1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2017-2020, Linaro Limited 4 */ 5 6 #ifndef PKCS11_TA_ATTRIBUTES_H 7 #define PKCS11_TA_ATTRIBUTES_H 8 9 #include <stdbool.h> 10 #include <stddef.h> 11 #include <stdint.h> 12 #include <util.h> 13 14 #include "pkcs11_helpers.h" 15 16 /* 17 * Boolean property attributes (BPA): bit position in a 64 bit mask 18 * for boolean properties object can mandate as attribute, depending 19 * on the object. These attributes are often accessed and it is 20 * quicker to get them from a 64 bit field in the object instance 21 * rather than searching into the object attributes. 22 */ 23 #define PKCS11_BOOLPROPS_BASE 0 24 #define PKCS11_BOOLPROPS_MAX_COUNT 64 25 26 enum boolprop_attr { 27 BPA_TOKEN = 0, 28 BPA_PRIVATE, 29 BPA_TRUSTED, 30 BPA_SENSITIVE, 31 BPA_ENCRYPT, 32 BPA_DECRYPT, 33 BPA_WRAP, 34 BPA_UNWRAP, 35 BPA_SIGN, 36 BPA_SIGN_RECOVER, 37 BPA_VERIFY, 38 BPA_VERIFY_RECOVER, 39 BPA_DERIVE, 40 BPA_EXTRACTABLE, 41 BPA_LOCAL, 42 BPA_NEVER_EXTRACTABLE, 43 BPA_ALWAYS_SENSITIVE, 44 BPA_MODIFIABLE, 45 BPA_COPYABLE, 46 BPA_DESTROYABLE, 47 BPA_ALWAYS_AUTHENTICATE, 48 BPA_WRAP_WITH_TRUSTED, 49 }; 50 51 /* 52 * Header of a serialized memory object inside PKCS11 TA. 53 * 54 * @attrs_size: byte size of the serialized data 55 * @attrs_count: number of items in the blob 56 * @attrs: then starts the blob binary data 57 */ 58 struct obj_attrs { 59 uint32_t attrs_size; 60 uint32_t attrs_count; 61 uint8_t attrs[]; 62 }; 63 64 /* 65 * init_attributes_head() - Allocate a reference for serialized attributes 66 * @head: *@head holds the retrieved pointer 67 * 68 * Retrieved pointer can be freed from a simple TEE_Free(reference). 69 * 70 * Return PKCS11_CKR_OK on success or a PKCS11 return code. 71 */ 72 enum pkcs11_rc init_attributes_head(struct obj_attrs **head); 73 74 /* 75 * add_attribute() - Update serialized attributes to add an entry. 76 * 77 * @head: *@head points to serialized attributes, 78 * can be reallocated as attributes are added 79 * @attribute: Attribute ID to add 80 * @data: Opaque data of attribute 81 * @size: Size of data 82 * 83 * Return PKCS11_CKR_OK on success or a PKCS11 return code. 84 */ 85 enum pkcs11_rc add_attribute(struct obj_attrs **head, uint32_t attribute, 86 void *data, size_t size); 87 88 /* 89 * get_attribute_ptrs() - Get pointers to attributes with a given ID 90 * @head: Pointer to serialized attributes 91 * @attribute: Attribute ID to look for 92 * @attr: Array of pointers to the data inside @head 93 * @attr_size: Array of uint32_t holding the sizes of each value pointed to 94 * by @attr 95 * @count: Number of elements in the arrays above 96 * 97 * If *count == 0, count and return in *count the number of attributes matching 98 * the input attribute ID. 99 * 100 * If *count != 0, return the address and size of the attributes found, up to 101 * the occurrence number *count. attr and attr_size are expected large 102 * enough. attr is the output array of the values found. attr_size is the 103 * output array of the size of each value found. 104 * 105 * If attr_size != NULL, return in *attr_size attribute value size. 106 * If attr != NULL return in *attr the address of the attribute value. 107 */ 108 void get_attribute_ptrs(struct obj_attrs *head, uint32_t attribute, 109 void **attr, uint32_t *attr_size, size_t *count); 110 111 /* 112 * get_attribute_ptrs() - Get pointer to the attribute of a given ID 113 * @head: Pointer to serialized attributes 114 * @attribute: Attribute ID 115 * @attr: *@attr holds the retrieved pointer to the attribute value 116 * @attr_size: Size of the attribute value 117 * 118 * If no matching attributes is found return PKCS11_RV_NOT_FOUND. 119 * If attr_size != NULL, return in *attr_size attribute value size. 120 * If attr != NULL, return in *attr the address of the attribute value. 121 * 122 * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 123 * code. 124 */ 125 enum pkcs11_rc get_attribute_ptr(struct obj_attrs *head, uint32_t attribute, 126 void **attr_ptr, uint32_t *attr_size); 127 128 /* 129 * get_attribute() - Copy out the attribute of a given ID 130 * @head: Pointer to serialized attributes 131 * @attribute: Attribute ID to look for 132 * @attr: holds the retrieved attribute value 133 * @attr_size: Size of the attribute value 134 * 135 * If attribute is not found, return PKCS11_RV_NOT_FOUND. 136 * If attr_size != NULL, check *attr_size matches attributes size and return 137 * PKCS11_CKR_BUFFER_TOO_SMALL with expected size in *attr_size. 138 * If attr != NULL and attr_size is NULL or gives expected buffer size, 139 * copy attribute value into attr. 140 * 141 * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 142 * code. 143 */ 144 enum pkcs11_rc get_attribute(struct obj_attrs *head, uint32_t attribute, 145 void *attr, uint32_t *attr_size); 146 147 /* 148 * get_u32_attribute() - Copy out the 32-bit attribute value of a given ID 149 * @head: Pointer to serialized attributes 150 * @attribute: Attribute ID 151 * @attr: holds the retrieved 32-bit attribute value 152 * 153 * If attribute is not found, return PKCS11_RV_NOT_FOUND. 154 * If the retreived attribute doesn't have a 4 byte sized value 155 * PKCS11_CKR_GENERAL_ERROR is returned. 156 * 157 * Return PKCS11_CKR_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 158 * code. 159 */ 160 161 static inline enum pkcs11_rc get_u32_attribute(struct obj_attrs *head, 162 uint32_t attribute, 163 uint32_t *attr) 164 { 165 uint32_t size = sizeof(uint32_t); 166 enum pkcs11_rc rc = get_attribute(head, attribute, attr, &size); 167 168 if (!rc && size != sizeof(uint32_t)) 169 return PKCS11_CKR_GENERAL_ERROR; 170 171 return rc; 172 } 173 174 /* 175 * get_class() - Get class ID of an object 176 * @head: Pointer to serialized attributes 177 * 178 * Returns the class ID of an object on succes or returns 179 * PKCS11_CKO_UNDEFINED_ID on error. 180 */ 181 static inline enum pkcs11_class_id get_class(struct obj_attrs *head) 182 { 183 uint32_t class = 0; 184 uint32_t size = sizeof(class); 185 186 if (get_attribute(head, PKCS11_CKA_CLASS, &class, &size)) 187 return PKCS11_CKO_UNDEFINED_ID; 188 189 return class; 190 } 191 192 /* 193 * get_key_type() - Get the key type of an object 194 * @head: Pointer to serialized attributes 195 * 196 * Returns the key type of an object on success or returns 197 * PKCS11_CKK_UNDEFINED_ID on error. 198 */ 199 static inline enum pkcs11_key_type get_key_type(struct obj_attrs *head) 200 { 201 uint32_t type = 0; 202 uint32_t size = sizeof(type); 203 204 if (get_attribute(head, PKCS11_CKA_KEY_TYPE, &type, &size)) 205 return PKCS11_CKK_UNDEFINED_ID; 206 207 return type; 208 } 209 210 /* 211 * get_mechanism_type() - Get the mechanism type of an object 212 * @head: Pointer to serialized attributes 213 * 214 * Returns the mechanism type of an object on success or returns 215 * PKCS11_CKM_UNDEFINED_ID on error. 216 */ 217 static inline enum pkcs11_mechanism_id get_mechanism_type(struct obj_attrs *head) 218 { 219 uint32_t type = 0; 220 uint32_t size = sizeof(type); 221 222 if (get_attribute(head, PKCS11_CKA_MECHANISM_TYPE, &type, &size)) 223 return PKCS11_CKM_UNDEFINED_ID; 224 225 return type; 226 } 227 228 /* 229 * get_bool() - Get the bool value of an attribute 230 * @head: Pointer to serialized attributes 231 * @attribute: Attribute ID to look for 232 * 233 * May assert if attribute ID isn't of the boolean type. 234 * 235 * Returns the bool value of the supplied attribute ID on success if found 236 * else false. 237 */ 238 bool get_bool(struct obj_attrs *head, uint32_t attribute); 239 240 #if CFG_TEE_TA_LOG_LEVEL > 0 241 /* Debug: dump object attributes to IMSG() trace console */ 242 void trace_attributes(const char *prefix, void *ref); 243 #else 244 static inline void trace_attributes(const char *prefix __unused, 245 void *ref __unused) 246 { 247 } 248 #endif /*CFG_TEE_TA_LOG_LEVEL*/ 249 #endif /*PKCS11_TA_ATTRIBUTES_H*/ 250