xref: /optee_os/ta/pkcs11/src/pkcs11_helpers.c (revision 11fa71b9ddb429088f325cfda430183003ccd1db) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (c) 2018-2020, Linaro Limited
4  */
5 
6 #include <pkcs11_ta.h>
7 #include <string.h>
8 #include <tee_internal_api.h>
9 #include <util.h>
10 
11 #include "pkcs11_helpers.h"
12 
13 static const char __maybe_unused unknown[] = "<unknown-identifier>";
14 
15 struct any_id {
16 	uint32_t id;
17 #if CFG_TEE_TA_LOG_LEVEL > 0
18 	const char *string;
19 #endif
20 };
21 
22 /*
23  * Macro PKCS11_ID() can be used to define cells in ID list arrays
24  * or ID/string conversion arrays.
25  */
26 #if CFG_TEE_TA_LOG_LEVEL > 0
27 #define PKCS11_ID(_id)		{ .id = _id, .string = #_id }
28 #else
29 #define PKCS11_ID(_id)		{ .id = _id }
30 #endif
31 
32 #define ID2STR(id, table, prefix)	\
33 	id2str(id, table, ARRAY_SIZE(table), prefix)
34 
35 #if CFG_TEE_TA_LOG_LEVEL > 0
36 /* Convert a PKCS11 ID into its label string */
37 static const char *id2str(uint32_t id, const struct any_id *table,
38 			  size_t count, const char *prefix)
39 {
40 	size_t n = 0;
41 	const char *str = NULL;
42 
43 	for (n = 0; n < count; n++) {
44 		if (id != table[n].id)
45 			continue;
46 
47 		str = table[n].string;
48 
49 		/* Skip prefix provided matches found */
50 		if (prefix && !TEE_MemCompare(str, prefix, strlen(prefix)))
51 			str += strlen(prefix);
52 
53 		return str;
54 	}
55 
56 	return unknown;
57 }
58 #endif /* CFG_TEE_TA_LOG_LEVEL > 0 */
59 
60 /*
61  * TA command IDs: used only as ID/string conversion for debug trace support
62  */
63 static const struct any_id __maybe_unused string_ta_cmd[] = {
64 	PKCS11_ID(PKCS11_CMD_PING),
65 	PKCS11_ID(PKCS11_CMD_SLOT_LIST),
66 	PKCS11_ID(PKCS11_CMD_SLOT_INFO),
67 	PKCS11_ID(PKCS11_CMD_TOKEN_INFO),
68 	PKCS11_ID(PKCS11_CMD_MECHANISM_IDS),
69 	PKCS11_ID(PKCS11_CMD_MECHANISM_INFO),
70 	PKCS11_ID(PKCS11_CMD_OPEN_SESSION),
71 	PKCS11_ID(PKCS11_CMD_SESSION_INFO),
72 	PKCS11_ID(PKCS11_CMD_CLOSE_SESSION),
73 	PKCS11_ID(PKCS11_CMD_CLOSE_ALL_SESSIONS),
74 };
75 
76 static const struct any_id __maybe_unused string_slot_flags[] = {
77 	PKCS11_ID(PKCS11_CKFS_TOKEN_PRESENT),
78 	PKCS11_ID(PKCS11_CKFS_REMOVABLE_DEVICE),
79 	PKCS11_ID(PKCS11_CKFS_HW_SLOT),
80 };
81 
82 static const struct any_id __maybe_unused string_token_flags[] = {
83 	PKCS11_ID(PKCS11_CKFT_RNG),
84 	PKCS11_ID(PKCS11_CKFT_WRITE_PROTECTED),
85 	PKCS11_ID(PKCS11_CKFT_LOGIN_REQUIRED),
86 	PKCS11_ID(PKCS11_CKFT_USER_PIN_INITIALIZED),
87 	PKCS11_ID(PKCS11_CKFT_RESTORE_KEY_NOT_NEEDED),
88 	PKCS11_ID(PKCS11_CKFT_CLOCK_ON_TOKEN),
89 	PKCS11_ID(PKCS11_CKFT_PROTECTED_AUTHENTICATION_PATH),
90 	PKCS11_ID(PKCS11_CKFT_DUAL_CRYPTO_OPERATIONS),
91 	PKCS11_ID(PKCS11_CKFT_TOKEN_INITIALIZED),
92 	PKCS11_ID(PKCS11_CKFT_USER_PIN_COUNT_LOW),
93 	PKCS11_ID(PKCS11_CKFT_USER_PIN_FINAL_TRY),
94 	PKCS11_ID(PKCS11_CKFT_USER_PIN_LOCKED),
95 	PKCS11_ID(PKCS11_CKFT_USER_PIN_TO_BE_CHANGED),
96 	PKCS11_ID(PKCS11_CKFT_SO_PIN_COUNT_LOW),
97 	PKCS11_ID(PKCS11_CKFT_SO_PIN_FINAL_TRY),
98 	PKCS11_ID(PKCS11_CKFT_SO_PIN_LOCKED),
99 	PKCS11_ID(PKCS11_CKFT_SO_PIN_TO_BE_CHANGED),
100 	PKCS11_ID(PKCS11_CKFT_ERROR_STATE),
101 };
102 
103 static const struct any_id __maybe_unused string_session_flags[] = {
104 	PKCS11_ID(PKCS11_CKFSS_RW_SESSION),
105 	PKCS11_ID(PKCS11_CKFSS_SERIAL_SESSION),
106 };
107 
108 static const struct any_id __maybe_unused string_session_state[] = {
109 	PKCS11_ID(PKCS11_CKS_RO_PUBLIC_SESSION),
110 	PKCS11_ID(PKCS11_CKS_RO_USER_FUNCTIONS),
111 	PKCS11_ID(PKCS11_CKS_RW_PUBLIC_SESSION),
112 	PKCS11_ID(PKCS11_CKS_RW_USER_FUNCTIONS),
113 	PKCS11_ID(PKCS11_CKS_RW_SO_FUNCTIONS),
114 };
115 
116 static const struct any_id __maybe_unused string_rc[] = {
117 	PKCS11_ID(PKCS11_CKR_OK),
118 	PKCS11_ID(PKCS11_CKR_GENERAL_ERROR),
119 	PKCS11_ID(PKCS11_CKR_DEVICE_MEMORY),
120 	PKCS11_ID(PKCS11_CKR_ARGUMENTS_BAD),
121 	PKCS11_ID(PKCS11_CKR_BUFFER_TOO_SMALL),
122 	PKCS11_ID(PKCS11_CKR_FUNCTION_FAILED),
123 	PKCS11_ID(PKCS11_CKR_SIGNATURE_INVALID),
124 	PKCS11_ID(PKCS11_CKR_ATTRIBUTE_TYPE_INVALID),
125 	PKCS11_ID(PKCS11_CKR_ATTRIBUTE_VALUE_INVALID),
126 	PKCS11_ID(PKCS11_CKR_OBJECT_HANDLE_INVALID),
127 	PKCS11_ID(PKCS11_CKR_KEY_HANDLE_INVALID),
128 	PKCS11_ID(PKCS11_CKR_MECHANISM_INVALID),
129 	PKCS11_ID(PKCS11_CKR_SESSION_HANDLE_INVALID),
130 	PKCS11_ID(PKCS11_CKR_SLOT_ID_INVALID),
131 	PKCS11_ID(PKCS11_CKR_MECHANISM_PARAM_INVALID),
132 	PKCS11_ID(PKCS11_CKR_TEMPLATE_INCONSISTENT),
133 	PKCS11_ID(PKCS11_CKR_TEMPLATE_INCOMPLETE),
134 	PKCS11_ID(PKCS11_CKR_PIN_INCORRECT),
135 	PKCS11_ID(PKCS11_CKR_PIN_LOCKED),
136 	PKCS11_ID(PKCS11_CKR_PIN_EXPIRED),
137 	PKCS11_ID(PKCS11_CKR_PIN_INVALID),
138 	PKCS11_ID(PKCS11_CKR_PIN_LEN_RANGE),
139 	PKCS11_ID(PKCS11_CKR_SESSION_EXISTS),
140 	PKCS11_ID(PKCS11_CKR_SESSION_READ_ONLY),
141 	PKCS11_ID(PKCS11_CKR_SESSION_READ_WRITE_SO_EXISTS),
142 	PKCS11_ID(PKCS11_CKR_OPERATION_ACTIVE),
143 	PKCS11_ID(PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED),
144 	PKCS11_ID(PKCS11_CKR_OPERATION_NOT_INITIALIZED),
145 	PKCS11_ID(PKCS11_CKR_TOKEN_WRITE_PROTECTED),
146 	PKCS11_ID(PKCS11_CKR_TOKEN_NOT_PRESENT),
147 	PKCS11_ID(PKCS11_CKR_TOKEN_NOT_RECOGNIZED),
148 	PKCS11_ID(PKCS11_CKR_ACTION_PROHIBITED),
149 	PKCS11_ID(PKCS11_CKR_ATTRIBUTE_READ_ONLY),
150 	PKCS11_ID(PKCS11_CKR_PIN_TOO_WEAK),
151 	PKCS11_ID(PKCS11_CKR_CURVE_NOT_SUPPORTED),
152 	PKCS11_ID(PKCS11_CKR_DOMAIN_PARAMS_INVALID),
153 	PKCS11_ID(PKCS11_CKR_USER_ALREADY_LOGGED_IN),
154 	PKCS11_ID(PKCS11_CKR_USER_ANOTHER_ALREADY_LOGGED_IN),
155 	PKCS11_ID(PKCS11_CKR_USER_NOT_LOGGED_IN),
156 	PKCS11_ID(PKCS11_CKR_USER_PIN_NOT_INITIALIZED),
157 	PKCS11_ID(PKCS11_CKR_USER_TOO_MANY_TYPES),
158 	PKCS11_ID(PKCS11_CKR_USER_TYPE_INVALID),
159 	PKCS11_ID(PKCS11_CKR_SESSION_READ_ONLY_EXISTS),
160 	PKCS11_ID(PKCS11_RV_NOT_FOUND),
161 	PKCS11_ID(PKCS11_RV_NOT_IMPLEMENTED),
162 };
163 
164 /*
165  * Conversion between PKCS11 TA and GPD TEE return codes
166  */
167 enum pkcs11_rc tee2pkcs_error(TEE_Result res)
168 {
169 	switch (res) {
170 	case TEE_SUCCESS:
171 		return PKCS11_CKR_OK;
172 
173 	case TEE_ERROR_BAD_PARAMETERS:
174 		return PKCS11_CKR_ARGUMENTS_BAD;
175 
176 	case TEE_ERROR_OUT_OF_MEMORY:
177 		return PKCS11_CKR_DEVICE_MEMORY;
178 
179 	case TEE_ERROR_SHORT_BUFFER:
180 		return PKCS11_CKR_BUFFER_TOO_SMALL;
181 
182 	case TEE_ERROR_MAC_INVALID:
183 	case TEE_ERROR_SIGNATURE_INVALID:
184 		return PKCS11_CKR_SIGNATURE_INVALID;
185 
186 	default:
187 		return PKCS11_CKR_GENERAL_ERROR;
188 	}
189 }
190 
191 #if CFG_TEE_TA_LOG_LEVEL > 0
192 const char *id2str_rc(uint32_t id)
193 {
194 	return ID2STR(id, string_rc, "PKCS11_CKR_");
195 }
196 
197 const char *id2str_ta_cmd(uint32_t id)
198 {
199 	return ID2STR(id, string_ta_cmd, NULL);
200 }
201 
202 const char *id2str_slot_flag(uint32_t id)
203 {
204 	return ID2STR(id, string_slot_flags, "PKCS11_CKFS_");
205 }
206 
207 const char *id2str_token_flag(uint32_t id)
208 {
209 	return ID2STR(id, string_token_flags, "PKCS11_CKFT_");
210 }
211 
212 const char *id2str_session_flag(uint32_t id)
213 {
214 	return ID2STR(id, string_session_flags, "PKCS11_CKFSS_");
215 }
216 
217 const char *id2str_session_state(uint32_t id)
218 {
219 	return ID2STR(id, string_session_state, "PKCS11_CKS_");
220 }
221 #endif /*CFG_TEE_TA_LOG_LEVEL*/
222