1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017-2020, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <pkcs11_ta.h> 8 #include <string.h> 9 #include <util.h> 10 #include <tee_api.h> 11 #include <tee_internal_api_extensions.h> 12 13 #include "pkcs11_helpers.h" 14 #include "token_capabilities.h" 15 16 #define ALLOWED_PKCS11_CKFM \ 17 (PKCS11_CKFM_ENCRYPT | PKCS11_CKFM_DECRYPT | \ 18 PKCS11_CKFM_DERIVE | PKCS11_CKFM_DIGEST | \ 19 PKCS11_CKFM_SIGN | PKCS11_CKFM_SIGN_RECOVER | \ 20 PKCS11_CKFM_VERIFY | PKCS11_CKFM_VERIFY_RECOVER | \ 21 PKCS11_CKFM_GENERATE | PKCS11_CKFM_GENERATE_KEY_PAIR | \ 22 PKCS11_CKFM_WRAP | PKCS11_CKFM_UNWRAP) 23 24 /* 25 * Definition of supported processings for a PKCS#11 mechanisms 26 * @id: Mechanism ID 27 * @flags: Valid PKCS11_CKFM_* for a mechanism as per PKCS#11 28 * @one_shot: true of mechanism can be used for a one-short processing 29 * @string: Helper string of the mechanism ID for debug purpose 30 */ 31 struct pkcs11_mechachism_modes { 32 uint32_t id; 33 uint32_t flags; 34 bool one_shot; 35 #if CFG_TEE_TA_LOG_LEVEL > 0 36 const char *string; 37 #endif 38 }; 39 40 #if CFG_TEE_TA_LOG_LEVEL > 0 41 #define MECHANISM(_label, _flags, _single_part) \ 42 { \ 43 .id = _label, \ 44 .one_shot = (_single_part), \ 45 .flags = (_flags), \ 46 .string = #_label, \ 47 } 48 #else 49 #define MECHANISM(_label, _flags, _single_part) \ 50 { \ 51 .id = _label, \ 52 .one_shot = (_single_part), \ 53 .flags = (_flags), \ 54 } 55 #endif 56 57 #define SINGLE_PART_ONLY true 58 #define ANY_PART false 59 60 #define CKFM_CIPHER (PKCS11_CKFM_ENCRYPT | PKCS11_CKFM_DECRYPT) 61 #define CKFM_WRAP_UNWRAP (PKCS11_CKFM_WRAP | PKCS11_CKFM_UNWRAP) 62 #define CKFM_CIPHER_WRAP (CKFM_CIPHER | CKFM_WRAP_UNWRAP) 63 #define CKFM_CIPHER_WRAP_DERIVE (CKFM_CIPHER_WRAP | PKCS11_CKFM_DERIVE) 64 #define CKFM_AUTH_NO_RECOVER (PKCS11_CKFM_SIGN | PKCS11_CKFM_VERIFY) 65 #define CKFM_AUTH_WITH_RECOVER (PKCS11_CKFM_SIGN_RECOVER | \ 66 PKCS11_CKFM_VERIFY_RECOVER) 67 68 /* PKCS#11 specificies permitted operation for each mechanism */ 69 static const struct pkcs11_mechachism_modes pkcs11_modes[] = { 70 /* AES */ 71 MECHANISM(PKCS11_CKM_AES_ECB, CKFM_CIPHER_WRAP, ANY_PART), 72 MECHANISM(PKCS11_CKM_AES_CBC, CKFM_CIPHER_WRAP, ANY_PART), 73 MECHANISM(PKCS11_CKM_AES_CBC_PAD, CKFM_CIPHER_WRAP, ANY_PART), 74 MECHANISM(PKCS11_CKM_AES_CTS, CKFM_CIPHER_WRAP, ANY_PART), 75 MECHANISM(PKCS11_CKM_AES_CTR, CKFM_CIPHER_WRAP, ANY_PART), 76 MECHANISM(PKCS11_CKM_AES_ECB_ENCRYPT_DATA, PKCS11_CKFM_DERIVE, 77 ANY_PART), 78 MECHANISM(PKCS11_CKM_AES_CBC_ENCRYPT_DATA, PKCS11_CKFM_DERIVE, 79 ANY_PART), 80 MECHANISM(PKCS11_CKM_AES_KEY_GEN, PKCS11_CKFM_GENERATE, ANY_PART), 81 MECHANISM(PKCS11_CKM_GENERIC_SECRET_KEY_GEN, PKCS11_CKFM_GENERATE, 82 ANY_PART), 83 /* Digest */ 84 MECHANISM(PKCS11_CKM_MD5, PKCS11_CKFM_DIGEST, ANY_PART), 85 MECHANISM(PKCS11_CKM_SHA_1, PKCS11_CKFM_DIGEST, ANY_PART), 86 MECHANISM(PKCS11_CKM_SHA224, PKCS11_CKFM_DIGEST, ANY_PART), 87 MECHANISM(PKCS11_CKM_SHA256, PKCS11_CKFM_DIGEST, ANY_PART), 88 MECHANISM(PKCS11_CKM_SHA384, PKCS11_CKFM_DIGEST, ANY_PART), 89 MECHANISM(PKCS11_CKM_SHA512, PKCS11_CKFM_DIGEST, ANY_PART), 90 /* HMAC */ 91 MECHANISM(PKCS11_CKM_MD5_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 92 MECHANISM(PKCS11_CKM_SHA_1_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 93 MECHANISM(PKCS11_CKM_SHA224_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 94 MECHANISM(PKCS11_CKM_SHA256_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 95 MECHANISM(PKCS11_CKM_SHA384_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 96 MECHANISM(PKCS11_CKM_SHA512_HMAC, CKFM_AUTH_NO_RECOVER, ANY_PART), 97 /* EC */ 98 MECHANISM(PKCS11_CKM_EC_KEY_PAIR_GEN, PKCS11_CKFM_GENERATE_KEY_PAIR, 99 ANY_PART), 100 MECHANISM(PKCS11_CKM_ECDSA, CKFM_AUTH_NO_RECOVER, SINGLE_PART_ONLY), 101 MECHANISM(PKCS11_CKM_ECDSA_SHA1, CKFM_AUTH_NO_RECOVER, ANY_PART), 102 MECHANISM(PKCS11_CKM_ECDSA_SHA224, CKFM_AUTH_NO_RECOVER, ANY_PART), 103 MECHANISM(PKCS11_CKM_ECDSA_SHA256, CKFM_AUTH_NO_RECOVER, ANY_PART), 104 MECHANISM(PKCS11_CKM_ECDSA_SHA384, CKFM_AUTH_NO_RECOVER, ANY_PART), 105 MECHANISM(PKCS11_CKM_ECDSA_SHA512, CKFM_AUTH_NO_RECOVER, ANY_PART), 106 /* RSA */ 107 MECHANISM(PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN, 108 PKCS11_CKFM_GENERATE_KEY_PAIR, ANY_PART), 109 }; 110 111 #if CFG_TEE_TA_LOG_LEVEL > 0 112 const char *mechanism_string_id(enum pkcs11_mechanism_id id) 113 { 114 const size_t offset = sizeof("PKCS11_CKM_") - 1; 115 size_t n = 0; 116 117 for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) 118 if (pkcs11_modes[n].id == id) 119 return pkcs11_modes[n].string + offset; 120 121 return "Unknown ID"; 122 } 123 #endif /*CFG_TEE_TA_LOG_LEVEL*/ 124 125 /* 126 * Return true if @id is a valid mechanism ID 127 */ 128 bool mechanism_is_valid(enum pkcs11_mechanism_id id) 129 { 130 size_t n = 0; 131 132 for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) 133 if (id == pkcs11_modes[n].id) 134 return true; 135 136 return false; 137 } 138 139 /* 140 * Return true if mechanism ID is valid and flags matches PKCS#11 compliancy 141 */ 142 bool __maybe_unused mechanism_flags_complies_pkcs11(uint32_t mechanism_type, 143 uint32_t flags) 144 { 145 size_t n = 0; 146 147 assert((flags & ~ALLOWED_PKCS11_CKFM) == 0); 148 149 for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) { 150 if (pkcs11_modes[n].id == mechanism_type) { 151 if (flags & ~pkcs11_modes[n].flags) 152 EMSG("%s flags: 0x%"PRIx32" vs 0x%"PRIx32, 153 id2str_mechanism(mechanism_type), 154 flags, pkcs11_modes[n].flags); 155 156 return (flags & ~pkcs11_modes[n].flags) == 0; 157 } 158 } 159 160 /* Mechanism ID unexpectedly not found */ 161 return false; 162 } 163 164 bool mechanism_is_one_shot_only(uint32_t mechanism_type) 165 { 166 size_t n = 0; 167 168 for (n = 0; n < ARRAY_SIZE(pkcs11_modes); n++) 169 if (pkcs11_modes[n].id == mechanism_type) 170 return pkcs11_modes[n].one_shot; 171 172 /* Mechanism ID unexpectedly not found */ 173 TEE_Panic(PKCS11_RV_NOT_FOUND); 174 /* Dummy return to keep compiler happy */ 175 return false; 176 } 177 178 /* 179 * Field single_part_only is unused from array token_mechanism[], hence 180 * simply use ANY_PART for all mechanism there. 181 */ 182 #define TA_MECHANISM(_label, _flags) MECHANISM((_label), (_flags), ANY_PART) 183 184 /* 185 * Arrays that centralizes the IDs and processing flags for mechanisms 186 * supported by each embedded token. 187 */ 188 const struct pkcs11_mechachism_modes token_mechanism[] = { 189 TA_MECHANISM(PKCS11_CKM_AES_ECB, CKFM_CIPHER_WRAP), 190 TA_MECHANISM(PKCS11_CKM_AES_CBC, CKFM_CIPHER_WRAP), 191 TA_MECHANISM(PKCS11_CKM_AES_CBC_PAD, CKFM_CIPHER), 192 TA_MECHANISM(PKCS11_CKM_AES_CTR, CKFM_CIPHER), 193 TA_MECHANISM(PKCS11_CKM_AES_CTS, CKFM_CIPHER), 194 TA_MECHANISM(PKCS11_CKM_AES_ECB_ENCRYPT_DATA, PKCS11_CKFM_DERIVE), 195 TA_MECHANISM(PKCS11_CKM_AES_CBC_ENCRYPT_DATA, PKCS11_CKFM_DERIVE), 196 TA_MECHANISM(PKCS11_CKM_AES_KEY_GEN, PKCS11_CKFM_GENERATE), 197 TA_MECHANISM(PKCS11_CKM_GENERIC_SECRET_KEY_GEN, PKCS11_CKFM_GENERATE), 198 TA_MECHANISM(PKCS11_CKM_MD5, PKCS11_CKFM_DIGEST), 199 TA_MECHANISM(PKCS11_CKM_SHA_1, PKCS11_CKFM_DIGEST), 200 TA_MECHANISM(PKCS11_CKM_SHA224, PKCS11_CKFM_DIGEST), 201 TA_MECHANISM(PKCS11_CKM_SHA256, PKCS11_CKFM_DIGEST), 202 TA_MECHANISM(PKCS11_CKM_SHA384, PKCS11_CKFM_DIGEST), 203 TA_MECHANISM(PKCS11_CKM_SHA512, PKCS11_CKFM_DIGEST), 204 TA_MECHANISM(PKCS11_CKM_MD5_HMAC, CKFM_AUTH_NO_RECOVER), 205 TA_MECHANISM(PKCS11_CKM_SHA_1_HMAC, CKFM_AUTH_NO_RECOVER), 206 TA_MECHANISM(PKCS11_CKM_SHA224_HMAC, CKFM_AUTH_NO_RECOVER), 207 TA_MECHANISM(PKCS11_CKM_SHA256_HMAC, CKFM_AUTH_NO_RECOVER), 208 TA_MECHANISM(PKCS11_CKM_SHA384_HMAC, CKFM_AUTH_NO_RECOVER), 209 TA_MECHANISM(PKCS11_CKM_SHA512_HMAC, CKFM_AUTH_NO_RECOVER), 210 TA_MECHANISM(PKCS11_CKM_EC_KEY_PAIR_GEN, 211 PKCS11_CKFM_GENERATE_KEY_PAIR), 212 TA_MECHANISM(PKCS11_CKM_ECDSA, CKFM_AUTH_NO_RECOVER), 213 TA_MECHANISM(PKCS11_CKM_ECDSA_SHA1, CKFM_AUTH_NO_RECOVER), 214 TA_MECHANISM(PKCS11_CKM_ECDSA_SHA224, CKFM_AUTH_NO_RECOVER), 215 TA_MECHANISM(PKCS11_CKM_ECDSA_SHA256, CKFM_AUTH_NO_RECOVER), 216 TA_MECHANISM(PKCS11_CKM_ECDSA_SHA384, CKFM_AUTH_NO_RECOVER), 217 TA_MECHANISM(PKCS11_CKM_ECDSA_SHA512, CKFM_AUTH_NO_RECOVER), 218 TA_MECHANISM(PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN, 219 PKCS11_CKFM_GENERATE_KEY_PAIR), 220 }; 221 222 /* 223 * tee_malloc_mechanism_array - Allocate and fill array of supported mechanisms 224 * @count: [in] [out] Pointer to number of mechanism IDs in client resource 225 * Return allocated array of the supported mechanism IDs 226 * 227 * Allocates array with 32bit cells mechanism IDs for the supported ones only 228 * if *@count covers number mechanism IDs exposed. 229 */ 230 uint32_t *tee_malloc_mechanism_list(size_t *out_count) 231 { 232 size_t n = 0; 233 size_t count = 0; 234 uint32_t *array = NULL; 235 236 for (n = 0; n < ARRAY_SIZE(token_mechanism); n++) 237 if (token_mechanism[n].flags) 238 count++; 239 240 if (*out_count >= count) 241 array = TEE_Malloc(count * sizeof(*array), 242 TEE_USER_MEM_HINT_NO_FILL_ZERO); 243 244 *out_count = count; 245 246 if (!array) 247 return NULL; 248 249 for (n = 0; n < ARRAY_SIZE(token_mechanism); n++) { 250 if (token_mechanism[n].flags) { 251 count--; 252 array[count] = token_mechanism[n].id; 253 } 254 } 255 assert(!count); 256 257 return array; 258 } 259 260 uint32_t mechanism_supported_flags(enum pkcs11_mechanism_id id) 261 { 262 size_t n = 0; 263 264 for (n = 0; n < ARRAY_SIZE(token_mechanism); n++) { 265 if (id == token_mechanism[n].id) { 266 uint32_t flags = token_mechanism[n].flags; 267 268 assert(mechanism_flags_complies_pkcs11(id, flags)); 269 return flags; 270 } 271 } 272 273 return 0; 274 } 275 276 void pkcs11_mechanism_supported_key_sizes(uint32_t proc_id, 277 uint32_t *min_key_size, 278 uint32_t *max_key_size) 279 { 280 switch (proc_id) { 281 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN: 282 /* This mechanism expects the keysize to be returned in bits */ 283 *min_key_size = 1; /* in bits */ 284 *max_key_size = 4096; /* in bits */ 285 break; 286 case PKCS11_CKM_MD5_HMAC: 287 *min_key_size = 8; 288 *max_key_size = 64; 289 break; 290 case PKCS11_CKM_SHA_1_HMAC: 291 *min_key_size = 10; 292 *max_key_size = 64; 293 break; 294 case PKCS11_CKM_SHA224_HMAC: 295 *min_key_size = 14; 296 *max_key_size = 64; 297 break; 298 case PKCS11_CKM_SHA256_HMAC: 299 *min_key_size = 24; 300 *max_key_size = 128; 301 break; 302 case PKCS11_CKM_SHA384_HMAC: 303 *min_key_size = 32; 304 *max_key_size = 128; 305 break; 306 case PKCS11_CKM_SHA512_HMAC: 307 *min_key_size = 32; 308 *max_key_size = 128; 309 break; 310 case PKCS11_CKM_AES_KEY_GEN: 311 case PKCS11_CKM_AES_ECB: 312 case PKCS11_CKM_AES_CBC: 313 case PKCS11_CKM_AES_CBC_PAD: 314 case PKCS11_CKM_AES_CTR: 315 case PKCS11_CKM_AES_CTS: 316 *min_key_size = 16; 317 *max_key_size = 32; 318 break; 319 case PKCS11_CKM_EC_KEY_PAIR_GEN: 320 case PKCS11_CKM_ECDSA: 321 case PKCS11_CKM_ECDSA_SHA1: 322 case PKCS11_CKM_ECDSA_SHA224: 323 case PKCS11_CKM_ECDSA_SHA256: 324 case PKCS11_CKM_ECDSA_SHA384: 325 case PKCS11_CKM_ECDSA_SHA512: 326 *min_key_size = 160; /* in bits */ 327 *max_key_size = 521; /* in bits */ 328 break; 329 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN: 330 *min_key_size = 256; /* in bits */ 331 *max_key_size = 4096; /* in bits */ 332 break; 333 default: 334 *min_key_size = 0; 335 *max_key_size = 0; 336 break; 337 } 338 } 339 340 void mechanism_supported_key_sizes_bytes(uint32_t proc_id, 341 uint32_t *min_key_size, 342 uint32_t *max_key_size) 343 { 344 pkcs11_mechanism_supported_key_sizes(proc_id, min_key_size, 345 max_key_size); 346 347 switch (proc_id) { 348 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN: 349 case PKCS11_CKM_EC_KEY_PAIR_GEN: 350 case PKCS11_CKM_ECDSA: 351 case PKCS11_CKM_ECDSA_SHA1: 352 case PKCS11_CKM_ECDSA_SHA224: 353 case PKCS11_CKM_ECDSA_SHA256: 354 case PKCS11_CKM_ECDSA_SHA384: 355 case PKCS11_CKM_ECDSA_SHA512: 356 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN: 357 /* Size is in bits -> convert to bytes and ceil */ 358 *min_key_size = ROUNDUP(*min_key_size, 8) / 8; 359 *max_key_size = ROUNDUP(*max_key_size, 8) / 8; 360 break; 361 default: 362 /* Size is already in bytes */ 363 break; 364 } 365 } 366