1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2017-2020, Linaro Limited 4 */ 5 6 #ifndef PKCS11_TA_ATTRIBUTES_H 7 #define PKCS11_TA_ATTRIBUTES_H 8 9 #include <stdbool.h> 10 #include <stddef.h> 11 #include <stdint.h> 12 #include <util.h> 13 14 #include "pkcs11_helpers.h" 15 16 /* 17 * Boolean property attributes (BPA): bit position in a 64 bit mask 18 * for boolean properties object can mandate as attribute, depending 19 * on the object. These attributes are often accessed and it is 20 * quicker to get them from a 64 bit field in the object instance 21 * rather than searching into the object attributes. 22 */ 23 #define PKCS11_BOOLPROPS_BASE 0 24 #define PKCS11_BOOLPROPS_MAX_COUNT 64 25 26 enum boolprop_attr { 27 BPA_TOKEN = 0, 28 BPA_PRIVATE, 29 BPA_TRUSTED, 30 BPA_SENSITIVE, 31 BPA_ENCRYPT, 32 BPA_DECRYPT, 33 BPA_WRAP, 34 BPA_UNWRAP, 35 BPA_SIGN, 36 BPA_SIGN_RECOVER, 37 BPA_VERIFY, 38 BPA_VERIFY_RECOVER, 39 BPA_DERIVE, 40 BPA_EXTRACTABLE, 41 BPA_LOCAL, 42 BPA_NEVER_EXTRACTABLE, 43 BPA_ALWAYS_SENSITIVE, 44 BPA_MODIFIABLE, 45 BPA_COPYABLE, 46 BPA_DESTROYABLE, 47 BPA_ALWAYS_AUTHENTICATE, 48 BPA_WRAP_WITH_TRUSTED, 49 }; 50 51 /* 52 * Header of a serialized memory object inside PKCS11 TA. 53 * 54 * @attrs_size: byte size of the serialized data 55 * @attrs_count: number of items in the blob 56 * @attrs: then starts the blob binary data 57 */ 58 struct obj_attrs { 59 uint32_t attrs_size; 60 uint32_t attrs_count; 61 uint8_t attrs[]; 62 }; 63 64 /* 65 * init_attributes_head() - Allocate a reference for serialized attributes 66 * @head: *@head holds the retrieved pointer 67 * 68 * Retrieved pointer can be freed from a simple TEE_Free(reference). 69 * 70 * Return a PKCS11_OK on success or a PKCS11 return code. 71 */ 72 enum pkcs11_rc init_attributes_head(struct obj_attrs **head); 73 74 /* 75 * add_attribute() - Update serialized attributes to add an entry. 76 * 77 * @head: *@head points to serialized attributes, 78 * can be reallocated as attributes are added 79 * @attribute: Attribute ID to add 80 * @data: Opaque data of attribute 81 * @size: Size of data 82 * 83 * Return a PKCS11_OK on success or a PKCS11 return code. 84 */ 85 enum pkcs11_rc add_attribute(struct obj_attrs **head, uint32_t attribute, 86 void *data, size_t size); 87 88 /* 89 * get_attribute_ptrs() - Get pointers to attributes with a given ID 90 * @head: Pointer to serialized attributes 91 * @attribute: Attribute ID to look for 92 * @attr: Array of pointers to the data inside @head 93 * @attr_size: Array of uint32_t holding the sizes of each value pointed to 94 * by @attr 95 * @count: Number of elements in the arrays above 96 * 97 * If *count == 0, count and return in *count the number of attributes matching 98 * the input attribute ID. 99 * 100 * If *count != 0, return the address and size of the attributes found, up to 101 * the occurrence number *count. attr and attr_size are expected large 102 * enough. attr is the output array of the values found. attr_size is the 103 * output array of the size of each value found. 104 * 105 * If attr_size != NULL, return in *attr_size attribute value size. 106 * If attr != NULL return in *attr the address of the attribute value. 107 */ 108 void get_attribute_ptrs(struct obj_attrs *head, uint32_t attribute, 109 void **attr, uint32_t *attr_size, size_t *count); 110 111 /* 112 * get_attribute_ptrs() - Get pointer to the attribute of a given ID 113 * @head: Pointer to serialized attributes 114 * @attribute: Attribute ID 115 * @attr: *@attr holds the retrieved pointer to the attribute value 116 * @attr_size: Size of the attribute value 117 * 118 * If no matching attributes is found return PKCS11_RV_NOT_FOUND. 119 * If attr_size != NULL, return in *attr_size attribute value size. 120 * If attr != NULL, return in *attr the address of the attribute value. 121 * 122 * Return a PKCS11_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 123 * code. 124 */ 125 enum pkcs11_rc get_attribute_ptr(struct obj_attrs *head, uint32_t attribute, 126 void **attr_ptr, uint32_t *attr_size); 127 /* 128 * get_attribute() - Copy out the attribute of a given ID 129 * @head: Pointer to serialized attributes 130 * @attribute: Attribute ID to look for 131 * @attr: holds the retrieved attribute value 132 * @attr_size: Size of the attribute value 133 * 134 * If attribute is not found, return PKCS11_RV_NOT_FOUND. 135 * If attr_size != NULL, check *attr_size matches attributes size and return 136 * PKCS11_CKR_BUFFER_TOO_SMALL with expected size in *attr_size. 137 * If attr != NULL and attr_size is NULL or gives expected buffer size, 138 * copy attribute value into attr. 139 * 140 * Return a PKCS11_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 141 * code. 142 */ 143 enum pkcs11_rc get_attribute(struct obj_attrs *head, uint32_t attribute, 144 void *attr, uint32_t *attr_size); 145 146 /* 147 * get_u32_attribute() - Copy out the 32-bit attribute value of a given ID 148 * @head: Pointer to serialized attributes 149 * @attribute: Attribute ID 150 * @attr: holds the retrieved 32-bit attribute value 151 * 152 * If attribute is not found, return PKCS11_RV_NOT_FOUND. 153 * If the retreived attribute doesn't have a 4 byte sized value 154 * PKCS11_CKR_GENERAL_ERROR is returned. 155 * 156 * Return a PKCS11_OK or PKCS11_RV_NOT_FOUND on success, or a PKCS11 return 157 * code. 158 */ 159 160 static inline enum pkcs11_rc get_u32_attribute(struct obj_attrs *head, 161 uint32_t attribute, 162 uint32_t *attr) 163 { 164 uint32_t size = sizeof(uint32_t); 165 enum pkcs11_rc rc = get_attribute(head, attribute, attr, &size); 166 167 if (!rc && size != sizeof(uint32_t)) 168 return PKCS11_CKR_GENERAL_ERROR; 169 170 return rc; 171 } 172 173 /* 174 * get_class() - Get class ID of an object 175 * @head: Pointer to serialized attributes 176 * 177 * Returns the class ID of an object on succes or returns 178 * PKCS11_CKO_UNDEFINED_ID on error. 179 */ 180 static inline enum pkcs11_class_id get_class(struct obj_attrs *head) 181 { 182 uint32_t class = 0; 183 uint32_t size = sizeof(class); 184 185 if (get_attribute(head, PKCS11_CKA_CLASS, &class, &size)) 186 return PKCS11_CKO_UNDEFINED_ID; 187 188 return class; 189 } 190 191 /* 192 * get_key_type() - Get the key type of an object 193 * @head: Pointer to serialized attributes 194 * 195 * Returns the key type of an object on success or returns 196 * PKCS11_CKK_UNDEFINED_ID on error. 197 */ 198 static inline enum pkcs11_key_type get_key_type(struct obj_attrs *head) 199 { 200 uint32_t type = 0; 201 uint32_t size = sizeof(type); 202 203 if (get_attribute(head, PKCS11_CKA_KEY_TYPE, &type, &size)) 204 return PKCS11_CKK_UNDEFINED_ID; 205 206 return type; 207 } 208 209 /* 210 * get_mechanism_type() - Get the mechanism type of an object 211 * @head: Pointer to serialized attributes 212 * 213 * Returns the mechanism type of an object on success or returns 214 * PKCS11_CKM_UNDEFINED_ID on error. 215 */ 216 static inline enum pkcs11_mechanism_id get_mechanism_type(struct obj_attrs *head) 217 { 218 uint32_t type = 0; 219 uint32_t size = sizeof(type); 220 221 if (get_attribute(head, PKCS11_CKA_MECHANISM_TYPE, &type, &size)) 222 return PKCS11_CKM_UNDEFINED_ID; 223 224 return type; 225 } 226 227 /* 228 * get_bool() - Get the bool value of an attribute 229 * @head: Pointer to serialized attributes 230 * @attribute: Attribute ID to look for 231 * 232 * May assert if attribute ID isn't of the boolean type. 233 * 234 * Returns the bool value of the supplied attribute ID on success if found 235 * else false. 236 */ 237 bool get_bool(struct obj_attrs *head, uint32_t attribute); 238 239 #if CFG_TEE_TA_LOG_LEVEL > 0 240 /* Debug: dump object attributes to IMSG() trace console */ 241 void trace_attributes(const char *prefix, void *ref); 242 #else 243 static inline void trace_attributes(const char *prefix __unused, 244 void *ref __unused) 245 { 246 } 247 #endif /*CFG_TEE_TA_LOG_LEVEL*/ 248 #endif /*PKCS11_TA_ATTRIBUTES_H*/ 249