xref: /optee_os/ta/pkcs11/src/pkcs11_helpers.c (revision ddf63ac313b98ca919f23b8bfc88cce2a16c29b4) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (c) 2018-2020, Linaro Limited
4  */
5 
6 #include <pkcs11_ta.h>
7 #include <string.h>
8 #include <tee_internal_api.h>
9 #include <util.h>
10 
11 #include "pkcs11_helpers.h"
12 
13 static const char __maybe_unused unknown[] = "<unknown-identifier>";
14 
15 struct any_id {
16 	uint32_t id;
17 #if CFG_TEE_TA_LOG_LEVEL > 0
18 	const char *string;
19 #endif
20 };
21 
22 /*
23  * Macro PKCS11_ID() can be used to define cells in ID list arrays
24  * or ID/string conversion arrays.
25  */
26 #if CFG_TEE_TA_LOG_LEVEL > 0
27 #define PKCS11_ID(_id)		{ .id = _id, .string = #_id }
28 #else
29 #define PKCS11_ID(_id)		{ .id = _id }
30 #endif
31 
32 #define ID2STR(id, table, prefix)	\
33 	id2str(id, table, ARRAY_SIZE(table), prefix)
34 
35 #if CFG_TEE_TA_LOG_LEVEL > 0
36 /* Convert a PKCS11 ID into its label string */
37 static const char *id2str(uint32_t id, const struct any_id *table,
38 			  size_t count, const char *prefix)
39 {
40 	size_t n = 0;
41 	const char *str = NULL;
42 
43 	for (n = 0; n < count; n++) {
44 		if (id != table[n].id)
45 			continue;
46 
47 		str = table[n].string;
48 
49 		/* Skip prefix provided matches found */
50 		if (prefix && !TEE_MemCompare(str, prefix, strlen(prefix)))
51 			str += strlen(prefix);
52 
53 		return str;
54 	}
55 
56 	return unknown;
57 }
58 #endif /* CFG_TEE_TA_LOG_LEVEL > 0 */
59 
60 /*
61  * TA command IDs: used only as ID/string conversion for debug trace support
62  */
63 static const struct any_id __maybe_unused string_ta_cmd[] = {
64 	PKCS11_ID(PKCS11_CMD_PING),
65 	PKCS11_ID(PKCS11_CMD_SLOT_LIST),
66 	PKCS11_ID(PKCS11_CMD_SLOT_INFO),
67 	PKCS11_ID(PKCS11_CMD_TOKEN_INFO),
68 	PKCS11_ID(PKCS11_CMD_MECHANISM_IDS),
69 	PKCS11_ID(PKCS11_CMD_MECHANISM_INFO),
70 	PKCS11_ID(PKCS11_CMD_OPEN_SESSION),
71 	PKCS11_ID(PKCS11_CMD_SESSION_INFO),
72 	PKCS11_ID(PKCS11_CMD_CLOSE_SESSION),
73 	PKCS11_ID(PKCS11_CMD_CLOSE_ALL_SESSIONS),
74 	PKCS11_ID(PKCS11_CMD_INIT_TOKEN),
75 	PKCS11_ID(PKCS11_CMD_INIT_PIN),
76 	PKCS11_ID(PKCS11_CMD_SET_PIN),
77 	PKCS11_ID(PKCS11_CMD_LOGIN),
78 	PKCS11_ID(PKCS11_CMD_LOGOUT),
79 	PKCS11_ID(PKCS11_CMD_CREATE_OBJECT),
80 	PKCS11_ID(PKCS11_CMD_DESTROY_OBJECT),
81 };
82 
83 static const struct any_id __maybe_unused string_slot_flags[] = {
84 	PKCS11_ID(PKCS11_CKFS_TOKEN_PRESENT),
85 	PKCS11_ID(PKCS11_CKFS_REMOVABLE_DEVICE),
86 	PKCS11_ID(PKCS11_CKFS_HW_SLOT),
87 };
88 
89 static const struct any_id __maybe_unused string_token_flags[] = {
90 	PKCS11_ID(PKCS11_CKFT_RNG),
91 	PKCS11_ID(PKCS11_CKFT_WRITE_PROTECTED),
92 	PKCS11_ID(PKCS11_CKFT_LOGIN_REQUIRED),
93 	PKCS11_ID(PKCS11_CKFT_USER_PIN_INITIALIZED),
94 	PKCS11_ID(PKCS11_CKFT_RESTORE_KEY_NOT_NEEDED),
95 	PKCS11_ID(PKCS11_CKFT_CLOCK_ON_TOKEN),
96 	PKCS11_ID(PKCS11_CKFT_PROTECTED_AUTHENTICATION_PATH),
97 	PKCS11_ID(PKCS11_CKFT_DUAL_CRYPTO_OPERATIONS),
98 	PKCS11_ID(PKCS11_CKFT_TOKEN_INITIALIZED),
99 	PKCS11_ID(PKCS11_CKFT_USER_PIN_COUNT_LOW),
100 	PKCS11_ID(PKCS11_CKFT_USER_PIN_FINAL_TRY),
101 	PKCS11_ID(PKCS11_CKFT_USER_PIN_LOCKED),
102 	PKCS11_ID(PKCS11_CKFT_USER_PIN_TO_BE_CHANGED),
103 	PKCS11_ID(PKCS11_CKFT_SO_PIN_COUNT_LOW),
104 	PKCS11_ID(PKCS11_CKFT_SO_PIN_FINAL_TRY),
105 	PKCS11_ID(PKCS11_CKFT_SO_PIN_LOCKED),
106 	PKCS11_ID(PKCS11_CKFT_SO_PIN_TO_BE_CHANGED),
107 	PKCS11_ID(PKCS11_CKFT_ERROR_STATE),
108 };
109 
110 static const struct any_id __maybe_unused string_session_flags[] = {
111 	PKCS11_ID(PKCS11_CKFSS_RW_SESSION),
112 	PKCS11_ID(PKCS11_CKFSS_SERIAL_SESSION),
113 };
114 
115 static const struct any_id __maybe_unused string_session_state[] = {
116 	PKCS11_ID(PKCS11_CKS_RO_PUBLIC_SESSION),
117 	PKCS11_ID(PKCS11_CKS_RO_USER_FUNCTIONS),
118 	PKCS11_ID(PKCS11_CKS_RW_PUBLIC_SESSION),
119 	PKCS11_ID(PKCS11_CKS_RW_USER_FUNCTIONS),
120 	PKCS11_ID(PKCS11_CKS_RW_SO_FUNCTIONS),
121 };
122 
123 static const struct any_id __maybe_unused string_rc[] = {
124 	PKCS11_ID(PKCS11_CKR_OK),
125 	PKCS11_ID(PKCS11_CKR_GENERAL_ERROR),
126 	PKCS11_ID(PKCS11_CKR_DEVICE_MEMORY),
127 	PKCS11_ID(PKCS11_CKR_ARGUMENTS_BAD),
128 	PKCS11_ID(PKCS11_CKR_BUFFER_TOO_SMALL),
129 	PKCS11_ID(PKCS11_CKR_FUNCTION_FAILED),
130 	PKCS11_ID(PKCS11_CKR_SIGNATURE_INVALID),
131 	PKCS11_ID(PKCS11_CKR_ATTRIBUTE_TYPE_INVALID),
132 	PKCS11_ID(PKCS11_CKR_ATTRIBUTE_VALUE_INVALID),
133 	PKCS11_ID(PKCS11_CKR_OBJECT_HANDLE_INVALID),
134 	PKCS11_ID(PKCS11_CKR_KEY_HANDLE_INVALID),
135 	PKCS11_ID(PKCS11_CKR_MECHANISM_INVALID),
136 	PKCS11_ID(PKCS11_CKR_SESSION_HANDLE_INVALID),
137 	PKCS11_ID(PKCS11_CKR_SLOT_ID_INVALID),
138 	PKCS11_ID(PKCS11_CKR_MECHANISM_PARAM_INVALID),
139 	PKCS11_ID(PKCS11_CKR_TEMPLATE_INCONSISTENT),
140 	PKCS11_ID(PKCS11_CKR_TEMPLATE_INCOMPLETE),
141 	PKCS11_ID(PKCS11_CKR_PIN_INCORRECT),
142 	PKCS11_ID(PKCS11_CKR_PIN_LOCKED),
143 	PKCS11_ID(PKCS11_CKR_PIN_EXPIRED),
144 	PKCS11_ID(PKCS11_CKR_PIN_INVALID),
145 	PKCS11_ID(PKCS11_CKR_PIN_LEN_RANGE),
146 	PKCS11_ID(PKCS11_CKR_SESSION_EXISTS),
147 	PKCS11_ID(PKCS11_CKR_SESSION_READ_ONLY),
148 	PKCS11_ID(PKCS11_CKR_SESSION_READ_WRITE_SO_EXISTS),
149 	PKCS11_ID(PKCS11_CKR_OPERATION_ACTIVE),
150 	PKCS11_ID(PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED),
151 	PKCS11_ID(PKCS11_CKR_OPERATION_NOT_INITIALIZED),
152 	PKCS11_ID(PKCS11_CKR_TOKEN_WRITE_PROTECTED),
153 	PKCS11_ID(PKCS11_CKR_TOKEN_NOT_PRESENT),
154 	PKCS11_ID(PKCS11_CKR_TOKEN_NOT_RECOGNIZED),
155 	PKCS11_ID(PKCS11_CKR_ACTION_PROHIBITED),
156 	PKCS11_ID(PKCS11_CKR_ATTRIBUTE_READ_ONLY),
157 	PKCS11_ID(PKCS11_CKR_PIN_TOO_WEAK),
158 	PKCS11_ID(PKCS11_CKR_CURVE_NOT_SUPPORTED),
159 	PKCS11_ID(PKCS11_CKR_DOMAIN_PARAMS_INVALID),
160 	PKCS11_ID(PKCS11_CKR_USER_ALREADY_LOGGED_IN),
161 	PKCS11_ID(PKCS11_CKR_USER_ANOTHER_ALREADY_LOGGED_IN),
162 	PKCS11_ID(PKCS11_CKR_USER_NOT_LOGGED_IN),
163 	PKCS11_ID(PKCS11_CKR_USER_PIN_NOT_INITIALIZED),
164 	PKCS11_ID(PKCS11_CKR_USER_TOO_MANY_TYPES),
165 	PKCS11_ID(PKCS11_CKR_USER_TYPE_INVALID),
166 	PKCS11_ID(PKCS11_CKR_SESSION_READ_ONLY_EXISTS),
167 	PKCS11_ID(PKCS11_RV_NOT_FOUND),
168 	PKCS11_ID(PKCS11_RV_NOT_IMPLEMENTED),
169 };
170 
171 /*
172  * Conversion between PKCS11 TA and GPD TEE return codes
173  */
174 enum pkcs11_rc tee2pkcs_error(TEE_Result res)
175 {
176 	switch (res) {
177 	case TEE_SUCCESS:
178 		return PKCS11_CKR_OK;
179 
180 	case TEE_ERROR_BAD_PARAMETERS:
181 		return PKCS11_CKR_ARGUMENTS_BAD;
182 
183 	case TEE_ERROR_OUT_OF_MEMORY:
184 		return PKCS11_CKR_DEVICE_MEMORY;
185 
186 	case TEE_ERROR_SHORT_BUFFER:
187 		return PKCS11_CKR_BUFFER_TOO_SMALL;
188 
189 	case TEE_ERROR_MAC_INVALID:
190 	case TEE_ERROR_SIGNATURE_INVALID:
191 		return PKCS11_CKR_SIGNATURE_INVALID;
192 
193 	default:
194 		return PKCS11_CKR_GENERAL_ERROR;
195 	}
196 }
197 
198 #if CFG_TEE_TA_LOG_LEVEL > 0
199 const char *id2str_rc(uint32_t id)
200 {
201 	return ID2STR(id, string_rc, "PKCS11_CKR_");
202 }
203 
204 const char *id2str_ta_cmd(uint32_t id)
205 {
206 	return ID2STR(id, string_ta_cmd, NULL);
207 }
208 
209 const char *id2str_slot_flag(uint32_t id)
210 {
211 	return ID2STR(id, string_slot_flags, "PKCS11_CKFS_");
212 }
213 
214 const char *id2str_token_flag(uint32_t id)
215 {
216 	return ID2STR(id, string_token_flags, "PKCS11_CKFT_");
217 }
218 
219 const char *id2str_session_flag(uint32_t id)
220 {
221 	return ID2STR(id, string_session_flags, "PKCS11_CKFSS_");
222 }
223 
224 const char *id2str_session_state(uint32_t id)
225 {
226 	return ID2STR(id, string_session_state, "PKCS11_CKS_");
227 }
228 #endif /*CFG_TEE_TA_LOG_LEVEL*/
229