace_attributes(const char *prefix __unused, 26863f89caaSJens Wiklander void *ref __unused) 26963f89caaSJens Wiklander { 27063f89caaSJens Wiklander } 27163f89caaSJens Wiklander #endif /*CFG_TEE_TA_LOG_LEVEL*/ 27263f89caaSJens Wiklander #endif /*PKCS11_TA_ATTRIBUTES_H*/ 273