1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2020, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <config.h> 8 #include <inttypes.h> 9 #include <mbedtls/asn1write.h> 10 #include <mbedtls/ecp.h> 11 #include <mbedtls/pk.h> 12 #include <pkcs11_ta.h> 13 #include <stdlib.h> 14 #include <tee_internal_api_extensions.h> 15 #include <tee_internal_api.h> 16 #include <trace.h> 17 #include <util.h> 18 19 #include "attributes.h" 20 #include "handle.h" 21 #include "pkcs11_attributes.h" 22 #include "pkcs11_helpers.h" 23 #include "pkcs11_token.h" 24 #include "processing.h" 25 #include "sanitize_object.h" 26 #include "serializer.h" 27 #include "token_capabilities.h" 28 29 static uint32_t pkcs11_func2ckfm(enum processing_func function) 30 { 31 switch (function) { 32 case PKCS11_FUNCTION_DIGEST: 33 return PKCS11_CKFM_DIGEST; 34 case PKCS11_FUNCTION_GENERATE: 35 return PKCS11_CKFM_GENERATE; 36 case PKCS11_FUNCTION_GENERATE_PAIR: 37 return PKCS11_CKFM_GENERATE_KEY_PAIR; 38 case PKCS11_FUNCTION_DERIVE: 39 return PKCS11_CKFM_DERIVE; 40 case PKCS11_FUNCTION_WRAP: 41 return PKCS11_CKFM_WRAP; 42 case PKCS11_FUNCTION_UNWRAP: 43 return PKCS11_CKFM_UNWRAP; 44 case PKCS11_FUNCTION_ENCRYPT: 45 return PKCS11_CKFM_ENCRYPT; 46 case PKCS11_FUNCTION_DECRYPT: 47 return PKCS11_CKFM_DECRYPT; 48 case PKCS11_FUNCTION_SIGN: 49 return PKCS11_CKFM_SIGN; 50 case PKCS11_FUNCTION_VERIFY: 51 return PKCS11_CKFM_VERIFY; 52 case PKCS11_FUNCTION_SIGN_RECOVER: 53 return PKCS11_CKFM_SIGN_RECOVER; 54 case PKCS11_FUNCTION_VERIFY_RECOVER: 55 return PKCS11_CKFM_VERIFY_RECOVER; 56 default: 57 return 0; 58 } 59 } 60 61 enum pkcs11_rc 62 check_mechanism_against_processing(struct pkcs11_session *session, 63 enum pkcs11_mechanism_id mechanism_type, 64 enum processing_func function, 65 enum processing_step step) 66 { 67 bool allowed = false; 68 69 switch (step) { 70 case PKCS11_FUNC_STEP_INIT: 71 switch (function) { 72 case PKCS11_FUNCTION_IMPORT: 73 case PKCS11_FUNCTION_COPY: 74 case PKCS11_FUNCTION_MODIFY: 75 case PKCS11_FUNCTION_DESTROY: 76 return PKCS11_CKR_OK; 77 default: 78 break; 79 } 80 /* 81 * Check that the returned PKCS11_CKFM_* flag from 82 * pkcs11_func2ckfm() is among the ones from 83 * mechanism_supported_flags(). 84 */ 85 allowed = mechanism_supported_flags(mechanism_type) & 86 pkcs11_func2ckfm(function); 87 break; 88 89 case PKCS11_FUNC_STEP_ONESHOT: 90 if (session->processing->always_authen && 91 !session->processing->relogged) 92 return PKCS11_CKR_USER_NOT_LOGGED_IN; 93 94 if (session->processing->step == PKCS11_FUNC_STEP_UPDATE || 95 session->processing->step == PKCS11_FUNC_STEP_FINAL) { 96 EMSG("Cannot perform one-shot on active processing"); 97 return PKCS11_CKR_OPERATION_ACTIVE; 98 } 99 100 allowed = true; 101 break; 102 103 case PKCS11_FUNC_STEP_UPDATE: 104 if (session->processing->always_authen && 105 !session->processing->relogged) 106 return PKCS11_CKR_USER_NOT_LOGGED_IN; 107 108 if (session->processing->step == PKCS11_FUNC_STEP_ONESHOT || 109 session->processing->step == PKCS11_FUNC_STEP_FINAL) { 110 EMSG("Cannot perform update on finalized processing"); 111 return PKCS11_CKR_OPERATION_ACTIVE; 112 } 113 114 allowed = !mechanism_is_one_shot_only(mechanism_type); 115 break; 116 117 case PKCS11_FUNC_STEP_UPDATE_KEY: 118 assert(function == PKCS11_FUNCTION_DIGEST); 119 120 if (session->processing->always_authen && 121 !session->processing->relogged) 122 return PKCS11_CKR_USER_NOT_LOGGED_IN; 123 124 allowed = true; 125 break; 126 127 case PKCS11_FUNC_STEP_FINAL: 128 if (session->processing->always_authen && 129 !session->processing->relogged) 130 return PKCS11_CKR_USER_NOT_LOGGED_IN; 131 132 if (session->processing->step == PKCS11_FUNC_STEP_ONESHOT) { 133 EMSG("Cannot perform final on oneshot processing"); 134 return PKCS11_CKR_OPERATION_ACTIVE; 135 } 136 return PKCS11_CKR_OK; 137 138 default: 139 TEE_Panic(step); 140 break; 141 } 142 143 if (!allowed) { 144 EMSG("Processing %#x/%s not permitted (%u/%u)", 145 (unsigned int)mechanism_type, id2str_proc(mechanism_type), 146 function, step); 147 return PKCS11_CKR_MECHANISM_INVALID; 148 } 149 150 return PKCS11_CKR_OK; 151 } 152 153 /* 154 * Object default boolean attributes as per PKCS#11 155 */ 156 static uint8_t *pkcs11_object_default_boolprop(uint32_t attribute) 157 { 158 static const uint8_t bool_true = 1; 159 static const uint8_t bool_false; 160 161 switch (attribute) { 162 /* As per PKCS#11 default value */ 163 case PKCS11_CKA_MODIFIABLE: 164 case PKCS11_CKA_COPYABLE: 165 case PKCS11_CKA_DESTROYABLE: 166 return (uint8_t *)&bool_true; 167 case PKCS11_CKA_TOKEN: 168 case PKCS11_CKA_PRIVATE: 169 case PKCS11_CKA_WRAP_WITH_TRUSTED: 170 case PKCS11_CKA_ALWAYS_AUTHENTICATE: 171 case PKCS11_CKA_SENSITIVE: 172 return (uint8_t *)&bool_false; 173 /* Token specific default value */ 174 case PKCS11_CKA_SIGN: 175 case PKCS11_CKA_VERIFY: 176 case PKCS11_CKA_DERIVE: 177 case PKCS11_CKA_ENCRYPT: 178 case PKCS11_CKA_DECRYPT: 179 case PKCS11_CKA_SIGN_RECOVER: 180 case PKCS11_CKA_VERIFY_RECOVER: 181 case PKCS11_CKA_WRAP: 182 case PKCS11_CKA_UNWRAP: 183 case PKCS11_CKA_EXTRACTABLE: 184 case PKCS11_CKA_TRUSTED: 185 return (uint8_t *)&bool_false; 186 default: 187 DMSG("No default for boolprop attribute %#"PRIx32, attribute); 188 return NULL; 189 } 190 } 191 192 /* 193 * Object expects several boolean attributes to be set to a default value 194 * or to a validate client configuration value. This function append the input 195 * attribute (id/size/value) in the serialized object. 196 */ 197 static enum pkcs11_rc pkcs11_import_object_boolprop(struct obj_attrs **out, 198 struct obj_attrs *templ, 199 uint32_t attribute) 200 { 201 enum pkcs11_rc rc = PKCS11_CKR_OK; 202 uint8_t bbool = 0; 203 uint32_t size = sizeof(uint8_t); 204 void *attr = NULL; 205 206 rc = get_attribute(templ, attribute, &bbool, &size); 207 if (rc) { 208 if (rc != PKCS11_RV_NOT_FOUND) 209 return rc; 210 attr = pkcs11_object_default_boolprop(attribute); 211 if (!attr) 212 return PKCS11_CKR_TEMPLATE_INCOMPLETE; 213 } else { 214 attr = &bbool; 215 } 216 217 /* Boolean attributes are 1byte in the ABI, no alignment issue */ 218 return add_attribute(out, attribute, attr, sizeof(uint8_t)); 219 } 220 221 static enum pkcs11_rc set_mandatory_boolprops(struct obj_attrs **out, 222 struct obj_attrs *temp, 223 uint32_t const *bp, 224 size_t bp_count) 225 { 226 enum pkcs11_rc rc = PKCS11_CKR_OK; 227 size_t n = 0; 228 229 for (n = 0; n < bp_count; n++) { 230 rc = pkcs11_import_object_boolprop(out, temp, bp[n]); 231 if (rc) 232 return rc; 233 } 234 235 return rc; 236 } 237 238 static enum pkcs11_rc set_mandatory_attributes(struct obj_attrs **out, 239 struct obj_attrs *temp, 240 uint32_t const *attrs, 241 size_t attrs_count) 242 { 243 enum pkcs11_rc rc = PKCS11_CKR_OK; 244 size_t n = 0; 245 246 for (n = 0; n < attrs_count; n++) { 247 uint32_t size = 0; 248 void *value = NULL; 249 250 if (get_attribute_ptr(temp, attrs[n], &value, &size)) 251 return PKCS11_CKR_TEMPLATE_INCOMPLETE; 252 253 rc = add_attribute(out, attrs[n], value, size); 254 if (rc) 255 return rc; 256 } 257 258 return rc; 259 } 260 261 static enum pkcs11_rc get_default_value(enum pkcs11_attr_id id __maybe_unused, 262 void **value, uint32_t *size) 263 { 264 /* should have been taken care of already */ 265 assert(!pkcs11_attr_is_boolean(id)); 266 267 /* All other attributes have an empty default value */ 268 *value = NULL; 269 *size = 0; 270 return PKCS11_CKR_OK; 271 } 272 273 static enum pkcs11_rc set_optional_attributes_with_def(struct obj_attrs **out, 274 struct obj_attrs *temp, 275 uint32_t const *attrs, 276 size_t attrs_count, 277 bool default_to_null) 278 { 279 enum pkcs11_rc rc = PKCS11_CKR_OK; 280 size_t n = 0; 281 282 for (n = 0; n < attrs_count; n++) { 283 uint32_t size = 0; 284 void *value = NULL; 285 286 rc = get_attribute_ptr(temp, attrs[n], &value, &size); 287 if (rc == PKCS11_RV_NOT_FOUND) { 288 if (default_to_null) { 289 rc = get_default_value(attrs[n], &value, &size); 290 } else { 291 rc = PKCS11_CKR_OK; 292 continue; 293 } 294 } 295 if (rc) 296 return rc; 297 298 rc = add_attribute(out, attrs[n], value, size); 299 if (rc) 300 return rc; 301 } 302 303 return rc; 304 } 305 306 static enum pkcs11_rc set_attributes_opt_or_null(struct obj_attrs **out, 307 struct obj_attrs *temp, 308 uint32_t const *attrs, 309 size_t attrs_count) 310 { 311 return set_optional_attributes_with_def(out, temp, attrs, attrs_count, 312 true /* defaults to empty */); 313 } 314 315 static enum pkcs11_rc set_optional_attributes(struct obj_attrs **out, 316 struct obj_attrs *temp, 317 uint32_t const *attrs, 318 size_t attrs_count) 319 { 320 return set_optional_attributes_with_def(out, temp, attrs, attrs_count, 321 false /* no default value */); 322 } 323 324 /* 325 * Below are listed the mandated or optional expected attributes for 326 * PKCS#11 storage objects. 327 * 328 * Note: boolprops (mandated boolean attributes) PKCS11_CKA_ALWAYS_SENSITIVE, 329 * and PKCS11_CKA_NEVER_EXTRACTABLE are set by the token, not provided 330 * in the client template. 331 */ 332 333 /* PKCS#11 specification for any object (session/token) of the storage */ 334 static const uint32_t any_object_boolprops[] = { 335 PKCS11_CKA_TOKEN, PKCS11_CKA_PRIVATE, 336 PKCS11_CKA_MODIFIABLE, PKCS11_CKA_COPYABLE, PKCS11_CKA_DESTROYABLE, 337 }; 338 339 static const uint32_t any_object_opt_or_null[] = { 340 PKCS11_CKA_LABEL, 341 }; 342 343 /* PKCS#11 specification for raw data object (+any_object_xxx) */ 344 const uint32_t raw_data_opt_or_null[] = { 345 PKCS11_CKA_OBJECT_ID, PKCS11_CKA_APPLICATION, PKCS11_CKA_VALUE, 346 }; 347 348 /* PKCS#11 specification for certificate object (+pkcs11_any_object_xxx) */ 349 static const uint32_t pkcs11_certificate_mandated[] = { 350 PKCS11_CKA_CERTIFICATE_TYPE, 351 }; 352 353 static const uint32_t pkcs11_certificate_boolprops[] = { 354 PKCS11_CKA_TRUSTED, 355 }; 356 357 static const uint32_t pkcs11_certificate_optional[] = { 358 PKCS11_CKA_CERTIFICATE_CATEGORY, PKCS11_CKA_START_DATE, 359 PKCS11_CKA_END_DATE, PKCS11_CKA_PUBLIC_KEY_INFO, 360 #ifdef CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE 361 /* Consider KCV attribute only when supported */ 362 PKCS11_CKA_CHECK_VALUE, 363 #endif 364 }; 365 366 /* 367 * PKCS#11 specification for X.509 certificate object (+pkcs11_certificate_xxx) 368 */ 369 static const uint32_t pkcs11_x509_certificate_mandated[] = { 370 PKCS11_CKA_SUBJECT, 371 }; 372 373 static const uint32_t pkcs11_x509_certificate_optional[] = { 374 PKCS11_CKA_ID, PKCS11_CKA_ISSUER, PKCS11_CKA_SERIAL_NUMBER, 375 PKCS11_CKA_VALUE, PKCS11_CKA_URL, 376 PKCS11_CKA_HASH_OF_SUBJECT_PUBLIC_KEY, 377 PKCS11_CKA_HASH_OF_ISSUER_PUBLIC_KEY, 378 PKCS11_CKA_JAVA_MIDP_SECURITY_DOMAIN, PKCS11_CKA_NAME_HASH_ALGORITHM, 379 }; 380 381 /* PKCS#11 specification for any key object (+any_object_xxx) */ 382 static const uint32_t any_key_boolprops[] = { 383 PKCS11_CKA_DERIVE, 384 }; 385 386 static const uint32_t any_key_opt_or_null[] = { 387 PKCS11_CKA_ID, 388 PKCS11_CKA_START_DATE, PKCS11_CKA_END_DATE, 389 }; 390 391 static const uint32_t any_key_optional[] = { 392 PKCS11_CKA_ALLOWED_MECHANISMS, 393 }; 394 395 /* PKCS#11 specification for any symmetric key (+any_key_xxx) */ 396 static const uint32_t symm_key_boolprops[] = { 397 PKCS11_CKA_ENCRYPT, PKCS11_CKA_DECRYPT, 398 PKCS11_CKA_SIGN, PKCS11_CKA_VERIFY, 399 PKCS11_CKA_WRAP, PKCS11_CKA_UNWRAP, 400 PKCS11_CKA_SENSITIVE, PKCS11_CKA_EXTRACTABLE, 401 PKCS11_CKA_WRAP_WITH_TRUSTED, PKCS11_CKA_TRUSTED, 402 }; 403 404 static const uint32_t symm_key_opt_or_null[] = { 405 PKCS11_CKA_WRAP_TEMPLATE, PKCS11_CKA_UNWRAP_TEMPLATE, 406 PKCS11_CKA_DERIVE_TEMPLATE, PKCS11_CKA_VALUE, 407 }; 408 409 static const uint32_t symm_key_optional[] = { 410 PKCS11_CKA_VALUE_LEN, 411 #ifdef CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE 412 /* Consider KCV attribute only when supported */ 413 PKCS11_CKA_CHECK_VALUE, 414 #endif 415 }; 416 417 /* PKCS#11 specification for any asymmetric public key (+any_key_xxx) */ 418 static const uint32_t public_key_boolprops[] = { 419 PKCS11_CKA_ENCRYPT, PKCS11_CKA_VERIFY, PKCS11_CKA_VERIFY_RECOVER, 420 PKCS11_CKA_WRAP, 421 PKCS11_CKA_TRUSTED, 422 }; 423 424 static const uint32_t public_key_mandated[] = { 425 }; 426 427 static const uint32_t public_key_opt_or_null[] = { 428 PKCS11_CKA_SUBJECT, PKCS11_CKA_WRAP_TEMPLATE, 429 PKCS11_CKA_PUBLIC_KEY_INFO, 430 }; 431 432 /* PKCS#11 specification for any asymmetric private key (+any_key_xxx) */ 433 static const uint32_t private_key_boolprops[] = { 434 PKCS11_CKA_DECRYPT, PKCS11_CKA_SIGN, PKCS11_CKA_SIGN_RECOVER, 435 PKCS11_CKA_UNWRAP, 436 PKCS11_CKA_SENSITIVE, PKCS11_CKA_EXTRACTABLE, 437 PKCS11_CKA_WRAP_WITH_TRUSTED, PKCS11_CKA_ALWAYS_AUTHENTICATE, 438 }; 439 440 static const uint32_t private_key_mandated[] = { 441 }; 442 443 static const uint32_t private_key_opt_or_null[] = { 444 PKCS11_CKA_SUBJECT, PKCS11_CKA_UNWRAP_TEMPLATE, 445 PKCS11_CKA_PUBLIC_KEY_INFO, 446 }; 447 448 /* PKCS#11 specification for any RSA key (+public/private_key_xxx) */ 449 static const uint32_t rsa_pub_key_gen_mand[] = { 450 PKCS11_CKA_MODULUS_BITS, 451 }; 452 453 static const uint32_t rsa_pub_key_create_mand[] = { 454 PKCS11_CKA_MODULUS, PKCS11_CKA_PUBLIC_EXPONENT, 455 }; 456 457 static const uint32_t rsa_pub_key_gen_opt_or_null[] = { 458 PKCS11_CKA_PUBLIC_EXPONENT, 459 }; 460 461 static const uint32_t rsa_priv_key_opt_or_null[] = { 462 PKCS11_CKA_MODULUS, PKCS11_CKA_PUBLIC_EXPONENT, 463 PKCS11_CKA_PRIVATE_EXPONENT, 464 PKCS11_CKA_PRIME_1, PKCS11_CKA_PRIME_2, 465 PKCS11_CKA_EXPONENT_1, PKCS11_CKA_EXPONENT_2, PKCS11_CKA_COEFFICIENT, 466 }; 467 468 /* PKCS#11 specification for any EC key (+public/private_key_xxx) */ 469 static const uint32_t ec_public_key_mandated[] = { 470 PKCS11_CKA_EC_PARAMS, 471 }; 472 473 static const uint32_t ec_public_key_opt_or_null[] = { 474 PKCS11_CKA_EC_POINT, 475 }; 476 477 static const uint32_t ec_private_key_mandated[] = { 478 }; 479 480 static const uint32_t ec_private_key_opt_or_null[] = { 481 PKCS11_CKA_EC_PARAMS, 482 PKCS11_CKA_VALUE, 483 }; 484 485 static const uint32_t eddsa_private_key_opt_or_null[] = { 486 PKCS11_CKA_EC_PARAMS, 487 PKCS11_CKA_VALUE, 488 PKCS11_CKA_EC_POINT, 489 }; 490 491 static enum pkcs11_rc create_storage_attributes(struct obj_attrs **out, 492 struct obj_attrs *temp) 493 { 494 enum pkcs11_class_id class = PKCS11_CKO_UNDEFINED_ID; 495 enum pkcs11_rc rc = PKCS11_CKR_OK; 496 497 rc = init_attributes_head(out); 498 if (rc) 499 return rc; 500 501 /* Object class is mandatory */ 502 class = get_class(temp); 503 if (class == PKCS11_CKO_UNDEFINED_ID) { 504 EMSG("Class attribute not found"); 505 506 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 507 } 508 rc = add_attribute(out, PKCS11_CKA_CLASS, &class, sizeof(uint32_t)); 509 if (rc) 510 return rc; 511 512 rc = set_mandatory_boolprops(out, temp, any_object_boolprops, 513 ARRAY_SIZE(any_object_boolprops)); 514 if (rc) 515 return rc; 516 517 return set_attributes_opt_or_null(out, temp, any_object_opt_or_null, 518 ARRAY_SIZE(any_object_opt_or_null)); 519 } 520 521 static enum pkcs11_rc create_genkey_attributes(struct obj_attrs **out, 522 struct obj_attrs *temp) 523 { 524 uint32_t type = PKCS11_CKO_UNDEFINED_ID; 525 enum pkcs11_rc rc = PKCS11_CKR_OK; 526 527 rc = create_storage_attributes(out, temp); 528 if (rc) 529 return rc; 530 531 type = get_key_type(temp); 532 if (type == PKCS11_CKK_UNDEFINED_ID) { 533 EMSG("Key type attribute not found"); 534 535 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 536 } 537 rc = add_attribute(out, PKCS11_CKA_KEY_TYPE, &type, sizeof(uint32_t)); 538 if (rc) 539 return rc; 540 541 rc = set_mandatory_boolprops(out, temp, any_key_boolprops, 542 ARRAY_SIZE(any_key_boolprops)); 543 if (rc) 544 return rc; 545 546 rc = set_attributes_opt_or_null(out, temp, any_key_opt_or_null, 547 ARRAY_SIZE(any_key_opt_or_null)); 548 if (rc) 549 return rc; 550 551 return set_optional_attributes(out, temp, any_key_optional, 552 ARRAY_SIZE(any_key_optional)); 553 554 } 555 556 static enum pkcs11_rc create_symm_key_attributes(struct obj_attrs **out, 557 struct obj_attrs *temp) 558 { 559 enum pkcs11_rc rc = PKCS11_CKR_OK; 560 561 assert(get_class(temp) == PKCS11_CKO_SECRET_KEY); 562 563 rc = create_genkey_attributes(out, temp); 564 if (rc) 565 return rc; 566 567 assert(get_class(*out) == PKCS11_CKO_SECRET_KEY); 568 569 switch (get_key_type(*out)) { 570 case PKCS11_CKK_GENERIC_SECRET: 571 case PKCS11_CKK_AES: 572 case PKCS11_CKK_MD5_HMAC: 573 case PKCS11_CKK_SHA_1_HMAC: 574 case PKCS11_CKK_SHA256_HMAC: 575 case PKCS11_CKK_SHA384_HMAC: 576 case PKCS11_CKK_SHA512_HMAC: 577 case PKCS11_CKK_SHA224_HMAC: 578 break; 579 default: 580 EMSG("Invalid key type %#"PRIx32"/%s", 581 get_key_type(*out), id2str_key_type(get_key_type(*out))); 582 583 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 584 } 585 586 rc = set_mandatory_boolprops(out, temp, symm_key_boolprops, 587 ARRAY_SIZE(symm_key_boolprops)); 588 if (rc) 589 return rc; 590 591 rc = set_attributes_opt_or_null(out, temp, symm_key_opt_or_null, 592 ARRAY_SIZE(symm_key_opt_or_null)); 593 if (rc) 594 return rc; 595 596 return set_optional_attributes(out, temp, symm_key_optional, 597 ARRAY_SIZE(symm_key_optional)); 598 } 599 600 static enum pkcs11_rc create_data_attributes(struct obj_attrs **out, 601 struct obj_attrs *temp) 602 { 603 enum pkcs11_rc rc = PKCS11_CKR_OK; 604 605 assert(get_class(temp) == PKCS11_CKO_DATA); 606 607 rc = create_storage_attributes(out, temp); 608 if (rc) 609 return rc; 610 611 assert(get_class(*out) == PKCS11_CKO_DATA); 612 613 return set_attributes_opt_or_null(out, temp, raw_data_opt_or_null, 614 ARRAY_SIZE(raw_data_opt_or_null)); 615 } 616 617 static enum pkcs11_rc create_certificate_attributes(struct obj_attrs **out, 618 struct obj_attrs *temp) 619 { 620 uint32_t const *mandated = NULL; 621 uint32_t const *optional = NULL; 622 size_t mandated_count = 0; 623 size_t optional_count = 0; 624 void *attr_value = NULL; 625 uint32_t attr_size = 0; 626 uint32_t default_cert_category = 627 PKCS11_CK_CERTIFICATE_CATEGORY_UNSPECIFIED; 628 uint32_t default_name_hash_alg = PKCS11_CKM_SHA_1; 629 uint32_t cert_category = 0; 630 enum pkcs11_rc rc = PKCS11_CKR_OK; 631 632 assert(get_class(temp) == PKCS11_CKO_CERTIFICATE); 633 634 rc = create_storage_attributes(out, temp); 635 if (rc) 636 return rc; 637 638 assert(get_class(*out) == PKCS11_CKO_CERTIFICATE); 639 640 rc = set_mandatory_boolprops(out, temp, pkcs11_certificate_boolprops, 641 ARRAY_SIZE(pkcs11_certificate_boolprops)); 642 if (rc) 643 return rc; 644 645 rc = set_mandatory_attributes(out, temp, pkcs11_certificate_mandated, 646 ARRAY_SIZE(pkcs11_certificate_mandated)); 647 if (rc) 648 return rc; 649 650 rc = set_optional_attributes(out, temp, pkcs11_certificate_optional, 651 ARRAY_SIZE(pkcs11_certificate_optional)); 652 if (rc) 653 return rc; 654 655 switch (get_certificate_type(*out)) { 656 case PKCS11_CKC_X_509: 657 mandated = pkcs11_x509_certificate_mandated; 658 optional = pkcs11_x509_certificate_optional; 659 mandated_count = ARRAY_SIZE(pkcs11_x509_certificate_mandated); 660 optional_count = ARRAY_SIZE(pkcs11_x509_certificate_optional); 661 break; 662 default: 663 EMSG("Invalid certificate type %#"PRIx32"/%s", 664 get_certificate_type(*out), 665 id2str_certificate_type(get_certificate_type(*out))); 666 667 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 668 } 669 670 rc = set_mandatory_attributes(out, temp, mandated, mandated_count); 671 if (rc) 672 return rc; 673 674 rc = set_optional_attributes(out, temp, optional, optional_count); 675 if (rc) 676 return rc; 677 678 attr_size = 0; 679 rc = get_attribute_ptr(*out, PKCS11_CKA_CERTIFICATE_CATEGORY, 680 &attr_value, &attr_size); 681 if (rc == PKCS11_CKR_OK && attr_size == sizeof(cert_category)) { 682 /* Sanitize certificate category */ 683 TEE_MemMove(&cert_category, attr_value, sizeof(cert_category)); 684 685 switch (cert_category) { 686 case PKCS11_CK_CERTIFICATE_CATEGORY_UNSPECIFIED: 687 case PKCS11_CK_CERTIFICATE_CATEGORY_TOKEN_USER: 688 case PKCS11_CK_CERTIFICATE_CATEGORY_AUTHORITY: 689 case PKCS11_CK_CERTIFICATE_CATEGORY_OTHER_ENTITY: 690 break; 691 default: 692 EMSG("Invalid certificate category %#"PRIx32, 693 cert_category); 694 695 return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID; 696 } 697 } else if (rc == PKCS11_RV_NOT_FOUND) { 698 /* Set default category when missing */ 699 rc = set_attribute(out, PKCS11_CKA_CERTIFICATE_CATEGORY, 700 &default_cert_category, 701 sizeof(default_cert_category)); 702 if (rc) 703 return rc; 704 } else { 705 /* All other cases are errors */ 706 EMSG("Invalid certificate category"); 707 708 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 709 } 710 711 attr_size = 0; 712 rc = get_attribute_ptr(*out, PKCS11_CKA_NAME_HASH_ALGORITHM, NULL, 713 &attr_size); 714 if (rc == PKCS11_CKR_OK && attr_size == sizeof(uint32_t)) { 715 /* We accept any algorithm what caller wanted to specify */ 716 } else if (rc == PKCS11_RV_NOT_FOUND) { 717 /* Set default hash algorithm when missing */ 718 rc = set_attribute(out, PKCS11_CKA_NAME_HASH_ALGORITHM, 719 &default_name_hash_alg, 720 sizeof(default_name_hash_alg)); 721 if (rc) 722 return rc; 723 } else { 724 /* All other cases are errors */ 725 EMSG("Invalid name hash algorithm"); 726 727 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 728 } 729 730 return rc; 731 } 732 733 static enum pkcs11_rc create_pub_key_attributes(struct obj_attrs **out, 734 struct obj_attrs *temp, 735 enum processing_func function) 736 { 737 uint32_t const *mandated = NULL; 738 uint32_t const *oon = NULL; 739 size_t mandated_count = 0; 740 size_t oon_count = 0; 741 enum pkcs11_rc rc = PKCS11_CKR_OK; 742 743 assert(get_class(temp) == PKCS11_CKO_PUBLIC_KEY); 744 745 rc = create_genkey_attributes(out, temp); 746 if (rc) 747 return rc; 748 749 assert(get_class(*out) == PKCS11_CKO_PUBLIC_KEY); 750 751 rc = set_mandatory_boolprops(out, temp, public_key_boolprops, 752 ARRAY_SIZE(public_key_boolprops)); 753 if (rc) 754 return rc; 755 756 rc = set_mandatory_attributes(out, temp, public_key_mandated, 757 ARRAY_SIZE(public_key_mandated)); 758 if (rc) 759 return rc; 760 761 rc = set_attributes_opt_or_null(out, temp, 762 public_key_opt_or_null, 763 ARRAY_SIZE(public_key_opt_or_null)); 764 if (rc) 765 return rc; 766 767 switch (get_key_type(*out)) { 768 case PKCS11_CKK_RSA: 769 switch (function) { 770 case PKCS11_FUNCTION_GENERATE_PAIR: 771 mandated = rsa_pub_key_gen_mand; 772 oon = rsa_pub_key_gen_opt_or_null; 773 mandated_count = ARRAY_SIZE(rsa_pub_key_gen_mand); 774 oon_count = ARRAY_SIZE(rsa_pub_key_gen_opt_or_null); 775 break; 776 case PKCS11_FUNCTION_IMPORT: 777 mandated = rsa_pub_key_create_mand; 778 mandated_count = ARRAY_SIZE(rsa_pub_key_create_mand); 779 break; 780 default: 781 EMSG("Unsupported function %#"PRIx32"/%s", function, 782 id2str_function(function)); 783 784 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 785 } 786 break; 787 case PKCS11_CKK_EC: 788 case PKCS11_CKK_EC_EDWARDS: 789 mandated = ec_public_key_mandated; 790 oon = ec_public_key_opt_or_null; 791 mandated_count = ARRAY_SIZE(ec_public_key_mandated); 792 oon_count = ARRAY_SIZE(ec_public_key_opt_or_null); 793 break; 794 default: 795 EMSG("Invalid key type %#"PRIx32"/%s", 796 get_key_type(*out), id2str_key_type(get_key_type(*out))); 797 798 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 799 } 800 801 rc = set_mandatory_attributes(out, temp, mandated, mandated_count); 802 if (rc) 803 return rc; 804 805 return set_attributes_opt_or_null(out, temp, oon, oon_count); 806 } 807 808 static enum pkcs11_rc 809 create_pub_key_rsa_generated_attributes(struct obj_attrs **out, 810 struct obj_attrs *temp, 811 enum processing_func function) 812 { 813 uint32_t key_bits = 0; 814 void *a_ptr = NULL; 815 uint32_t a_size = 0; 816 817 if (function != PKCS11_FUNCTION_IMPORT) 818 return PKCS11_CKR_OK; 819 820 /* Calculate CKA_MODULUS_BITS */ 821 822 if (get_attribute_ptr(temp, PKCS11_CKA_MODULUS, 823 &a_ptr, &a_size) || !a_ptr) { 824 EMSG("No CKA_MODULUS attribute found in public key"); 825 return PKCS11_CKR_ATTRIBUTE_TYPE_INVALID; 826 } 827 828 key_bits = a_size * 8; 829 830 return add_attribute(out, PKCS11_CKA_MODULUS_BITS, &key_bits, 831 sizeof(key_bits)); 832 } 833 834 static enum pkcs11_rc 835 create_pub_key_generated_attributes(struct obj_attrs **out, 836 struct obj_attrs *temp, 837 enum processing_func function) 838 { 839 enum pkcs11_rc rc = PKCS11_CKR_OK; 840 841 switch (get_key_type(*out)) { 842 case PKCS11_CKK_RSA: 843 rc = create_pub_key_rsa_generated_attributes(out, temp, 844 function); 845 break; 846 default: 847 /* no-op */ 848 break; 849 } 850 851 return rc; 852 } 853 854 static enum pkcs11_rc create_priv_key_attributes(struct obj_attrs **out, 855 struct obj_attrs *temp) 856 { 857 uint32_t const *mandated = NULL; 858 uint32_t const *oon = NULL; 859 size_t mandated_count = 0; 860 size_t oon_count = 0; 861 enum pkcs11_rc rc = PKCS11_CKR_OK; 862 863 assert(get_class(temp) == PKCS11_CKO_PRIVATE_KEY); 864 865 rc = create_genkey_attributes(out, temp); 866 if (rc) 867 return rc; 868 869 assert(get_class(*out) == PKCS11_CKO_PRIVATE_KEY); 870 871 rc = set_mandatory_boolprops(out, temp, private_key_boolprops, 872 ARRAY_SIZE(private_key_boolprops)); 873 if (rc) 874 return rc; 875 876 rc = set_mandatory_attributes(out, temp, private_key_mandated, 877 ARRAY_SIZE(private_key_mandated)); 878 if (rc) 879 return rc; 880 881 rc = set_attributes_opt_or_null(out, temp, private_key_opt_or_null, 882 ARRAY_SIZE(private_key_opt_or_null)); 883 if (rc) 884 return rc; 885 886 switch (get_key_type(*out)) { 887 case PKCS11_CKK_RSA: 888 oon = rsa_priv_key_opt_or_null; 889 oon_count = ARRAY_SIZE(rsa_priv_key_opt_or_null); 890 break; 891 case PKCS11_CKK_EC: 892 mandated = ec_private_key_mandated; 893 oon = ec_private_key_opt_or_null; 894 mandated_count = ARRAY_SIZE(ec_private_key_mandated); 895 oon_count = ARRAY_SIZE(ec_private_key_opt_or_null); 896 break; 897 case PKCS11_CKK_EC_EDWARDS: 898 mandated = ec_private_key_mandated; 899 oon = eddsa_private_key_opt_or_null; 900 mandated_count = ARRAY_SIZE(ec_private_key_mandated); 901 oon_count = ARRAY_SIZE(eddsa_private_key_opt_or_null); 902 break; 903 default: 904 EMSG("Invalid key type %#"PRIx32"/%s", 905 get_key_type(*out), id2str_key_type(get_key_type(*out))); 906 907 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 908 } 909 910 rc = set_mandatory_attributes(out, temp, mandated, mandated_count); 911 if (rc) 912 return rc; 913 914 return set_attributes_opt_or_null(out, temp, oon, oon_count); 915 } 916 917 static int mbd_rand(void *rng_state __unused, unsigned char *output, size_t len) 918 { 919 TEE_GenerateRandom(output, len); 920 return 0; 921 } 922 923 static enum pkcs11_rc 924 create_ec_priv_key_hidden_attributes(struct obj_attrs **out, 925 struct obj_attrs *temp, 926 enum processing_func function) 927 { 928 struct mbedtls_ecp_keypair key_pair = { }; 929 mbedtls_ecp_group_id ec_curve = MBEDTLS_ECP_DP_NONE; 930 mbedtls_ecp_group key_pair_grp = { }; 931 mbedtls_ecp_point key_pair_Q = { }; 932 mbedtls_mpi key_pair_d = { }; 933 size_t buflen = 0; 934 uint8_t *buf = NULL; 935 size_t asnbuflen = 0; 936 uint8_t *asnbuf = NULL; 937 uint8_t *ptr = NULL; 938 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 939 int tee_size = 0; 940 int tee_curve = 0; 941 void *a_ptr = NULL; 942 uint32_t a_size = 0; 943 int ret = 0; 944 945 if (function != PKCS11_FUNCTION_IMPORT) 946 return PKCS11_CKR_OK; 947 948 /* 949 * TEE internal API requires that for private key operations there 950 * needs to be also public key available. 951 * 952 * Generate hidden EC point from private key. 953 */ 954 955 if (get_attribute_ptr(temp, PKCS11_CKA_EC_PARAMS, 956 &a_ptr, &a_size) || !a_ptr) { 957 EMSG("No EC_PARAMS attribute found in private key"); 958 return PKCS11_CKR_ATTRIBUTE_TYPE_INVALID; 959 } 960 961 /* Just valdiate that curve is found */ 962 tee_size = ec_params2tee_keysize(a_ptr, a_size); 963 if (!tee_size) { 964 EMSG("Unsupported EC_PARAMS curve"); 965 return PKCS11_CKR_CURVE_NOT_SUPPORTED; 966 } 967 968 tee_curve = ec_params2tee_curve(a_ptr, a_size); 969 970 switch (tee_curve) { 971 case TEE_ECC_CURVE_NIST_P192: 972 ec_curve = MBEDTLS_ECP_DP_SECP192R1; 973 break; 974 case TEE_ECC_CURVE_NIST_P224: 975 ec_curve = MBEDTLS_ECP_DP_SECP224R1; 976 break; 977 case TEE_ECC_CURVE_NIST_P256: 978 ec_curve = MBEDTLS_ECP_DP_SECP256R1; 979 break; 980 case TEE_ECC_CURVE_NIST_P384: 981 ec_curve = MBEDTLS_ECP_DP_SECP384R1; 982 break; 983 case TEE_ECC_CURVE_NIST_P521: 984 ec_curve = MBEDTLS_ECP_DP_SECP521R1; 985 break; 986 default: 987 EMSG("Failed to map EC_PARAMS to supported curve"); 988 return PKCS11_CKR_CURVE_NOT_SUPPORTED; 989 } 990 991 if (get_attribute_ptr(temp, PKCS11_CKA_VALUE, 992 &a_ptr, &a_size) || !a_ptr) { 993 EMSG("No VALUE attribute found in private key"); 994 return PKCS11_CKR_ATTRIBUTE_TYPE_INVALID; 995 } 996 997 mbedtls_ecp_keypair_init(&key_pair); 998 mbedtls_ecp_group_init(&key_pair_grp); 999 mbedtls_mpi_init(&key_pair_d); 1000 mbedtls_ecp_point_init(&key_pair_Q); 1001 1002 ret = mbedtls_ecp_read_key(ec_curve, &key_pair, a_ptr, a_size); 1003 if (ret) { 1004 EMSG("Failed to parse CKA_VALUE"); 1005 rc = PKCS11_CKR_ATTRIBUTE_TYPE_INVALID; 1006 goto out; 1007 } 1008 1009 ret = mbedtls_ecp_export(&key_pair, &key_pair_grp, &key_pair_d, 1010 &key_pair_Q); 1011 if (ret) { 1012 EMSG("Failed to export key"); 1013 goto out; 1014 } 1015 1016 ret = mbedtls_ecp_mul(&key_pair_grp, &key_pair_Q, &key_pair_d, 1017 &key_pair_grp.G, mbd_rand, NULL); 1018 if (ret) { 1019 EMSG("Failed to create public key"); 1020 goto out; 1021 } 1022 1023 ret = mbedtls_ecp_check_privkey(&key_pair_grp, &key_pair_d); 1024 if (ret) { 1025 EMSG("Failed to verify private key"); 1026 goto out; 1027 } 1028 1029 ret = mbedtls_ecp_check_pubkey(&key_pair_grp, &key_pair_Q); 1030 if (ret) { 1031 EMSG("Failed to verify public key"); 1032 goto out; 1033 } 1034 1035 ret = mbedtls_ecp_point_write_binary(&key_pair_grp, &key_pair_Q, 1036 MBEDTLS_ECP_PF_UNCOMPRESSED, 1037 &buflen, NULL, 0); 1038 if (ret != MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) { 1039 EMSG("Failed to determine size of binary public key"); 1040 goto out; 1041 } 1042 1043 buf = TEE_Malloc(buflen, TEE_MALLOC_FILL_ZERO); 1044 if (!buf) { 1045 EMSG("Failed to allocate memory for public key"); 1046 rc = PKCS11_CKR_DEVICE_MEMORY; 1047 goto out; 1048 } 1049 1050 asnbuflen = 1 /* octet string */ + 5 /* length */ + buflen; 1051 1052 asnbuf = TEE_Malloc(asnbuflen, TEE_MALLOC_FILL_ZERO); 1053 if (!asnbuf) { 1054 EMSG("Failed to allocate memory for public key"); 1055 rc = PKCS11_CKR_DEVICE_MEMORY; 1056 goto out; 1057 } 1058 1059 ret = mbedtls_ecp_point_write_binary(&key_pair_grp, &key_pair_Q, 1060 MBEDTLS_ECP_PF_UNCOMPRESSED, 1061 &buflen, buf, buflen); 1062 if (ret) { 1063 EMSG("Failed to write binary public key"); 1064 goto out; 1065 } 1066 1067 /* Note: ASN.1 writing works backwards */ 1068 ptr = asnbuf + asnbuflen; 1069 1070 ret = mbedtls_asn1_write_octet_string(&ptr, asnbuf, buf, buflen); 1071 if (ret < 0) { 1072 EMSG("Failed to write asn1 public key"); 1073 goto out; 1074 } 1075 1076 rc = add_attribute(out, PKCS11_CKA_OPTEE_HIDDEN_EC_POINT, ptr, 1077 (size_t)ret); 1078 1079 out: 1080 TEE_Free(asnbuf); 1081 TEE_Free(buf); 1082 mbedtls_ecp_keypair_free(&key_pair); 1083 mbedtls_ecp_group_free(&key_pair_grp); 1084 mbedtls_mpi_free(&key_pair_d); 1085 mbedtls_ecp_point_free(&key_pair_Q); 1086 1087 return rc; 1088 } 1089 1090 static enum pkcs11_rc 1091 create_priv_key_hidden_attributes(struct obj_attrs **out, 1092 struct obj_attrs *temp, 1093 enum processing_func function) 1094 { 1095 enum pkcs11_rc rc = PKCS11_CKR_OK; 1096 1097 switch (get_key_type(*out)) { 1098 case PKCS11_CKK_EC: 1099 rc = create_ec_priv_key_hidden_attributes(out, temp, function); 1100 break; 1101 default: 1102 /* no-op */ 1103 break; 1104 } 1105 1106 return rc; 1107 } 1108 1109 static enum pkcs11_rc 1110 sanitize_symm_key_attributes(struct obj_attrs **temp, 1111 enum processing_func function) 1112 { 1113 enum pkcs11_rc rc = PKCS11_CKR_OK; 1114 uint32_t a_size = 0; 1115 1116 assert(get_class(*temp) == PKCS11_CKO_SECRET_KEY); 1117 1118 rc = get_attribute_ptr(*temp, PKCS11_CKA_VALUE, NULL, &a_size); 1119 1120 switch (get_key_type(*temp)) { 1121 case PKCS11_CKK_GENERIC_SECRET: 1122 case PKCS11_CKK_AES: 1123 case PKCS11_CKK_MD5_HMAC: 1124 case PKCS11_CKK_SHA_1_HMAC: 1125 case PKCS11_CKK_SHA256_HMAC: 1126 case PKCS11_CKK_SHA384_HMAC: 1127 case PKCS11_CKK_SHA512_HMAC: 1128 case PKCS11_CKK_SHA224_HMAC: 1129 switch (function) { 1130 case PKCS11_FUNCTION_IMPORT: 1131 /* CKA_VALUE is a mandatory with C_CreateObject */ 1132 if (rc || a_size == 0) 1133 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1134 1135 if (get_attribute_ptr(*temp, PKCS11_CKA_VALUE_LEN, NULL, 1136 NULL) != PKCS11_RV_NOT_FOUND) 1137 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1138 1139 return add_attribute(temp, PKCS11_CKA_VALUE_LEN, 1140 &a_size, sizeof(uint32_t)); 1141 case PKCS11_FUNCTION_GENERATE: 1142 if (rc != PKCS11_RV_NOT_FOUND) 1143 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1144 break; 1145 default: 1146 break; 1147 } 1148 break; 1149 default: 1150 EMSG("Invalid key type %#"PRIx32"/%s", 1151 get_key_type(*temp), id2str_key_type(get_key_type(*temp))); 1152 1153 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1154 } 1155 1156 return PKCS11_CKR_OK; 1157 } 1158 1159 /* 1160 * Create an attribute list for a new object from a template and a parent 1161 * object (optional) for an object generation function (generate, copy, 1162 * derive...). 1163 * 1164 * PKCS#11 directives on the supplied template and expected return value: 1165 * - template has an invalid attribute ID: ATTRIBUTE_TYPE_INVALID 1166 * - template has an invalid value for an attribute: ATTRIBUTE_VALID_INVALID 1167 * - template has value for a read-only attribute: ATTRIBUTE_READ_ONLY 1168 * - template+default+parent => still miss an attribute: TEMPLATE_INCONSISTENT 1169 * 1170 * INFO on PKCS11_CMD_COPY_OBJECT: 1171 * - parent PKCS11_CKA_COPYIABLE=false => return ACTION_PROHIBITED. 1172 * - template can specify PKCS11_CKA_TOKEN, PKCS11_CKA_PRIVATE, 1173 * PKCS11_CKA_MODIFIABLE, PKCS11_CKA_DESTROYABLE. 1174 * - SENSITIVE can change from false to true, not from true to false. 1175 * - LOCAL is the parent LOCAL 1176 */ 1177 enum pkcs11_rc 1178 create_attributes_from_template(struct obj_attrs **out, void *template, 1179 size_t template_size, 1180 struct obj_attrs *parent, 1181 enum processing_func function, 1182 enum pkcs11_mechanism_id mecha, 1183 enum pkcs11_class_id template_class) 1184 { 1185 struct obj_attrs *temp = NULL; 1186 struct obj_attrs *attrs = NULL; 1187 enum pkcs11_rc rc = PKCS11_CKR_OK; 1188 uint8_t local = 0; 1189 uint8_t always_sensitive = 0; 1190 uint8_t never_extract = 0; 1191 uint8_t extractable = 0; 1192 uint32_t class = PKCS11_UNDEFINED_ID; 1193 uint32_t type = PKCS11_UNDEFINED_ID; 1194 uint32_t mechanism_id = PKCS11_CKM_UNDEFINED_ID; 1195 struct obj_attrs *req_attrs = NULL; 1196 uint32_t size = 0; 1197 uint32_t indirect_template = PKCS11_CKA_UNDEFINED_ID; 1198 1199 #ifdef DEBUG /* Sanity: check function argument */ 1200 trace_attributes_from_api_head("template", template, template_size); 1201 switch (function) { 1202 case PKCS11_FUNCTION_GENERATE: 1203 case PKCS11_FUNCTION_GENERATE_PAIR: 1204 case PKCS11_FUNCTION_IMPORT: 1205 case PKCS11_FUNCTION_MODIFY: 1206 case PKCS11_FUNCTION_DERIVE: 1207 case PKCS11_FUNCTION_UNWRAP: 1208 case PKCS11_FUNCTION_COPY: 1209 break; 1210 default: 1211 TEE_Panic(TEE_ERROR_NOT_SUPPORTED); 1212 } 1213 #endif 1214 1215 /* 1216 * For PKCS11_FUNCTION_GENERATE, find the class and type 1217 * based on the mechanism. These will be passed as hint 1218 * sanitize_client_object() and added in temp if not 1219 * already present 1220 */ 1221 if (function == PKCS11_FUNCTION_GENERATE) { 1222 switch (mecha) { 1223 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN: 1224 class = PKCS11_CKO_SECRET_KEY; 1225 type = PKCS11_CKK_GENERIC_SECRET; 1226 break; 1227 case PKCS11_CKM_AES_KEY_GEN: 1228 class = PKCS11_CKO_SECRET_KEY; 1229 type = PKCS11_CKK_AES; 1230 break; 1231 default: 1232 TEE_Panic(TEE_ERROR_NOT_SUPPORTED); 1233 } 1234 } 1235 1236 /* 1237 * For PKCS11_FUNCTION_GENERATE_PAIR, find the class and type 1238 * based on the mechanism. These will be passed as hint 1239 * sanitize_client_object() and added in temp if not 1240 * already present 1241 */ 1242 if (function == PKCS11_FUNCTION_GENERATE_PAIR) { 1243 switch (mecha) { 1244 case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN: 1245 class = template_class; 1246 type = PKCS11_CKK_EDDSA; 1247 break; 1248 case PKCS11_CKM_EC_KEY_PAIR_GEN: 1249 class = template_class; 1250 type = PKCS11_CKK_EC; 1251 break; 1252 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN: 1253 class = template_class; 1254 type = PKCS11_CKK_RSA; 1255 break; 1256 default: 1257 TEE_Panic(TEE_ERROR_NOT_SUPPORTED); 1258 } 1259 } 1260 1261 /* 1262 * Check and remove duplicates if any and create a new temporary 1263 * template 1264 */ 1265 rc = sanitize_client_object(&temp, template, template_size, class, 1266 type); 1267 if (rc) 1268 goto out; 1269 1270 /* 1271 * For function type modify and copy return the created template 1272 * from here. Rest of the code below is for creating objects 1273 * or generating keys. 1274 */ 1275 switch (function) { 1276 case PKCS11_FUNCTION_MODIFY: 1277 case PKCS11_FUNCTION_COPY: 1278 *out = temp; 1279 return rc; 1280 case PKCS11_FUNCTION_DERIVE: 1281 case PKCS11_FUNCTION_UNWRAP: 1282 if (function == PKCS11_FUNCTION_UNWRAP) 1283 indirect_template = PKCS11_CKA_UNWRAP_TEMPLATE; 1284 else 1285 indirect_template = PKCS11_CKA_DERIVE_TEMPLATE; 1286 1287 rc = get_attribute_ptr(parent, indirect_template, 1288 (void *)&req_attrs, &size); 1289 if (rc == PKCS11_CKR_OK && size != 0) { 1290 rc = attributes_match_add_reference(&temp, req_attrs); 1291 if (rc) 1292 goto out; 1293 } 1294 break; 1295 default: 1296 break; 1297 } 1298 1299 /* 1300 * Check if class and type in temp are consistent with the mechanism 1301 */ 1302 switch (mecha) { 1303 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN: 1304 if (get_class(temp) != PKCS11_CKO_SECRET_KEY || 1305 get_key_type(temp) != PKCS11_CKK_GENERIC_SECRET) { 1306 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1307 goto out; 1308 } 1309 break; 1310 case PKCS11_CKM_AES_KEY_GEN: 1311 if (get_class(temp) != PKCS11_CKO_SECRET_KEY || 1312 get_key_type(temp) != PKCS11_CKK_AES) { 1313 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1314 goto out; 1315 } 1316 break; 1317 case PKCS11_CKM_EC_KEY_PAIR_GEN: 1318 if ((get_class(temp) != PKCS11_CKO_PUBLIC_KEY && 1319 get_class(temp) != PKCS11_CKO_PRIVATE_KEY) || 1320 get_key_type(temp) != PKCS11_CKK_EC) { 1321 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1322 goto out; 1323 } 1324 break; 1325 case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN: 1326 if ((get_class(temp) != PKCS11_CKO_PUBLIC_KEY && 1327 get_class(temp) != PKCS11_CKO_PRIVATE_KEY) || 1328 get_key_type(temp) != PKCS11_CKK_EC_EDWARDS) { 1329 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1330 goto out; 1331 } 1332 break; 1333 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN: 1334 if ((get_class(temp) != PKCS11_CKO_PUBLIC_KEY && 1335 get_class(temp) != PKCS11_CKO_PRIVATE_KEY) || 1336 get_key_type(temp) != PKCS11_CKK_RSA) { 1337 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1338 goto out; 1339 } 1340 break; 1341 default: 1342 break; 1343 } 1344 1345 if (!sanitize_consistent_class_and_type(temp)) { 1346 EMSG("Inconsistent class/type"); 1347 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1348 goto out; 1349 } 1350 1351 /* 1352 * TBD - Add a check to see if temp contains any attribute which 1353 * is not consistent with the object class or type and return error. 1354 * In current implementation such attributes are ignored and not 1355 * added to final object while PKCS#11 specification expects a 1356 * failure and an error code be returned. 1357 */ 1358 1359 switch (get_class(temp)) { 1360 case PKCS11_CKO_DATA: 1361 rc = create_data_attributes(&attrs, temp); 1362 break; 1363 case PKCS11_CKO_CERTIFICATE: 1364 rc = create_certificate_attributes(&attrs, temp); 1365 break; 1366 case PKCS11_CKO_SECRET_KEY: 1367 rc = sanitize_symm_key_attributes(&temp, function); 1368 if (rc) 1369 goto out; 1370 rc = create_symm_key_attributes(&attrs, temp); 1371 break; 1372 case PKCS11_CKO_PUBLIC_KEY: 1373 rc = create_pub_key_attributes(&attrs, temp, function); 1374 if (rc) 1375 goto out; 1376 rc = create_pub_key_generated_attributes(&attrs, temp, 1377 function); 1378 break; 1379 case PKCS11_CKO_PRIVATE_KEY: 1380 rc = create_priv_key_attributes(&attrs, temp); 1381 if (rc) 1382 goto out; 1383 rc = create_priv_key_hidden_attributes(&attrs, temp, function); 1384 break; 1385 default: 1386 DMSG("Invalid object class %#"PRIx32"/%s", 1387 get_class(temp), id2str_class(get_class(temp))); 1388 1389 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1390 break; 1391 } 1392 if (rc) 1393 goto out; 1394 1395 if (get_attribute_ptr(temp, PKCS11_CKA_LOCAL, NULL, NULL) != 1396 PKCS11_RV_NOT_FOUND) { 1397 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1398 goto out; 1399 } 1400 1401 if (get_attribute_ptr(temp, PKCS11_CKA_KEY_GEN_MECHANISM, NULL, NULL) != 1402 PKCS11_RV_NOT_FOUND) { 1403 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 1404 goto out; 1405 } 1406 1407 switch (function) { 1408 case PKCS11_FUNCTION_GENERATE: 1409 case PKCS11_FUNCTION_GENERATE_PAIR: 1410 local = PKCS11_TRUE; 1411 break; 1412 case PKCS11_FUNCTION_IMPORT: 1413 case PKCS11_FUNCTION_DERIVE: 1414 case PKCS11_FUNCTION_UNWRAP: 1415 default: 1416 local = PKCS11_FALSE; 1417 break; 1418 } 1419 rc = add_attribute(&attrs, PKCS11_CKA_LOCAL, &local, sizeof(local)); 1420 if (rc) 1421 goto out; 1422 1423 switch (get_class(attrs)) { 1424 case PKCS11_CKO_SECRET_KEY: 1425 case PKCS11_CKO_PRIVATE_KEY: 1426 case PKCS11_CKO_PUBLIC_KEY: 1427 always_sensitive = PKCS11_FALSE; 1428 never_extract = PKCS11_FALSE; 1429 1430 switch (function) { 1431 case PKCS11_FUNCTION_DERIVE: 1432 always_sensitive = 1433 get_bool(parent, PKCS11_CKA_ALWAYS_SENSITIVE) && 1434 get_bool(attrs, PKCS11_CKA_SENSITIVE); 1435 never_extract = 1436 get_bool(parent, PKCS11_CKA_NEVER_EXTRACTABLE) && 1437 !get_bool(attrs, PKCS11_CKA_EXTRACTABLE); 1438 break; 1439 case PKCS11_FUNCTION_UNWRAP: 1440 always_sensitive = PKCS11_FALSE; 1441 never_extract = PKCS11_FALSE; 1442 extractable = PKCS11_TRUE; 1443 1444 /* 1445 * Check if template passed by user has CKA_EXTRACTABLE. 1446 * If not, by default value of CKA_EXTRACTABLE is set as 1447 * TRUE. 1448 */ 1449 if (get_attribute_ptr(temp, PKCS11_CKA_EXTRACTABLE, 1450 NULL, 1451 NULL) == PKCS11_RV_NOT_FOUND) { 1452 rc = set_attribute(&attrs, 1453 PKCS11_CKA_EXTRACTABLE, 1454 &extractable, 1455 sizeof(extractable)); 1456 if (rc) 1457 goto out; 1458 } 1459 break; 1460 case PKCS11_FUNCTION_GENERATE: 1461 case PKCS11_FUNCTION_GENERATE_PAIR: 1462 always_sensitive = get_bool(attrs, 1463 PKCS11_CKA_SENSITIVE); 1464 never_extract = !get_bool(attrs, 1465 PKCS11_CKA_EXTRACTABLE); 1466 break; 1467 default: 1468 break; 1469 } 1470 1471 rc = add_attribute(&attrs, PKCS11_CKA_ALWAYS_SENSITIVE, 1472 &always_sensitive, sizeof(always_sensitive)); 1473 if (rc) 1474 goto out; 1475 1476 rc = add_attribute(&attrs, PKCS11_CKA_NEVER_EXTRACTABLE, 1477 &never_extract, sizeof(never_extract)); 1478 if (rc) 1479 goto out; 1480 1481 /* Keys mandate attribute PKCS11_CKA_KEY_GEN_MECHANISM */ 1482 if (local) 1483 mechanism_id = mecha; 1484 else 1485 mechanism_id = PKCS11_CK_UNAVAILABLE_INFORMATION; 1486 1487 rc = add_attribute(&attrs, PKCS11_CKA_KEY_GEN_MECHANISM, 1488 &mechanism_id, sizeof(mechanism_id)); 1489 if (rc) 1490 goto out; 1491 break; 1492 1493 default: 1494 break; 1495 } 1496 1497 *out = attrs; 1498 1499 #ifdef DEBUG 1500 trace_attributes("object", attrs); 1501 #endif 1502 1503 out: 1504 TEE_Free(temp); 1505 if (rc) 1506 TEE_Free(attrs); 1507 1508 return rc; 1509 } 1510 1511 static enum pkcs11_rc check_attrs_misc_integrity(struct obj_attrs *head) 1512 { 1513 if (get_bool(head, PKCS11_CKA_NEVER_EXTRACTABLE) && 1514 get_bool(head, PKCS11_CKA_EXTRACTABLE)) { 1515 DMSG("Never/Extractable attributes mismatch %d/%d", 1516 get_bool(head, PKCS11_CKA_NEVER_EXTRACTABLE), 1517 get_bool(head, PKCS11_CKA_EXTRACTABLE)); 1518 1519 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1520 } 1521 1522 if (get_bool(head, PKCS11_CKA_ALWAYS_SENSITIVE) && 1523 !get_bool(head, PKCS11_CKA_SENSITIVE)) { 1524 DMSG("Sensitive/always attributes mismatch %d/%d", 1525 get_bool(head, PKCS11_CKA_SENSITIVE), 1526 get_bool(head, PKCS11_CKA_ALWAYS_SENSITIVE)); 1527 1528 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1529 } 1530 1531 return PKCS11_CKR_OK; 1532 } 1533 1534 bool object_is_private(struct obj_attrs *head) 1535 { 1536 return get_bool(head, PKCS11_CKA_PRIVATE); 1537 } 1538 1539 bool object_is_token(struct obj_attrs *head) 1540 { 1541 return get_bool(head, PKCS11_CKA_TOKEN); 1542 } 1543 1544 bool object_is_modifiable(struct obj_attrs *head) 1545 { 1546 return get_bool(head, PKCS11_CKA_MODIFIABLE); 1547 } 1548 1549 bool object_is_copyable(struct obj_attrs *head) 1550 { 1551 return get_bool(head, PKCS11_CKA_COPYABLE); 1552 } 1553 1554 /* 1555 * Check access to object against authentication to token 1556 */ 1557 enum pkcs11_rc check_access_attrs_against_token(struct pkcs11_session *session, 1558 struct obj_attrs *head) 1559 { 1560 bool private = true; 1561 1562 switch (get_class(head)) { 1563 case PKCS11_CKO_SECRET_KEY: 1564 case PKCS11_CKO_PRIVATE_KEY: 1565 case PKCS11_CKO_PUBLIC_KEY: 1566 case PKCS11_CKO_DATA: 1567 case PKCS11_CKO_CERTIFICATE: 1568 private = object_is_private(head); 1569 break; 1570 default: 1571 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 1572 } 1573 1574 if (private && (pkcs11_session_is_public(session) || 1575 pkcs11_session_is_so(session))) { 1576 DMSG("Private object access from a public or SO session"); 1577 1578 return PKCS11_CKR_USER_NOT_LOGGED_IN; 1579 } 1580 1581 return PKCS11_CKR_OK; 1582 } 1583 1584 /* 1585 * Check the attributes of a to-be-created object matches the token state 1586 */ 1587 enum pkcs11_rc check_created_attrs_against_token(struct pkcs11_session *session, 1588 struct obj_attrs *head) 1589 { 1590 enum pkcs11_rc rc = PKCS11_CKR_OK; 1591 1592 rc = check_attrs_misc_integrity(head); 1593 if (rc) 1594 return rc; 1595 1596 if (get_bool(head, PKCS11_CKA_TRUSTED) && 1597 !pkcs11_session_is_so(session)) { 1598 DMSG("Can't create trusted object"); 1599 1600 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 1601 } 1602 1603 if (get_bool(head, PKCS11_CKA_TOKEN) && 1604 !pkcs11_session_is_read_write(session)) { 1605 DMSG("Can't create persistent object"); 1606 1607 return PKCS11_CKR_SESSION_READ_ONLY; 1608 } 1609 1610 return PKCS11_CKR_OK; 1611 } 1612 1613 #define DMSG_BAD_BBOOL(attr, proc, head) \ 1614 do { \ 1615 uint32_t __maybe_unused _attr = (attr); \ 1616 uint8_t __maybe_unused _bvalue = 0; \ 1617 enum pkcs11_rc __maybe_unused _rc = PKCS11_CKR_OK; \ 1618 \ 1619 _rc = get_attribute((head), _attr, &_bvalue, NULL); \ 1620 DMSG("%s issue for %s: %sfound, value %"PRIu8, \ 1621 id2str_attr(_attr), id2str_proc((proc)), \ 1622 _rc ? "not " : "", _bvalue); \ 1623 } while (0) 1624 1625 static bool __maybe_unused check_attr_bval(uint32_t proc_id __maybe_unused, 1626 struct obj_attrs *head, 1627 uint32_t attribute, bool val) 1628 { 1629 uint8_t bbool = 0; 1630 uint32_t sz = sizeof(bbool); 1631 1632 if (!get_attribute(head, attribute, &bbool, &sz) && !!bbool == val) 1633 return true; 1634 1635 DMSG_BAD_BBOOL(attribute, proc_id, head); 1636 return false; 1637 } 1638 1639 /* 1640 * Check the attributes of a new secret match the processing/mechanism 1641 * used to create it. 1642 * 1643 * @proc_id - PKCS11_CKM_xxx 1644 * @head - head of the attributes of the to-be-created object. 1645 */ 1646 enum pkcs11_rc 1647 check_created_attrs_against_processing(uint32_t proc_id, 1648 struct obj_attrs *head __maybe_unused) 1649 { 1650 /* 1651 * Processings that do not create secrets are not expected to call 1652 * this function which would panic. 1653 */ 1654 switch (proc_id) { 1655 case PKCS11_PROCESSING_IMPORT: 1656 case PKCS11_CKM_ECDH1_DERIVE: 1657 case PKCS11_CKM_AES_ECB: 1658 case PKCS11_CKM_AES_CBC: 1659 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 1660 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 1661 case PKCS11_CKM_RSA_AES_KEY_WRAP: 1662 assert(check_attr_bval(proc_id, head, PKCS11_CKA_LOCAL, false)); 1663 break; 1664 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN: 1665 case PKCS11_CKM_AES_KEY_GEN: 1666 case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN: 1667 case PKCS11_CKM_EC_KEY_PAIR_GEN: 1668 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN: 1669 assert(check_attr_bval(proc_id, head, PKCS11_CKA_LOCAL, true)); 1670 break; 1671 default: 1672 TEE_Panic(proc_id); 1673 break; 1674 } 1675 1676 switch (proc_id) { 1677 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN: 1678 assert(get_key_type(head) == PKCS11_CKK_GENERIC_SECRET); 1679 break; 1680 case PKCS11_CKM_AES_KEY_GEN: 1681 assert(get_key_type(head) == PKCS11_CKK_AES); 1682 break; 1683 case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN: 1684 assert(get_key_type(head) == PKCS11_CKK_EC_EDWARDS); 1685 break; 1686 case PKCS11_CKM_EC_KEY_PAIR_GEN: 1687 assert(get_key_type(head) == PKCS11_CKK_EC); 1688 break; 1689 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN: 1690 assert(get_key_type(head) == PKCS11_CKK_RSA); 1691 break; 1692 case PKCS11_PROCESSING_IMPORT: 1693 case PKCS11_CKM_ECDH1_DERIVE: 1694 default: 1695 break; 1696 } 1697 1698 return PKCS11_CKR_OK; 1699 } 1700 1701 /* Return min and max key size supported for a key_type in bytes */ 1702 static void get_key_min_max_sizes(enum pkcs11_key_type key_type, 1703 uint32_t *min_key_size, 1704 uint32_t *max_key_size) 1705 { 1706 enum pkcs11_mechanism_id mechanism = PKCS11_CKM_UNDEFINED_ID; 1707 1708 switch (key_type) { 1709 case PKCS11_CKK_GENERIC_SECRET: 1710 mechanism = PKCS11_CKM_GENERIC_SECRET_KEY_GEN; 1711 break; 1712 case PKCS11_CKK_AES: 1713 mechanism = PKCS11_CKM_AES_KEY_GEN; 1714 break; 1715 case PKCS11_CKK_MD5_HMAC: 1716 mechanism = PKCS11_CKM_MD5_HMAC; 1717 break; 1718 case PKCS11_CKK_SHA_1_HMAC: 1719 mechanism = PKCS11_CKM_SHA_1_HMAC; 1720 break; 1721 case PKCS11_CKK_SHA224_HMAC: 1722 mechanism = PKCS11_CKM_SHA224_HMAC; 1723 break; 1724 case PKCS11_CKK_SHA256_HMAC: 1725 mechanism = PKCS11_CKM_SHA256_HMAC; 1726 break; 1727 case PKCS11_CKK_SHA384_HMAC: 1728 mechanism = PKCS11_CKM_SHA384_HMAC; 1729 break; 1730 case PKCS11_CKK_SHA512_HMAC: 1731 mechanism = PKCS11_CKM_SHA512_HMAC; 1732 break; 1733 case PKCS11_CKK_EC: 1734 mechanism = PKCS11_CKM_EC_KEY_PAIR_GEN; 1735 break; 1736 case PKCS11_CKK_EDDSA: 1737 mechanism = PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN; 1738 break; 1739 case PKCS11_CKK_RSA: 1740 mechanism = PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN; 1741 break; 1742 default: 1743 TEE_Panic(key_type); 1744 break; 1745 } 1746 1747 mechanism_supported_key_sizes_bytes(mechanism, min_key_size, 1748 max_key_size); 1749 } 1750 1751 enum pkcs11_rc check_created_attrs(struct obj_attrs *key1, 1752 struct obj_attrs *key2) 1753 { 1754 enum pkcs11_rc rc = PKCS11_CKR_OK; 1755 struct obj_attrs *secret = NULL; 1756 struct obj_attrs *private = NULL; 1757 struct obj_attrs *public = NULL; 1758 uint32_t max_key_size = 0; 1759 uint32_t min_key_size = 0; 1760 uint32_t key_length = 0; 1761 1762 switch (get_class(key1)) { 1763 case PKCS11_CKO_SECRET_KEY: 1764 secret = key1; 1765 break; 1766 case PKCS11_CKO_PUBLIC_KEY: 1767 public = key1; 1768 break; 1769 case PKCS11_CKO_PRIVATE_KEY: 1770 private = key1; 1771 break; 1772 default: 1773 return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID; 1774 } 1775 1776 if (key2) { 1777 switch (get_class(key2)) { 1778 case PKCS11_CKO_PUBLIC_KEY: 1779 public = key2; 1780 if (private == key1) 1781 break; 1782 1783 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1784 case PKCS11_CKO_PRIVATE_KEY: 1785 private = key2; 1786 if (public == key1) 1787 break; 1788 1789 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1790 default: 1791 return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID; 1792 } 1793 1794 if (get_key_type(private) != get_key_type(public)) 1795 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1796 } 1797 1798 if (secret) { 1799 switch (get_key_type(secret)) { 1800 case PKCS11_CKK_AES: 1801 case PKCS11_CKK_GENERIC_SECRET: 1802 case PKCS11_CKK_MD5_HMAC: 1803 case PKCS11_CKK_SHA_1_HMAC: 1804 case PKCS11_CKK_SHA224_HMAC: 1805 case PKCS11_CKK_SHA256_HMAC: 1806 case PKCS11_CKK_SHA384_HMAC: 1807 case PKCS11_CKK_SHA512_HMAC: 1808 break; 1809 default: 1810 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1811 } 1812 1813 /* Get key size */ 1814 rc = get_u32_attribute(secret, PKCS11_CKA_VALUE_LEN, 1815 &key_length); 1816 if (rc) 1817 return PKCS11_CKR_TEMPLATE_INCOMPLETE; 1818 } 1819 if (public) { 1820 switch (get_key_type(public)) { 1821 case PKCS11_CKK_RSA: 1822 /* Get key size */ 1823 rc = get_u32_attribute(public, PKCS11_CKA_MODULUS_BITS, 1824 &key_length); 1825 if (rc) 1826 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1827 key_length = ROUNDUP_DIV(key_length, 8); 1828 break; 1829 case PKCS11_CKK_EC: 1830 case PKCS11_CKK_EC_EDWARDS: 1831 break; 1832 default: 1833 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1834 } 1835 } 1836 if (private) { 1837 switch (get_key_type(private)) { 1838 case PKCS11_CKK_RSA: 1839 case PKCS11_CKK_EC: 1840 case PKCS11_CKK_EC_EDWARDS: 1841 break; 1842 default: 1843 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 1844 } 1845 } 1846 1847 /* 1848 * Check key size for symmetric keys and RSA keys 1849 * EC is bound to domains, no need to check here. 1850 */ 1851 switch (get_key_type(key1)) { 1852 case PKCS11_CKK_EC: 1853 case PKCS11_CKK_EC_EDWARDS: 1854 return PKCS11_CKR_OK; 1855 default: 1856 break; 1857 } 1858 1859 get_key_min_max_sizes(get_key_type(key1), &min_key_size, &max_key_size); 1860 if (key_length < min_key_size || key_length > max_key_size) { 1861 EMSG("Length %"PRIu32" vs range [%"PRIu32" %"PRIu32"]", 1862 key_length, min_key_size, max_key_size); 1863 1864 return PKCS11_CKR_KEY_SIZE_RANGE; 1865 } 1866 1867 if (secret && get_key_type(secret) == PKCS11_CKK_AES) { 1868 if (key_length != 16 && key_length != 24 && key_length != 32) 1869 return PKCS11_CKR_KEY_SIZE_RANGE; 1870 } 1871 1872 return PKCS11_CKR_OK; 1873 } 1874 1875 /* Check processing ID against attribute ALLOWED_MECHANISMS if any */ 1876 static bool parent_key_complies_allowed_processings(uint32_t proc_id, 1877 struct obj_attrs *head) 1878 { 1879 char *attr = NULL; 1880 uint32_t size = 0; 1881 uint32_t proc = 0; 1882 size_t count = 0; 1883 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 1884 1885 rc = get_attribute_ptr(head, PKCS11_CKA_ALLOWED_MECHANISMS, 1886 (void *)&attr, &size); 1887 if (rc == PKCS11_RV_NOT_FOUND) 1888 return true; 1889 if (rc) { 1890 EMSG("unexpected attributes state"); 1891 TEE_Panic(TEE_ERROR_BAD_STATE); 1892 } 1893 1894 for (count = size / sizeof(uint32_t); count; count--) { 1895 TEE_MemMove(&proc, attr, sizeof(uint32_t)); 1896 attr += sizeof(uint32_t); 1897 1898 if (proc == proc_id) 1899 return true; 1900 } 1901 1902 DMSG("can't find %s in allowed list", id2str_proc(proc_id)); 1903 return false; 1904 } 1905 1906 static enum pkcs11_attr_id func_to_attr(enum processing_func func) 1907 { 1908 switch (func) { 1909 case PKCS11_FUNCTION_ENCRYPT: 1910 return PKCS11_CKA_ENCRYPT; 1911 case PKCS11_FUNCTION_DECRYPT: 1912 return PKCS11_CKA_DECRYPT; 1913 case PKCS11_FUNCTION_SIGN: 1914 return PKCS11_CKA_SIGN; 1915 case PKCS11_FUNCTION_VERIFY: 1916 return PKCS11_CKA_VERIFY; 1917 case PKCS11_FUNCTION_WRAP: 1918 return PKCS11_CKA_WRAP; 1919 case PKCS11_FUNCTION_UNWRAP: 1920 return PKCS11_CKA_UNWRAP; 1921 case PKCS11_FUNCTION_DERIVE: 1922 return PKCS11_CKA_DERIVE; 1923 default: 1924 return PKCS11_CKA_UNDEFINED_ID; 1925 } 1926 } 1927 1928 enum pkcs11_rc 1929 check_parent_attrs_against_processing(enum pkcs11_mechanism_id proc_id, 1930 enum processing_func function, 1931 struct obj_attrs *head) 1932 { 1933 enum pkcs11_class_id key_class = get_class(head); 1934 enum pkcs11_key_type key_type = get_key_type(head); 1935 enum pkcs11_attr_id attr = func_to_attr(function); 1936 1937 if (!get_bool(head, attr)) { 1938 DMSG("%s not permitted", id2str_attr(attr)); 1939 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 1940 } 1941 1942 /* Check processing complies with parent key family */ 1943 switch (proc_id) { 1944 case PKCS11_CKM_AES_ECB: 1945 case PKCS11_CKM_AES_CBC: 1946 case PKCS11_CKM_AES_CTS: 1947 case PKCS11_CKM_AES_CTR: 1948 case PKCS11_CKM_AES_GCM: 1949 case PKCS11_CKM_AES_CMAC: 1950 case PKCS11_CKM_AES_CMAC_GENERAL: 1951 if (key_class == PKCS11_CKO_SECRET_KEY && 1952 key_type == PKCS11_CKK_AES) 1953 break; 1954 1955 DMSG("%s invalid key %s/%s", id2str_proc(proc_id), 1956 id2str_class(key_class), id2str_key_type(key_type)); 1957 1958 if (function == PKCS11_FUNCTION_WRAP) 1959 return PKCS11_CKR_WRAPPING_KEY_TYPE_INCONSISTENT; 1960 else if (function == PKCS11_FUNCTION_UNWRAP) 1961 return PKCS11_CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT; 1962 else 1963 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 1964 1965 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA: 1966 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA: 1967 if (key_class != PKCS11_CKO_SECRET_KEY && 1968 key_type != PKCS11_CKK_AES) 1969 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 1970 1971 if (get_bool(head, PKCS11_CKA_ENCRYPT)) { 1972 /* 1973 * Intentionally refuse to proceed despite 1974 * PKCS#11 specifications v2.40 and v3.0 not expecting 1975 * this behavior to avoid potential security issue 1976 * where keys derived by these mechanisms can be 1977 * revealed by doing data encryption using parent key. 1978 */ 1979 return PKCS11_CKR_FUNCTION_FAILED; 1980 } 1981 1982 break; 1983 case PKCS11_CKM_MD5_HMAC: 1984 case PKCS11_CKM_SHA_1_HMAC: 1985 case PKCS11_CKM_SHA224_HMAC: 1986 case PKCS11_CKM_SHA256_HMAC: 1987 case PKCS11_CKM_SHA384_HMAC: 1988 case PKCS11_CKM_SHA512_HMAC: 1989 case PKCS11_CKM_MD5_HMAC_GENERAL: 1990 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 1991 case PKCS11_CKM_SHA224_HMAC_GENERAL: 1992 case PKCS11_CKM_SHA256_HMAC_GENERAL: 1993 case PKCS11_CKM_SHA384_HMAC_GENERAL: 1994 case PKCS11_CKM_SHA512_HMAC_GENERAL: 1995 if (key_class != PKCS11_CKO_SECRET_KEY) 1996 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 1997 1998 if (key_type == PKCS11_CKK_GENERIC_SECRET) 1999 break; 2000 2001 switch (proc_id) { 2002 case PKCS11_CKM_MD5_HMAC: 2003 case PKCS11_CKM_MD5_HMAC_GENERAL: 2004 if (key_type == PKCS11_CKK_MD5_HMAC) 2005 break; 2006 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2007 case PKCS11_CKM_SHA_1_HMAC: 2008 case PKCS11_CKM_SHA_1_HMAC_GENERAL: 2009 if (key_type == PKCS11_CKK_SHA_1_HMAC) 2010 break; 2011 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2012 case PKCS11_CKM_SHA224_HMAC: 2013 case PKCS11_CKM_SHA224_HMAC_GENERAL: 2014 if (key_type == PKCS11_CKK_SHA224_HMAC) 2015 break; 2016 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2017 case PKCS11_CKM_SHA256_HMAC: 2018 case PKCS11_CKM_SHA256_HMAC_GENERAL: 2019 if (key_type == PKCS11_CKK_SHA256_HMAC) 2020 break; 2021 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2022 case PKCS11_CKM_SHA384_HMAC: 2023 case PKCS11_CKM_SHA384_HMAC_GENERAL: 2024 if (key_type == PKCS11_CKK_SHA384_HMAC) 2025 break; 2026 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2027 case PKCS11_CKM_SHA512_HMAC: 2028 case PKCS11_CKM_SHA512_HMAC_GENERAL: 2029 if (key_type == PKCS11_CKK_SHA512_HMAC) 2030 break; 2031 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2032 default: 2033 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2034 } 2035 break; 2036 2037 case PKCS11_CKM_EDDSA: 2038 if (key_type != PKCS11_CKK_EC_EDWARDS) { 2039 EMSG("Invalid key %s for mechanism %s", 2040 id2str_type(key_type, key_class), 2041 id2str_proc(proc_id)); 2042 return PKCS11_CKR_KEY_TYPE_INCONSISTENT; 2043 } 2044 if (key_class != PKCS11_CKO_PUBLIC_KEY && 2045 key_class != PKCS11_CKO_PRIVATE_KEY) { 2046 EMSG("Invalid key class for mechanism %s", 2047 id2str_proc(proc_id)); 2048 2049 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2050 } 2051 break; 2052 2053 case PKCS11_CKM_ECDSA: 2054 case PKCS11_CKM_ECDSA_SHA1: 2055 case PKCS11_CKM_ECDSA_SHA224: 2056 case PKCS11_CKM_ECDSA_SHA256: 2057 case PKCS11_CKM_ECDSA_SHA384: 2058 case PKCS11_CKM_ECDSA_SHA512: 2059 case PKCS11_CKM_ECDH1_DERIVE: 2060 if (key_type != PKCS11_CKK_EC) { 2061 EMSG("Invalid key %s for mechanism %s", 2062 id2str_type(key_type, key_class), 2063 id2str_proc(proc_id)); 2064 2065 return PKCS11_CKR_KEY_TYPE_INCONSISTENT; 2066 } 2067 if (key_class != PKCS11_CKO_PUBLIC_KEY && 2068 key_class != PKCS11_CKO_PRIVATE_KEY) { 2069 EMSG("Invalid key class for mechanism %s", 2070 id2str_proc(proc_id)); 2071 2072 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2073 } 2074 break; 2075 case PKCS11_CKM_RSA_PKCS: 2076 case PKCS11_CKM_MD5_RSA_PKCS: 2077 case PKCS11_CKM_SHA1_RSA_PKCS: 2078 case PKCS11_CKM_SHA224_RSA_PKCS: 2079 case PKCS11_CKM_SHA256_RSA_PKCS: 2080 case PKCS11_CKM_SHA384_RSA_PKCS: 2081 case PKCS11_CKM_SHA512_RSA_PKCS: 2082 case PKCS11_CKM_RSA_AES_KEY_WRAP: 2083 case PKCS11_CKM_RSA_PKCS_OAEP: 2084 case PKCS11_CKM_RSA_PKCS_PSS: 2085 case PKCS11_CKM_RSA_X_509: 2086 case PKCS11_CKM_SHA1_RSA_PKCS_PSS: 2087 case PKCS11_CKM_SHA224_RSA_PKCS_PSS: 2088 case PKCS11_CKM_SHA256_RSA_PKCS_PSS: 2089 case PKCS11_CKM_SHA384_RSA_PKCS_PSS: 2090 case PKCS11_CKM_SHA512_RSA_PKCS_PSS: 2091 if (key_type != PKCS11_CKK_RSA) { 2092 EMSG("Invalid key %s for mechanism %s", 2093 id2str_type(key_type, key_class), 2094 id2str_proc(proc_id)); 2095 2096 return PKCS11_CKR_KEY_TYPE_INCONSISTENT; 2097 } 2098 if (key_class != PKCS11_CKO_PUBLIC_KEY && 2099 key_class != PKCS11_CKO_PRIVATE_KEY) { 2100 EMSG("Invalid key class for mechanism %s", 2101 id2str_proc(proc_id)); 2102 2103 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2104 } 2105 break; 2106 default: 2107 DMSG("Invalid processing %#"PRIx32"/%s", proc_id, 2108 id2str_proc(proc_id)); 2109 2110 return PKCS11_CKR_MECHANISM_INVALID; 2111 } 2112 2113 if (!parent_key_complies_allowed_processings(proc_id, head)) { 2114 DMSG("Allowed mechanism failed"); 2115 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED; 2116 } 2117 2118 return PKCS11_CKR_OK; 2119 } 2120 2121 bool attribute_is_exportable(struct pkcs11_attribute_head *req_attr, 2122 struct pkcs11_object *obj) 2123 { 2124 uint8_t boolval = 0; 2125 uint32_t boolsize = 0; 2126 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2127 enum pkcs11_class_id key_class = get_class(obj->attributes); 2128 2129 if (attribute_is_hidden(req_attr)) 2130 return false; 2131 2132 if (key_class != PKCS11_CKO_SECRET_KEY && 2133 key_class != PKCS11_CKO_PRIVATE_KEY) 2134 return true; 2135 2136 switch (req_attr->id) { 2137 case PKCS11_CKA_PRIVATE_EXPONENT: 2138 case PKCS11_CKA_PRIME_1: 2139 case PKCS11_CKA_PRIME_2: 2140 case PKCS11_CKA_EXPONENT_1: 2141 case PKCS11_CKA_EXPONENT_2: 2142 case PKCS11_CKA_COEFFICIENT: 2143 case PKCS11_CKA_VALUE: 2144 boolsize = sizeof(boolval); 2145 rc = get_attribute(obj->attributes, PKCS11_CKA_EXTRACTABLE, 2146 &boolval, &boolsize); 2147 if (rc || boolval == PKCS11_FALSE) 2148 return false; 2149 2150 boolsize = sizeof(boolval); 2151 rc = get_attribute(obj->attributes, PKCS11_CKA_SENSITIVE, 2152 &boolval, &boolsize); 2153 if (rc || boolval == PKCS11_TRUE) 2154 return false; 2155 break; 2156 default: 2157 break; 2158 } 2159 2160 return true; 2161 } 2162 2163 static bool attr_is_modifiable_any_key(struct pkcs11_attribute_head *attr) 2164 { 2165 switch (attr->id) { 2166 case PKCS11_CKA_ID: 2167 case PKCS11_CKA_START_DATE: 2168 case PKCS11_CKA_END_DATE: 2169 case PKCS11_CKA_DERIVE: 2170 return true; 2171 default: 2172 return false; 2173 } 2174 } 2175 2176 static bool attr_is_modifiable_secret_key(struct pkcs11_attribute_head *attr, 2177 struct pkcs11_session *session, 2178 struct pkcs11_object *obj) 2179 { 2180 switch (attr->id) { 2181 case PKCS11_CKA_ENCRYPT: 2182 case PKCS11_CKA_DECRYPT: 2183 case PKCS11_CKA_SIGN: 2184 case PKCS11_CKA_VERIFY: 2185 case PKCS11_CKA_WRAP: 2186 case PKCS11_CKA_UNWRAP: 2187 case PKCS11_CKA_CHECK_VALUE: 2188 return true; 2189 /* Can't be modified once set to CK_FALSE - 12 in Table 10 */ 2190 case PKCS11_CKA_EXTRACTABLE: 2191 return get_bool(obj->attributes, attr->id); 2192 /* Can't be modified once set to CK_TRUE - 11 in Table 10 */ 2193 case PKCS11_CKA_SENSITIVE: 2194 case PKCS11_CKA_WRAP_WITH_TRUSTED: 2195 return !get_bool(obj->attributes, attr->id); 2196 /* Change in CKA_TRUSTED can only be done by SO */ 2197 case PKCS11_CKA_TRUSTED: 2198 return pkcs11_session_is_so(session); 2199 case PKCS11_CKA_NEVER_EXTRACTABLE: 2200 case PKCS11_CKA_ALWAYS_SENSITIVE: 2201 return false; 2202 default: 2203 return false; 2204 } 2205 } 2206 2207 static bool attr_is_modifiable_public_key(struct pkcs11_attribute_head *attr, 2208 struct pkcs11_session *session, 2209 struct pkcs11_object *obj __unused) 2210 { 2211 switch (attr->id) { 2212 case PKCS11_CKA_SUBJECT: 2213 case PKCS11_CKA_ENCRYPT: 2214 case PKCS11_CKA_VERIFY: 2215 case PKCS11_CKA_VERIFY_RECOVER: 2216 case PKCS11_CKA_WRAP: 2217 return true; 2218 case PKCS11_CKA_TRUSTED: 2219 /* Change in CKA_TRUSTED can only be done by SO */ 2220 return pkcs11_session_is_so(session); 2221 default: 2222 return false; 2223 } 2224 } 2225 2226 static bool attr_is_modifiable_private_key(struct pkcs11_attribute_head *attr, 2227 struct pkcs11_session *sess __unused, 2228 struct pkcs11_object *obj) 2229 { 2230 switch (attr->id) { 2231 case PKCS11_CKA_SUBJECT: 2232 case PKCS11_CKA_DECRYPT: 2233 case PKCS11_CKA_SIGN: 2234 case PKCS11_CKA_SIGN_RECOVER: 2235 case PKCS11_CKA_UNWRAP: 2236 /* 2237 * TBD: Revisit if we don't support PKCS11_CKA_PUBLIC_KEY_INFO 2238 * Specification mentions that if this attribute is 2239 * supplied as part of a template for C_CreateObject, C_CopyObject or 2240 * C_SetAttributeValue for a private key, the token MUST verify 2241 * correspondence between the private key data and the public key data 2242 * as supplied in CKA_PUBLIC_KEY_INFO. This needs to be 2243 * taken care of when this object type will be implemented 2244 */ 2245 case PKCS11_CKA_PUBLIC_KEY_INFO: 2246 return true; 2247 /* Can't be modified once set to CK_FALSE - 12 in Table 10 */ 2248 case PKCS11_CKA_EXTRACTABLE: 2249 return get_bool(obj->attributes, attr->id); 2250 /* Can't be modified once set to CK_TRUE - 11 in Table 10 */ 2251 case PKCS11_CKA_SENSITIVE: 2252 case PKCS11_CKA_WRAP_WITH_TRUSTED: 2253 return !get_bool(obj->attributes, attr->id); 2254 case PKCS11_CKA_NEVER_EXTRACTABLE: 2255 case PKCS11_CKA_ALWAYS_SENSITIVE: 2256 return false; 2257 default: 2258 return false; 2259 } 2260 } 2261 2262 static bool attr_is_modifiable_certificate(struct pkcs11_attribute_head *attr, 2263 struct pkcs11_session *session, 2264 struct pkcs11_object *obj) 2265 { 2266 uint8_t boolval = 0; 2267 uint32_t boolsize = 0; 2268 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2269 2270 /* Trusted certificates cannot be modified. */ 2271 rc = get_attribute(obj->attributes, PKCS11_CKA_TRUSTED, 2272 &boolval, &boolsize); 2273 if (rc || boolval == PKCS11_TRUE) 2274 return false; 2275 2276 /* Common certificate attributes */ 2277 switch (attr->id) { 2278 case PKCS11_CKA_TRUSTED: 2279 /* 2280 * The CKA_TRUSTED attribute cannot be set to CK_TRUE by an 2281 * application. It MUST be set by a token initialization 2282 * application or by the token’s SO. 2283 */ 2284 return pkcs11_session_is_so(session); 2285 case PKCS11_CKA_CERTIFICATE_TYPE: 2286 case PKCS11_CKA_CERTIFICATE_CATEGORY: 2287 return false; 2288 default: 2289 break; 2290 } 2291 2292 /* Certificate type specific attributes */ 2293 switch (get_certificate_type(obj->attributes)) { 2294 case PKCS11_CKC_X_509: 2295 /* 2296 * Only the CKA_ID, CKA_ISSUER, and CKA_SERIAL_NUMBER 2297 * attributes may be modified after the object is created. 2298 */ 2299 switch (attr->id) { 2300 case PKCS11_CKA_ID: 2301 case PKCS11_CKA_ISSUER: 2302 case PKCS11_CKA_SERIAL_NUMBER: 2303 return true; 2304 default: 2305 break; 2306 } 2307 break; 2308 default: 2309 /* Unsupported certificate type */ 2310 break; 2311 } 2312 2313 return false; 2314 } 2315 2316 static bool attribute_is_modifiable(struct pkcs11_session *session, 2317 struct pkcs11_attribute_head *req_attr, 2318 struct pkcs11_object *obj, 2319 enum pkcs11_class_id class, 2320 enum processing_func function) 2321 { 2322 /* Check modifiable attributes common to any object */ 2323 switch (req_attr->id) { 2324 case PKCS11_CKA_LABEL: 2325 return true; 2326 case PKCS11_CKA_TOKEN: 2327 case PKCS11_CKA_MODIFIABLE: 2328 case PKCS11_CKA_DESTROYABLE: 2329 case PKCS11_CKA_PRIVATE: 2330 return function == PKCS11_FUNCTION_COPY; 2331 case PKCS11_CKA_COPYABLE: 2332 /* 2333 * Specification mentions that if the attribute value is false 2334 * it can't be set to true. Reading this we assume that it 2335 * should be possible to modify this attribute even though this 2336 * is not marked as modifiable in Table 10 if done in right 2337 * direction i.e from TRUE -> FALSE. 2338 */ 2339 return get_bool(obj->attributes, req_attr->id); 2340 default: 2341 break; 2342 } 2343 2344 /* Attribute checking based on class type */ 2345 switch (class) { 2346 case PKCS11_CKO_SECRET_KEY: 2347 case PKCS11_CKO_PUBLIC_KEY: 2348 case PKCS11_CKO_PRIVATE_KEY: 2349 if (attr_is_modifiable_any_key(req_attr)) 2350 return true; 2351 if (class == PKCS11_CKO_SECRET_KEY && 2352 attr_is_modifiable_secret_key(req_attr, session, obj)) 2353 return true; 2354 if (class == PKCS11_CKO_PUBLIC_KEY && 2355 attr_is_modifiable_public_key(req_attr, session, obj)) 2356 return true; 2357 if (class == PKCS11_CKO_PRIVATE_KEY && 2358 attr_is_modifiable_private_key(req_attr, session, obj)) 2359 return true; 2360 break; 2361 case PKCS11_CKO_DATA: 2362 /* None of the data object attributes are modifiable */ 2363 return false; 2364 case PKCS11_CKO_CERTIFICATE: 2365 return attr_is_modifiable_certificate(req_attr, session, obj); 2366 default: 2367 break; 2368 } 2369 2370 return false; 2371 } 2372 2373 enum pkcs11_rc check_attrs_against_modification(struct pkcs11_session *session, 2374 struct obj_attrs *head, 2375 struct pkcs11_object *obj, 2376 enum processing_func function) 2377 { 2378 enum pkcs11_class_id class = PKCS11_CKO_UNDEFINED_ID; 2379 char *cur = NULL; 2380 char *end = NULL; 2381 size_t len = 0; 2382 2383 class = get_class(obj->attributes); 2384 2385 cur = (char *)head + sizeof(struct obj_attrs); 2386 end = cur + head->attrs_size; 2387 2388 for (; cur < end; cur += len) { 2389 /* Structure aligned copy of the pkcs11_ref in the object */ 2390 struct pkcs11_attribute_head cli_ref = { }; 2391 2392 TEE_MemMove(&cli_ref, cur, sizeof(cli_ref)); 2393 len = sizeof(cli_ref) + cli_ref.size; 2394 2395 /* Protect hidden attributes */ 2396 if (attribute_is_hidden(&cli_ref)) 2397 return PKCS11_CKR_ATTRIBUTE_TYPE_INVALID; 2398 2399 /* 2400 * Check 1 - Check if attribute belongs to the object 2401 * The obj->attributes has all the attributes in 2402 * it which are allowed for an object. 2403 */ 2404 if (get_attribute_ptr(obj->attributes, cli_ref.id, NULL, 2405 NULL) == PKCS11_RV_NOT_FOUND) 2406 return PKCS11_CKR_ATTRIBUTE_TYPE_INVALID; 2407 2408 /* Check 2 - Is attribute modifiable */ 2409 if (!attribute_is_modifiable(session, &cli_ref, obj, class, 2410 function)) 2411 return PKCS11_CKR_ATTRIBUTE_READ_ONLY; 2412 2413 /* 2414 * Checks for modification in PKCS11_CKA_TOKEN and 2415 * PKCS11_CKA_PRIVATE are required for PKCS11_FUNCTION_COPY 2416 * only, so skip them for PKCS11_FUNCTION_MODIFY. 2417 */ 2418 if (function == PKCS11_FUNCTION_MODIFY) 2419 continue; 2420 2421 /* 2422 * An attempt to copy an object to a token will fail for 2423 * RO session 2424 */ 2425 if (cli_ref.id == PKCS11_CKA_TOKEN && 2426 get_bool(head, PKCS11_CKA_TOKEN)) { 2427 if (!pkcs11_session_is_read_write(session)) { 2428 DMSG("Can't copy to token in a RO session"); 2429 return PKCS11_CKR_SESSION_READ_ONLY; 2430 } 2431 } 2432 2433 if (cli_ref.id == PKCS11_CKA_PRIVATE) { 2434 bool parent_priv = 2435 get_bool(obj->attributes, cli_ref.id); 2436 bool obj_priv = get_bool(head, cli_ref.id); 2437 2438 /* 2439 * If PKCS11_CKA_PRIVATE is being set to TRUE from 2440 * FALSE, user has to be logged in 2441 */ 2442 if (!parent_priv && obj_priv) { 2443 if ((pkcs11_session_is_public(session) || 2444 pkcs11_session_is_so(session))) 2445 return PKCS11_CKR_USER_NOT_LOGGED_IN; 2446 } 2447 2448 /* 2449 * Restriction added - Even for Copy, do not allow 2450 * modification of CKA_PRIVATE from TRUE to FALSE 2451 */ 2452 if (parent_priv && !obj_priv) 2453 return PKCS11_CKR_TEMPLATE_INCONSISTENT; 2454 } 2455 } 2456 2457 return PKCS11_CKR_OK; 2458 } 2459 2460 static enum pkcs11_rc set_secret_key_data(struct obj_attrs **head, void *data, 2461 size_t key_size) 2462 { 2463 uint32_t size = sizeof(uint32_t); 2464 uint32_t key_length = 0; 2465 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2466 2467 /* Get key size if present in template */ 2468 rc = get_attribute(*head, PKCS11_CKA_VALUE_LEN, &key_length, &size); 2469 if (rc && rc != PKCS11_RV_NOT_FOUND) 2470 return rc; 2471 2472 if (key_length) { 2473 if (key_size < key_length) 2474 return PKCS11_CKR_DATA_LEN_RANGE; 2475 } else { 2476 key_length = key_size; 2477 rc = set_attribute(head, PKCS11_CKA_VALUE_LEN, &key_length, 2478 sizeof(uint32_t)); 2479 if (rc) 2480 return rc; 2481 } 2482 2483 /* Now we can check the VALUE_LEN field */ 2484 rc = check_created_attrs(*head, NULL); 2485 if (rc) 2486 return rc; 2487 2488 /* Remove the default empty value attribute if found */ 2489 rc = remove_empty_attribute(head, PKCS11_CKA_VALUE); 2490 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND) 2491 return PKCS11_CKR_GENERAL_ERROR; 2492 2493 rc = add_attribute(head, PKCS11_CKA_VALUE, data, key_length); 2494 if (rc) 2495 return rc; 2496 2497 return set_check_value_attr(head); 2498 } 2499 2500 static enum pkcs11_rc set_private_key_data_rsa(struct obj_attrs **head, 2501 void *data, 2502 size_t key_size) 2503 { 2504 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2505 int mbedtls_rc = 0; 2506 uint32_t key_bits = 0; 2507 uint32_t size = 0; 2508 uint32_t buffer_size = 0; 2509 void *buffer = NULL; 2510 mbedtls_pk_context pk = { }; 2511 mbedtls_rsa_context *rsa = NULL; 2512 mbedtls_mpi n = { }; 2513 mbedtls_mpi e = { }; 2514 mbedtls_mpi d = { }; 2515 mbedtls_mpi p = { }; 2516 mbedtls_mpi q = { }; 2517 2518 rc = get_u32_attribute(*head, PKCS11_CKA_MODULUS_BITS, &key_bits); 2519 if (rc && rc != PKCS11_RV_NOT_FOUND) 2520 return rc; 2521 2522 if (remove_empty_attribute(head, PKCS11_CKA_MODULUS) || 2523 remove_empty_attribute(head, PKCS11_CKA_PUBLIC_EXPONENT) || 2524 remove_empty_attribute(head, PKCS11_CKA_PRIVATE_EXPONENT) || 2525 remove_empty_attribute(head, PKCS11_CKA_PRIME_1) || 2526 remove_empty_attribute(head, PKCS11_CKA_PRIME_2)) 2527 return PKCS11_CKR_GENERAL_ERROR; 2528 2529 mbedtls_pk_init(&pk); 2530 mbedtls_mpi_init(&n); 2531 mbedtls_mpi_init(&e); 2532 mbedtls_mpi_init(&d); 2533 mbedtls_mpi_init(&p); 2534 mbedtls_mpi_init(&q); 2535 2536 mbedtls_rc = mbedtls_pk_parse_key(&pk, data, key_size, 2537 NULL, 0, mbd_rand, NULL); 2538 if (mbedtls_rc) { 2539 rc = PKCS11_CKR_ARGUMENTS_BAD; 2540 goto out; 2541 } 2542 2543 rsa = mbedtls_pk_rsa(pk); 2544 if (!rsa) { 2545 rc = PKCS11_CKR_GENERAL_ERROR; 2546 goto out; 2547 } 2548 2549 mbedtls_rc = mbedtls_rsa_export(rsa, &n, &p, &q, &d, &e); 2550 if (mbedtls_rc) { 2551 rc = PKCS11_CKR_ARGUMENTS_BAD; 2552 goto out; 2553 } 2554 2555 if (key_bits && mbedtls_mpi_bitlen(&n) != key_bits) { 2556 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE; 2557 goto out; 2558 } 2559 2560 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&n), 8); 2561 buffer_size = size; 2562 buffer = TEE_Malloc(buffer_size, TEE_USER_MEM_HINT_NO_FILL_ZERO); 2563 if (!buffer) { 2564 rc = PKCS11_CKR_DEVICE_MEMORY; 2565 goto out; 2566 } 2567 2568 mbedtls_rc = mbedtls_mpi_write_binary(&n, buffer, size); 2569 if (mbedtls_rc) { 2570 rc = PKCS11_CKR_WRAPPED_KEY_INVALID; 2571 goto out; 2572 } 2573 2574 rc = add_attribute(head, PKCS11_CKA_MODULUS, buffer, size); 2575 if (rc) 2576 goto out; 2577 2578 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&e), 8); 2579 if (buffer_size < size) { 2580 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE; 2581 goto out; 2582 } 2583 2584 mbedtls_rc = mbedtls_mpi_write_binary(&e, buffer, size); 2585 if (mbedtls_rc) { 2586 rc = PKCS11_CKR_WRAPPED_KEY_INVALID; 2587 goto out; 2588 } 2589 2590 rc = add_attribute(head, PKCS11_CKA_PUBLIC_EXPONENT, buffer, size); 2591 if (rc) 2592 goto out; 2593 2594 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&d), 8); 2595 if (buffer_size < size) { 2596 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE; 2597 goto out; 2598 } 2599 2600 mbedtls_rc = mbedtls_mpi_write_binary(&d, buffer, size); 2601 if (mbedtls_rc) { 2602 rc = PKCS11_CKR_WRAPPED_KEY_INVALID; 2603 goto out; 2604 } 2605 2606 rc = add_attribute(head, PKCS11_CKA_PRIVATE_EXPONENT, buffer, size); 2607 if (rc) 2608 goto out; 2609 2610 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&p), 8); 2611 if (buffer_size < size) { 2612 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE; 2613 goto out; 2614 } 2615 2616 mbedtls_rc = mbedtls_mpi_write_binary(&p, buffer, size); 2617 if (mbedtls_rc) { 2618 rc = PKCS11_CKR_WRAPPED_KEY_INVALID; 2619 goto out; 2620 } 2621 2622 rc = add_attribute(head, PKCS11_CKA_PRIME_1, buffer, size); 2623 if (rc) 2624 goto out; 2625 2626 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&q), 8); 2627 if (buffer_size < size) { 2628 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE; 2629 goto out; 2630 } 2631 2632 mbedtls_rc = mbedtls_mpi_write_binary(&q, buffer, size); 2633 if (mbedtls_rc) { 2634 rc = PKCS11_CKR_WRAPPED_KEY_INVALID; 2635 goto out; 2636 } 2637 2638 rc = add_attribute(head, PKCS11_CKA_PRIME_2, buffer, size); 2639 2640 out: 2641 mbedtls_pk_free(&pk); 2642 mbedtls_mpi_free(&n); 2643 mbedtls_mpi_free(&e); 2644 mbedtls_mpi_free(&d); 2645 mbedtls_mpi_free(&p); 2646 mbedtls_mpi_free(&q); 2647 TEE_Free(buffer); 2648 return rc; 2649 } 2650 2651 enum pkcs11_rc set_key_data(struct obj_attrs **head, void *data, 2652 size_t key_size) 2653 { 2654 switch (get_class(*head)) { 2655 case PKCS11_CKO_SECRET_KEY: 2656 return set_secret_key_data(head, data, key_size); 2657 case PKCS11_CKO_PRIVATE_KEY: 2658 if (get_key_type(*head) == PKCS11_CKK_RSA) 2659 return set_private_key_data_rsa(head, data, key_size); 2660 break; 2661 default: 2662 return PKCS11_CKR_GENERAL_ERROR; 2663 } 2664 2665 return PKCS11_CKR_GENERAL_ERROR; 2666 } 2667 2668 static enum pkcs11_rc alloc_copy_attribute_value(struct obj_attrs *head, 2669 void **data, uint32_t *sz) 2670 { 2671 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2672 void *buffer = NULL; 2673 void *value = NULL; 2674 2675 rc = get_attribute_ptr(head, PKCS11_CKA_VALUE, &value, sz); 2676 if (rc) 2677 return PKCS11_CKR_ARGUMENTS_BAD; 2678 2679 buffer = TEE_Malloc(*sz, TEE_USER_MEM_HINT_NO_FILL_ZERO); 2680 if (!buffer) 2681 return PKCS11_CKR_DEVICE_MEMORY; 2682 2683 TEE_MemMove(buffer, value, *sz); 2684 *data = buffer; 2685 2686 return PKCS11_CKR_OK; 2687 } 2688 2689 static enum pkcs11_rc 2690 encode_rsa_private_key_der(struct obj_attrs *head, void **data, uint32_t *sz) 2691 { 2692 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2693 int i = 0; 2694 int mbedtls_rc = 0; 2695 int start = 0; 2696 int der_size = 0; 2697 void *n = NULL; 2698 void *p = NULL; 2699 void *q = NULL; 2700 void *d = NULL; 2701 void *e = NULL; 2702 uint32_t n_len = 0; 2703 uint32_t p_len = 0; 2704 uint32_t q_len = 0; 2705 uint32_t d_len = 0; 2706 uint32_t e_len = 0; 2707 uint8_t *buffer = NULL; 2708 mbedtls_pk_context pk = { }; 2709 mbedtls_rsa_context *rsa = NULL; 2710 const mbedtls_pk_info_t *pk_info = NULL; 2711 2712 mbedtls_pk_init(&pk); 2713 pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); 2714 if (mbedtls_pk_setup(&pk, pk_info)) { 2715 rc = PKCS11_CKR_GENERAL_ERROR; 2716 goto out; 2717 } 2718 2719 rc = get_attribute_ptr(head, PKCS11_CKA_MODULUS, &n, &n_len); 2720 if (rc) 2721 goto out; 2722 2723 rc = get_attribute_ptr(head, PKCS11_CKA_PRIME_1, &p, &p_len); 2724 if (rc) 2725 goto out; 2726 2727 rc = get_attribute_ptr(head, PKCS11_CKA_PRIME_2, &q, &q_len); 2728 if (rc) 2729 goto out; 2730 2731 rc = get_attribute_ptr(head, PKCS11_CKA_PRIVATE_EXPONENT, &d, &d_len); 2732 if (rc) 2733 goto out; 2734 2735 rc = get_attribute_ptr(head, PKCS11_CKA_PUBLIC_EXPONENT, &e, &e_len); 2736 if (rc) 2737 goto out; 2738 2739 rsa = mbedtls_pk_rsa(pk); 2740 if (!rsa) { 2741 rc = PKCS11_CKR_GENERAL_ERROR; 2742 goto out; 2743 } 2744 2745 mbedtls_rc = mbedtls_rsa_import_raw(rsa, n, n_len, p, p_len, 2746 q, q_len, d, d_len, e, e_len); 2747 if (mbedtls_rc) { 2748 rc = PKCS11_CKR_ARGUMENTS_BAD; 2749 goto out; 2750 } 2751 2752 if (mbedtls_rsa_complete(rsa)) { 2753 rc = PKCS11_CKR_ARGUMENTS_BAD; 2754 goto out; 2755 } 2756 2757 if (mbedtls_rsa_check_privkey(rsa)) { 2758 rc = PKCS11_CKR_ARGUMENTS_BAD; 2759 goto out; 2760 } 2761 2762 der_size = n_len * 8; 2763 buffer = TEE_Malloc(der_size, TEE_USER_MEM_HINT_NO_FILL_ZERO); 2764 if (!buffer) { 2765 rc = PKCS11_CKR_DEVICE_MEMORY; 2766 goto out; 2767 } 2768 2769 mbedtls_rc = mbedtls_pk_write_key_der(&pk, buffer, der_size); 2770 if (mbedtls_rc < 0) { 2771 rc = PKCS11_CKR_ARGUMENTS_BAD; 2772 goto out; 2773 } 2774 2775 start = der_size - mbedtls_rc; 2776 for (i = 0; i < mbedtls_rc; i++) { 2777 buffer[i] = buffer[i + start]; 2778 buffer[i + start] = 0; 2779 } 2780 2781 *data = buffer; 2782 *sz = mbedtls_rc; 2783 out: 2784 mbedtls_pk_free(&pk); 2785 2786 if (rc) 2787 TEE_Free(buffer); 2788 2789 return rc; 2790 } 2791 2792 enum pkcs11_rc alloc_key_data_to_wrap(struct obj_attrs *head, void **data, 2793 uint32_t *sz) 2794 { 2795 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2796 2797 switch (get_class(head)) { 2798 case PKCS11_CKO_SECRET_KEY: 2799 rc = alloc_copy_attribute_value(head, data, sz); 2800 break; 2801 case PKCS11_CKO_PRIVATE_KEY: 2802 if (get_key_type(head) == PKCS11_CKK_RSA) 2803 rc = encode_rsa_private_key_der(head, data, sz); 2804 break; 2805 default: 2806 break; 2807 } 2808 2809 return rc; 2810 } 2811 2812 enum pkcs11_rc add_missing_attribute_id(struct obj_attrs **pub_head, 2813 struct obj_attrs **priv_head) 2814 { 2815 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2816 void *id1 = NULL; 2817 uint32_t id1_size = 0; 2818 void *id2 = NULL; 2819 uint32_t id2_size = 0; 2820 2821 assert(pub_head); 2822 assert(priv_head); 2823 2824 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_ID, &id1, &id1_size); 2825 if (rc) { 2826 if (rc != PKCS11_RV_NOT_FOUND) 2827 return rc; 2828 id1 = NULL; 2829 } else if (!id1_size) { 2830 id1 = NULL; 2831 } 2832 2833 rc = get_attribute_ptr(*priv_head, PKCS11_CKA_ID, &id2, &id2_size); 2834 if (rc) { 2835 if (rc != PKCS11_RV_NOT_FOUND) 2836 return rc; 2837 id2 = NULL; 2838 } else if (!id2_size) { 2839 id2 = NULL; 2840 } 2841 2842 /* Both have value -- let them be what caller has specified them */ 2843 if (id1 && id2) 2844 return PKCS11_CKR_OK; 2845 2846 /* Both are empty -- leave empty values */ 2847 if (!id1 && !id2) 2848 return PKCS11_CKR_OK; 2849 2850 /* Cross copy CKA_ID value */ 2851 if (id1) 2852 return set_attribute(priv_head, PKCS11_CKA_ID, id1, id1_size); 2853 else 2854 return set_attribute(pub_head, PKCS11_CKA_ID, id2, id2_size); 2855 } 2856 2857 /* 2858 * The key check value is derived from the object by taking the first 2859 * three bytes of the SHA-1 hash of the object's CKA_VALUE attribute. 2860 */ 2861 static enum pkcs11_rc compute_check_value_with_sha1(void *key, 2862 uint32_t key_size, 2863 void *kcv) 2864 { 2865 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2866 TEE_Result res = TEE_ERROR_GENERIC; 2867 TEE_OperationHandle op = TEE_HANDLE_NULL; 2868 size_t buf_size = TEE_MAX_HASH_SIZE; 2869 uint8_t *buf = NULL; 2870 2871 assert(key && kcv); 2872 2873 res = TEE_AllocateOperation(&op, TEE_ALG_SHA1, TEE_MODE_DIGEST, 0); 2874 rc = tee2pkcs_error(res); 2875 if (rc != PKCS11_CKR_OK) 2876 goto out; 2877 2878 buf = TEE_Malloc(buf_size, TEE_MALLOC_FILL_ZERO); 2879 if (!buf) { 2880 rc = PKCS11_CKR_DEVICE_MEMORY; 2881 goto out; 2882 } 2883 2884 res = TEE_DigestDoFinal(op, key, key_size, buf, &buf_size); 2885 rc = tee2pkcs_error(res); 2886 if (rc != PKCS11_CKR_OK) 2887 goto out; 2888 2889 TEE_MemMove(kcv, buf, PKCS11_CKA_CHECK_VALUE_SIZE); 2890 2891 out: 2892 TEE_Free(buf); 2893 TEE_FreeOperation(op); 2894 2895 return rc; 2896 } 2897 2898 /* 2899 * The key check value that is calculated as follows: 2900 * 1) Take a buffer of the cipher block size of binary zeros (0x00). 2901 * 2) Encrypt this block in ECB mode. 2902 * 3) Take the first three bytes of cipher text as the check value. 2903 */ 2904 static enum pkcs11_rc compute_check_value_with_ecb(void *key, uint32_t key_size, 2905 void *kcv) 2906 { 2907 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2908 TEE_Result res = TEE_ERROR_GENERIC; 2909 TEE_OperationHandle op = TEE_HANDLE_NULL; 2910 TEE_ObjectHandle hkey = TEE_HANDLE_NULL; 2911 TEE_Attribute attr = { }; 2912 uint8_t buf[TEE_AES_BLOCK_SIZE] = { }; 2913 size_t buf_size = sizeof(buf); 2914 2915 assert(key && kcv); 2916 2917 res = TEE_AllocateOperation(&op, TEE_ALG_AES_ECB_NOPAD, 2918 TEE_MODE_ENCRYPT, key_size * 8); 2919 rc = tee2pkcs_error(res); 2920 if (rc != PKCS11_CKR_OK) 2921 goto out; 2922 2923 res = TEE_AllocateTransientObject(TEE_TYPE_AES, key_size * 8, &hkey); 2924 rc = tee2pkcs_error(res); 2925 if (rc != PKCS11_CKR_OK) 2926 goto out; 2927 2928 TEE_InitRefAttribute(&attr, TEE_ATTR_SECRET_VALUE, key, key_size); 2929 2930 res = TEE_PopulateTransientObject(hkey, &attr, 1); 2931 rc = tee2pkcs_error(res); 2932 if (rc != PKCS11_CKR_OK) 2933 goto out; 2934 2935 res = TEE_SetOperationKey(op, hkey); 2936 rc = tee2pkcs_error(res); 2937 if (rc != PKCS11_CKR_OK) 2938 goto out; 2939 2940 TEE_CipherInit(op, NULL, 0); 2941 2942 res = TEE_CipherDoFinal(op, buf, buf_size, buf, &buf_size); 2943 rc = tee2pkcs_error(res); 2944 if (rc != PKCS11_CKR_OK) 2945 goto out; 2946 2947 TEE_MemMove(kcv, buf, PKCS11_CKA_CHECK_VALUE_SIZE); 2948 2949 out: 2950 TEE_FreeTransientObject(hkey); 2951 TEE_FreeOperation(op); 2952 2953 return rc; 2954 } 2955 2956 enum pkcs11_rc set_check_value_attr(struct obj_attrs **head) 2957 { 2958 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR; 2959 uint32_t val_len = 0; 2960 uint32_t kcv2_len = 0; 2961 void *val = NULL; 2962 uint8_t kcv[PKCS11_CKA_CHECK_VALUE_SIZE] = { }; 2963 void *kcv2 = NULL; 2964 2965 assert(head && *head); 2966 2967 if (!IS_ENABLED(CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE)) 2968 return PKCS11_CKR_OK; 2969 2970 switch (get_class(*head)) { 2971 case PKCS11_CKO_SECRET_KEY: 2972 case PKCS11_CKO_CERTIFICATE: 2973 break; 2974 default: 2975 /* Nothing to do */ 2976 return PKCS11_CKR_OK; 2977 } 2978 2979 /* Check whether CKA_CHECK_VALUE has been provided in the template */ 2980 rc = get_attribute_ptr(*head, PKCS11_CKA_CHECK_VALUE, &kcv2, &kcv2_len); 2981 2982 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND) 2983 return PKCS11_CKR_GENERAL_ERROR; 2984 2985 /* 2986 * The generation of the KCV may be prevented by the application 2987 * supplying the attribute in the template as a no-value (0 length) 2988 * entry. 2989 */ 2990 if (rc == PKCS11_CKR_OK && !kcv2_len) 2991 return PKCS11_CKR_OK; 2992 2993 if (rc == PKCS11_CKR_OK && kcv2_len != PKCS11_CKA_CHECK_VALUE_SIZE) 2994 return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID; 2995 2996 /* Get key CKA_VALUE */ 2997 rc = get_attribute_ptr(*head, PKCS11_CKA_VALUE, &val, &val_len); 2998 if (rc) 2999 return rc; 3000 3001 if (get_class(*head) == PKCS11_CKO_SECRET_KEY) { 3002 switch (get_key_type(*head)) { 3003 case PKCS11_CKK_AES: 3004 rc = compute_check_value_with_ecb(val, val_len, kcv); 3005 break; 3006 case PKCS11_CKK_GENERIC_SECRET: 3007 case PKCS11_CKK_MD5_HMAC: 3008 case PKCS11_CKK_SHA_1_HMAC: 3009 case PKCS11_CKK_SHA256_HMAC: 3010 case PKCS11_CKK_SHA384_HMAC: 3011 case PKCS11_CKK_SHA512_HMAC: 3012 case PKCS11_CKK_SHA224_HMAC: 3013 rc = compute_check_value_with_sha1(val, val_len, kcv); 3014 break; 3015 default: 3016 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT; 3017 break; 3018 } 3019 } else { 3020 rc = compute_check_value_with_sha1(val, val_len, kcv); 3021 } 3022 3023 if (rc) 3024 return rc; 3025 3026 /* 3027 * If the computed KCV does not match the provided one 3028 * then return CKR_ATTRIBUTE_VALUE_INVALID 3029 */ 3030 if (kcv2_len) { 3031 /* Provided KCV value shall match the computed one */ 3032 if (TEE_MemCompare(kcv2, kcv, PKCS11_CKA_CHECK_VALUE_SIZE)) 3033 rc = PKCS11_CKR_ATTRIBUTE_VALUE_INVALID; 3034 } else { 3035 rc = add_attribute(head, PKCS11_CKA_CHECK_VALUE, kcv, 3036 PKCS11_CKA_CHECK_VALUE_SIZE); 3037 } 3038 3039 return rc; 3040 } 3041