xref: /optee_os/ta/pkcs11/src/token_capabilities.c (revision 0442c956edfb70be378634fd51dbec6e21550a5a) 
1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (c) 2017-2020, Linaro Limited
4  */
5 
6 #include <assert.h>
7 #include <pkcs11_ta.h>
8 #include <string.h>
9 #include <util.h>
10 #include <tee_api.h>
11 #include <tee_internal_api_extensions.h>
12 
13 #include "pkcs11_helpers.h"
14 #include "token_capabilities.h"
15 
16 #define ALLOWED_PKCS11_CKFM	\
17 	(PKCS11_CKFM_ENCRYPT | PKCS11_CKFM_DECRYPT |		\
18 	 PKCS11_CKFM_DERIVE | PKCS11_CKFM_DIGEST |		\
19 	 PKCS11_CKFM_SIGN | PKCS11_CKFM_SIGN_RECOVER |		\
20 	 PKCS11_CKFM_VERIFY | PKCS11_CKFM_VERIFY_RECOVER |	\
21 	 PKCS11_CKFM_GENERATE |	PKCS11_CKFM_GENERATE_KEY_PAIR |	\
22 	 PKCS11_CKFM_WRAP | PKCS11_CKFM_UNWRAP)
23 
24 /*
25  * Definition of supported processings for a PKCS#11 mechanisms
26  * @id: Mechanism ID
27  * @flags: Valid PKCS11_CKFM_* for a mechanism as per PKCS#11
28  * @one_shot: true of mechanism can be used for a one-short processing
29  * @string: Helper string of the mechanism ID for debug purpose
30  */
31 struct pkcs11_mechachism_modes {
32 	uint32_t id;
33 	uint32_t flags;
34 	bool one_shot;
35 #if CFG_TEE_TA_LOG_LEVEL > 0
36 	const char *string;
37 #endif
38 };
39 
40 #if CFG_TEE_TA_LOG_LEVEL > 0
41 #define MECHANISM(_label, _flags, _single_part)	\
42 	{					\
43 		.id = _label,			\
44 		.one_shot = (_single_part),	\
45 		.flags = (_flags),		\
46 		.string = #_label,		\
47 	}
48 #else
49 #define MECHANISM(_label, _flags, _single_part)	\
50 	{					\
51 		.id = _label,			\
52 		.one_shot = (_single_part),	\
53 		.flags = (_flags),		\
54 	}
55 #endif
56 
57 #define SINGLE_PART_ONLY	true
58 #define ANY_PART		false
59 
60 #define CKFM_CIPHER		(PKCS11_CKFM_ENCRYPT | PKCS11_CKFM_DECRYPT)
61 #define CKFM_WRAP_UNWRAP	(PKCS11_CKFM_WRAP | PKCS11_CKFM_UNWRAP)
62 #define CKFM_CIPHER_WRAP	(CKFM_CIPHER | CKFM_WRAP_UNWRAP)
63 #define CKFM_CIPHER_WRAP_DERIVE	(CKFM_CIPHER_WRAP | PKCS11_CKFM_DERIVE)
64 #define CKFM_AUTH_NO_RECOVER	(PKCS11_CKFM_SIGN | PKCS11_CKFM_VERIFY)
65 #define CKFM_AUTH_WITH_RECOVER	(PKCS11_CKFM_SIGN_RECOVER | \
66 				 PKCS11_CKFM_VERIFY_RECOVER)
67 
68 /* PKCS#11 specificies permitted operation for each mechanism  */
69 static const struct pkcs11_mechachism_modes pkcs11_modes[] = {
70 	/* AES */
71 	MECHANISM(PKCS11_CKM_AES_ECB, CKFM_CIPHER_WRAP, ANY_PART),
72 	MECHANISM(PKCS11_CKM_AES_CBC, CKFM_CIPHER_WRAP, ANY_PART),
73 	MECHANISM(PKCS11_CKM_AES_CBC_PAD, CKFM_CIPHER_WRAP, ANY_PART),
74 	MECHANISM(PKCS11_CKM_AES_CTS, CKFM_CIPHER_WRAP, ANY_PART),
75 	MECHANISM(PKCS11_CKM_AES_CTR, CKFM_CIPHER_WRAP, ANY_PART),
76 	MECHANISM(PKCS11_CKM_AES_ECB_ENCRYPT_DATA, PKCS11_CKFM_DERIVE,
77 		  ANY_PART),
78 	MECHANISM(PKCS11_CKM_AES_CBC_ENCRYPT_DATA, PKCS11_CKFM_DERIVE,
79 		  ANY_PART),
80 	MECHANISM(PKCS11_CKM_AES_KEY_GEN, PKCS11_CKFM_GENERATE, ANY_PART),
81 	MECHANISM(PKCS11_CKM_GENERIC_SECRET_KEY_GEN, PKCS11_CKFM_GENERATE,
82 		  ANY_PART),
83 	/* Digest */
84 	MECHANISM(PKCS11_CKM_MD5, PKCS11_CKFM_DIGEST, ANY_PART),
85 	MECHANISM(PKCS11_CKM_SHA_1, PKCS11_CKFM_DIGEST, ANY_PART),
86 	MECHANISM(PKCS11_CKM_SHA224, PKCS11_CKFM_DIGEST, ANY_PART),
87 	MECHANISM(PKCS11_CKM_SHA256, PKCS11_CKFM_DIGEST, ANY_PART),
88 	MECHANISM(PKCS11_CKM_SHA384, PKCS11_CKFM_DIGEST, ANY_PART),
89 	MECHANISM(PKCS11_CKM_SHA512, PKCS11_CKFM_DIGEST, ANY_PART),
90 	/* HMAC */
91 	MECHANISM(PKCS11_CKM_MD5_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART),
92 	MECHANISM(PKCS11_CKM_SHA_1_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART),
93 	MECHANISM(PKCS11_CKM_SHA224_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART),
94 	MECHANISM(PKCS11_CKM_SHA256_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART),
95 	MECHANISM(PKCS11_CKM_SHA384_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART),
96 	MECHANISM(PKCS11_CKM_SHA512_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART),
97 	/* EC */
98 	MECHANISM(PKCS11_CKM_EC_KEY_PAIR_GEN, PKCS11_CKFM_GENERATE_KEY_PAIR,
99 		  ANY_PART),
100 	MECHANISM(PKCS11_CKM_ECDSA, CKFM_AUTH_NO_RECOVER, SINGLE_PART_ONLY),
101 	MECHANISM(PKCS11_CKM_ECDSA_SHA1, CKFM_AUTH_NO_RECOVER, ANY_PART),
102 	MECHANISM(PKCS11_CKM_ECDSA_SHA224, CKFM_AUTH_NO_RECOVER, ANY_PART),
103 	MECHANISM(PKCS11_CKM_ECDSA_SHA256, CKFM_AUTH_NO_RECOVER, ANY_PART),
104 	MECHANISM(PKCS11_CKM_ECDSA_SHA384, CKFM_AUTH_NO_RECOVER, ANY_PART),
105 	MECHANISM(PKCS11_CKM_ECDSA_SHA512, CKFM_AUTH_NO_RECOVER, ANY_PART),
106 	/* RSA */
107 	MECHANISM(PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN,
108 		  PKCS11_CKFM_GENERATE_KEY_PAIR, ANY_PART),
109 	MECHANISM(PKCS11_CKM_RSA_PKCS, CKFM_CIPHER_WRAP | CKFM_AUTH_NO_RECOVER |
110 		  CKFM_AUTH_WITH_RECOVER, SINGLE_PART_ONLY),
111 	MECHANISM(PKCS11_CKM_MD5_RSA_PKCS, CKFM_AUTH_NO_RECOVER, ANY_PART),
112 	MECHANISM(PKCS11_CKM_SHA1_RSA_PKCS, CKFM_AUTH_NO_RECOVER, ANY_PART),
113 	MECHANISM(PKCS11_CKM_SHA256_RSA_PKCS, CKFM_AUTH_NO_RECOVER, ANY_PART),
114 	MECHANISM(PKCS11_CKM_SHA384_RSA_PKCS, CKFM_AUTH_NO_RECOVER, ANY_PART),
115 	MECHANISM(PKCS11_CKM_SHA512_RSA_PKCS, CKFM_AUTH_NO_RECOVER, ANY_PART),
116 	MECHANISM(PKCS11_CKM_SHA224_RSA_PKCS, CKFM_AUTH_NO_RECOVER, ANY_PART),
117 };
118 
119 #if CFG_TEE_TA_LOG_LEVEL > 0
120 const char *mechanism_string_id(enum pkcs11_mechanism_id id)
121 {
122 	const size_t offset = sizeof("PKCS11_CKM_") - 1;
123 	size_t n = 0;
124 
125 	for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++)
126 		if (pkcs11_modes[n].id == id)
127 			return pkcs11_modes[n].string + offset;
128 
129 	return "Unknown ID";
130 }
131 #endif /*CFG_TEE_TA_LOG_LEVEL*/
132 
133 /*
134  * Return true if @id is a valid mechanism ID
135  */
136 bool mechanism_is_valid(enum pkcs11_mechanism_id id)
137 {
138 	size_t n = 0;
139 
140 	for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++)
141 		if (id == pkcs11_modes[n].id)
142 			return true;
143 
144 	return false;
145 }
146 
147 /*
148  * Return true if mechanism ID is valid and flags matches PKCS#11 compliancy
149  */
150 bool __maybe_unused mechanism_flags_complies_pkcs11(uint32_t mechanism_type,
151 						    uint32_t flags)
152 {
153 	size_t n = 0;
154 
155 	assert((flags & ~ALLOWED_PKCS11_CKFM) == 0);
156 
157 	for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) {
158 		if (pkcs11_modes[n].id == mechanism_type) {
159 			if (flags & ~pkcs11_modes[n].flags)
160 				EMSG("%s flags: 0x%"PRIx32" vs 0x%"PRIx32,
161 				     id2str_mechanism(mechanism_type),
162 				     flags, pkcs11_modes[n].flags);
163 
164 			return (flags & ~pkcs11_modes[n].flags) == 0;
165 		}
166 	}
167 
168 	/* Mechanism ID unexpectedly not found */
169 	return false;
170 }
171 
172 bool mechanism_is_one_shot_only(uint32_t mechanism_type)
173 {
174 	size_t n = 0;
175 
176 	for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++)
177 		if (pkcs11_modes[n].id == mechanism_type)
178 			return pkcs11_modes[n].one_shot;
179 
180 	/* Mechanism ID unexpectedly not found */
181 	TEE_Panic(PKCS11_RV_NOT_FOUND);
182 	/* Dummy return to keep compiler happy */
183 	return false;
184 }
185 
186 /*
187  * Field single_part_only is unused from array token_mechanism[], hence
188  * simply use ANY_PART for all mechanism there.
189  */
190 #define TA_MECHANISM(_label, _flags)	MECHANISM((_label), (_flags), ANY_PART)
191 
192 /*
193  * Arrays that centralizes the IDs and processing flags for mechanisms
194  * supported by each embedded token.
195  */
196 const struct pkcs11_mechachism_modes token_mechanism[] = {
197 	TA_MECHANISM(PKCS11_CKM_AES_ECB, CKFM_CIPHER_WRAP),
198 	TA_MECHANISM(PKCS11_CKM_AES_CBC, CKFM_CIPHER_WRAP),
199 	TA_MECHANISM(PKCS11_CKM_AES_CBC_PAD, CKFM_CIPHER),
200 	TA_MECHANISM(PKCS11_CKM_AES_CTR, CKFM_CIPHER),
201 	TA_MECHANISM(PKCS11_CKM_AES_CTS, CKFM_CIPHER),
202 	TA_MECHANISM(PKCS11_CKM_AES_ECB_ENCRYPT_DATA, PKCS11_CKFM_DERIVE),
203 	TA_MECHANISM(PKCS11_CKM_AES_CBC_ENCRYPT_DATA, PKCS11_CKFM_DERIVE),
204 	TA_MECHANISM(PKCS11_CKM_AES_KEY_GEN, PKCS11_CKFM_GENERATE),
205 	TA_MECHANISM(PKCS11_CKM_GENERIC_SECRET_KEY_GEN, PKCS11_CKFM_GENERATE),
206 	TA_MECHANISM(PKCS11_CKM_MD5, PKCS11_CKFM_DIGEST),
207 	TA_MECHANISM(PKCS11_CKM_SHA_1, PKCS11_CKFM_DIGEST),
208 	TA_MECHANISM(PKCS11_CKM_SHA224, PKCS11_CKFM_DIGEST),
209 	TA_MECHANISM(PKCS11_CKM_SHA256, PKCS11_CKFM_DIGEST),
210 	TA_MECHANISM(PKCS11_CKM_SHA384, PKCS11_CKFM_DIGEST),
211 	TA_MECHANISM(PKCS11_CKM_SHA512, PKCS11_CKFM_DIGEST),
212 	TA_MECHANISM(PKCS11_CKM_MD5_HMAC, CKFM_AUTH_NO_RECOVER),
213 	TA_MECHANISM(PKCS11_CKM_SHA_1_HMAC, CKFM_AUTH_NO_RECOVER),
214 	TA_MECHANISM(PKCS11_CKM_SHA224_HMAC, CKFM_AUTH_NO_RECOVER),
215 	TA_MECHANISM(PKCS11_CKM_SHA256_HMAC, CKFM_AUTH_NO_RECOVER),
216 	TA_MECHANISM(PKCS11_CKM_SHA384_HMAC, CKFM_AUTH_NO_RECOVER),
217 	TA_MECHANISM(PKCS11_CKM_SHA512_HMAC, CKFM_AUTH_NO_RECOVER),
218 	TA_MECHANISM(PKCS11_CKM_EC_KEY_PAIR_GEN,
219 		     PKCS11_CKFM_GENERATE_KEY_PAIR),
220 	TA_MECHANISM(PKCS11_CKM_ECDSA, CKFM_AUTH_NO_RECOVER),
221 	TA_MECHANISM(PKCS11_CKM_ECDSA_SHA1, CKFM_AUTH_NO_RECOVER),
222 	TA_MECHANISM(PKCS11_CKM_ECDSA_SHA224, CKFM_AUTH_NO_RECOVER),
223 	TA_MECHANISM(PKCS11_CKM_ECDSA_SHA256, CKFM_AUTH_NO_RECOVER),
224 	TA_MECHANISM(PKCS11_CKM_ECDSA_SHA384, CKFM_AUTH_NO_RECOVER),
225 	TA_MECHANISM(PKCS11_CKM_ECDSA_SHA512, CKFM_AUTH_NO_RECOVER),
226 	TA_MECHANISM(PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN,
227 		     PKCS11_CKFM_GENERATE_KEY_PAIR),
228 	TA_MECHANISM(PKCS11_CKM_RSA_PKCS, CKFM_CIPHER | CKFM_AUTH_NO_RECOVER),
229 	TA_MECHANISM(PKCS11_CKM_MD5_RSA_PKCS, CKFM_AUTH_NO_RECOVER),
230 	TA_MECHANISM(PKCS11_CKM_SHA1_RSA_PKCS, CKFM_AUTH_NO_RECOVER),
231 	TA_MECHANISM(PKCS11_CKM_SHA256_RSA_PKCS, CKFM_AUTH_NO_RECOVER),
232 	TA_MECHANISM(PKCS11_CKM_SHA384_RSA_PKCS, CKFM_AUTH_NO_RECOVER),
233 	TA_MECHANISM(PKCS11_CKM_SHA512_RSA_PKCS, CKFM_AUTH_NO_RECOVER),
234 	TA_MECHANISM(PKCS11_CKM_SHA224_RSA_PKCS, CKFM_AUTH_NO_RECOVER),
235 };
236 
237 /*
238  * tee_malloc_mechanism_array - Allocate and fill array of supported mechanisms
239  * @count: [in] [out] Pointer to number of mechanism IDs in client resource
240  * Return allocated array of the supported mechanism IDs
241  *
242  * Allocates array with 32bit cells mechanism IDs for the supported ones only
243  * if *@count covers number mechanism IDs exposed.
244  */
245 uint32_t *tee_malloc_mechanism_list(size_t *out_count)
246 {
247 	size_t n = 0;
248 	size_t count = 0;
249 	uint32_t *array = NULL;
250 
251 	for (n = 0; n < ARRAY_SIZE(token_mechanism); n++)
252 		if (token_mechanism[n].flags)
253 			count++;
254 
255 	if (*out_count >= count)
256 		array = TEE_Malloc(count * sizeof(*array),
257 				   TEE_USER_MEM_HINT_NO_FILL_ZERO);
258 
259 	*out_count = count;
260 
261 	if (!array)
262 		return NULL;
263 
264 	for (n = 0; n < ARRAY_SIZE(token_mechanism); n++) {
265 		if (token_mechanism[n].flags) {
266 			count--;
267 			array[count] = token_mechanism[n].id;
268 		}
269 	}
270 	assert(!count);
271 
272 	return array;
273 }
274 
275 uint32_t mechanism_supported_flags(enum pkcs11_mechanism_id id)
276 {
277 	size_t n = 0;
278 
279 	for (n = 0; n < ARRAY_SIZE(token_mechanism); n++) {
280 		if (id == token_mechanism[n].id) {
281 			uint32_t flags = token_mechanism[n].flags;
282 
283 			assert(mechanism_flags_complies_pkcs11(id, flags));
284 			return flags;
285 		}
286 	}
287 
288 	return 0;
289 }
290 
291 void pkcs11_mechanism_supported_key_sizes(uint32_t proc_id,
292 					  uint32_t *min_key_size,
293 					  uint32_t *max_key_size)
294 {
295 	switch (proc_id) {
296 	case PKCS11_CKM_GENERIC_SECRET_KEY_GEN:
297 		/* This mechanism expects the keysize to be returned in bits */
298 		*min_key_size = 1;		/* in bits */
299 		*max_key_size = 4096;		/* in bits */
300 		break;
301 	case PKCS11_CKM_MD5_HMAC:
302 		*min_key_size = 8;
303 		*max_key_size = 64;
304 		break;
305 	case PKCS11_CKM_SHA_1_HMAC:
306 		*min_key_size = 10;
307 		*max_key_size = 64;
308 		break;
309 	case PKCS11_CKM_SHA224_HMAC:
310 		*min_key_size = 14;
311 		*max_key_size = 64;
312 		break;
313 	case PKCS11_CKM_SHA256_HMAC:
314 		*min_key_size = 24;
315 		*max_key_size = 128;
316 		break;
317 	case PKCS11_CKM_SHA384_HMAC:
318 		*min_key_size = 32;
319 		*max_key_size = 128;
320 		break;
321 	case PKCS11_CKM_SHA512_HMAC:
322 		*min_key_size = 32;
323 		*max_key_size = 128;
324 		break;
325 	case PKCS11_CKM_AES_KEY_GEN:
326 	case PKCS11_CKM_AES_ECB:
327 	case PKCS11_CKM_AES_CBC:
328 	case PKCS11_CKM_AES_CBC_PAD:
329 	case PKCS11_CKM_AES_CTR:
330 	case PKCS11_CKM_AES_CTS:
331 		*min_key_size = 16;
332 		*max_key_size = 32;
333 		break;
334 	case PKCS11_CKM_EC_KEY_PAIR_GEN:
335 	case PKCS11_CKM_ECDSA:
336 	case PKCS11_CKM_ECDSA_SHA1:
337 	case PKCS11_CKM_ECDSA_SHA224:
338 	case PKCS11_CKM_ECDSA_SHA256:
339 	case PKCS11_CKM_ECDSA_SHA384:
340 	case PKCS11_CKM_ECDSA_SHA512:
341 		*min_key_size = 160;	/* in bits */
342 		*max_key_size = 521;	/* in bits */
343 		break;
344 	case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN:
345 	case PKCS11_CKM_RSA_PKCS:
346 	case PKCS11_CKM_MD5_RSA_PKCS:
347 	case PKCS11_CKM_SHA1_RSA_PKCS:
348 	case PKCS11_CKM_SHA256_RSA_PKCS:
349 	case PKCS11_CKM_SHA384_RSA_PKCS:
350 	case PKCS11_CKM_SHA512_RSA_PKCS:
351 	case PKCS11_CKM_SHA224_RSA_PKCS:
352 		*min_key_size = 256;	/* in bits */
353 		*max_key_size = 4096;	/* in bits */
354 		break;
355 	default:
356 		*min_key_size = 0;
357 		*max_key_size = 0;
358 		break;
359 	}
360 }
361 
362 void mechanism_supported_key_sizes_bytes(uint32_t proc_id,
363 					 uint32_t *min_key_size,
364 					 uint32_t *max_key_size)
365 {
366 	pkcs11_mechanism_supported_key_sizes(proc_id, min_key_size,
367 					     max_key_size);
368 
369 	switch (proc_id) {
370 	case PKCS11_CKM_GENERIC_SECRET_KEY_GEN:
371 	case PKCS11_CKM_EC_KEY_PAIR_GEN:
372 	case PKCS11_CKM_ECDSA:
373 	case PKCS11_CKM_ECDSA_SHA1:
374 	case PKCS11_CKM_ECDSA_SHA224:
375 	case PKCS11_CKM_ECDSA_SHA256:
376 	case PKCS11_CKM_ECDSA_SHA384:
377 	case PKCS11_CKM_ECDSA_SHA512:
378 	case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN:
379 		/* Size is in bits -> convert to bytes and ceil */
380 		*min_key_size = ROUNDUP(*min_key_size, 8) / 8;
381 		*max_key_size = ROUNDUP(*max_key_size, 8) / 8;
382 		break;
383 	default:
384 		/* Size is already in bytes */
385 		break;
386 	}
387 }
388