1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2017-2020, Linaro Limited
4 */
5
6 #include <assert.h>
7 #include <inttypes.h>
8 #include <mbedtls/pk.h>
9 #include <pkcs11_ta.h>
10 #include <stdlib.h>
11 #include <string_ext.h>
12 #include <tee_internal_api_extensions.h>
13 #include <tee_internal_api.h>
14 #include <trace.h>
15 #include <util.h>
16
17 #include "attributes.h"
18 #include "handle.h"
19 #include "pkcs11_attributes.h"
20 #include "pkcs11_helpers.h"
21 #include "pkcs11_token.h"
22 #include "sanitize_object.h"
23 #include "serializer.h"
24 #include "token_capabilities.h"
25
pkcs11_func2ckfm(enum processing_func function)26 static uint32_t pkcs11_func2ckfm(enum processing_func function)
27 {
28 switch (function) {
29 case PKCS11_FUNCTION_DIGEST:
30 return PKCS11_CKFM_DIGEST;
31 case PKCS11_FUNCTION_GENERATE:
32 return PKCS11_CKFM_GENERATE;
33 case PKCS11_FUNCTION_GENERATE_PAIR:
34 return PKCS11_CKFM_GENERATE_KEY_PAIR;
35 case PKCS11_FUNCTION_DERIVE:
36 return PKCS11_CKFM_DERIVE;
37 case PKCS11_FUNCTION_WRAP:
38 return PKCS11_CKFM_WRAP;
39 case PKCS11_FUNCTION_UNWRAP:
40 return PKCS11_CKFM_UNWRAP;
41 case PKCS11_FUNCTION_ENCRYPT:
42 return PKCS11_CKFM_ENCRYPT;
43 case PKCS11_FUNCTION_DECRYPT:
44 return PKCS11_CKFM_DECRYPT;
45 case PKCS11_FUNCTION_SIGN:
46 return PKCS11_CKFM_SIGN;
47 case PKCS11_FUNCTION_VERIFY:
48 return PKCS11_CKFM_VERIFY;
49 case PKCS11_FUNCTION_SIGN_RECOVER:
50 return PKCS11_CKFM_SIGN_RECOVER;
51 case PKCS11_FUNCTION_VERIFY_RECOVER:
52 return PKCS11_CKFM_VERIFY_RECOVER;
53 default:
54 return 0;
55 }
56 }
57
58 enum pkcs11_rc
check_mechanism_against_processing(struct pkcs11_session * session,enum pkcs11_mechanism_id mechanism_type,enum processing_func function,enum processing_step step)59 check_mechanism_against_processing(struct pkcs11_session *session,
60 enum pkcs11_mechanism_id mechanism_type,
61 enum processing_func function,
62 enum processing_step step)
63 {
64 bool allowed = false;
65
66 switch (step) {
67 case PKCS11_FUNC_STEP_INIT:
68 switch (function) {
69 case PKCS11_FUNCTION_IMPORT:
70 case PKCS11_FUNCTION_COPY:
71 case PKCS11_FUNCTION_MODIFY:
72 case PKCS11_FUNCTION_DESTROY:
73 return PKCS11_CKR_OK;
74 default:
75 break;
76 }
77 /*
78 * Check that the returned PKCS11_CKFM_* flag from
79 * pkcs11_func2ckfm() is among the ones from
80 * mechanism_supported_flags().
81 */
82 allowed = mechanism_supported_flags(mechanism_type) &
83 pkcs11_func2ckfm(function);
84 break;
85
86 case PKCS11_FUNC_STEP_ONESHOT:
87 if (session->processing->always_authen &&
88 !session->processing->relogged)
89 return PKCS11_CKR_USER_NOT_LOGGED_IN;
90
91 if (session->processing->step == PKCS11_FUNC_STEP_UPDATE ||
92 session->processing->step == PKCS11_FUNC_STEP_FINAL) {
93 EMSG("Cannot perform one-shot on active processing");
94 return PKCS11_CKR_OPERATION_ACTIVE;
95 }
96
97 allowed = true;
98 break;
99
100 case PKCS11_FUNC_STEP_UPDATE:
101 if (session->processing->always_authen &&
102 !session->processing->relogged)
103 return PKCS11_CKR_USER_NOT_LOGGED_IN;
104
105 if (session->processing->step == PKCS11_FUNC_STEP_ONESHOT ||
106 session->processing->step == PKCS11_FUNC_STEP_FINAL) {
107 EMSG("Cannot perform update on finalized processing");
108 return PKCS11_CKR_OPERATION_ACTIVE;
109 }
110
111 allowed = !mechanism_is_one_shot_only(mechanism_type);
112 break;
113
114 case PKCS11_FUNC_STEP_UPDATE_KEY:
115 assert(function == PKCS11_FUNCTION_DIGEST);
116
117 if (session->processing->always_authen &&
118 !session->processing->relogged)
119 return PKCS11_CKR_USER_NOT_LOGGED_IN;
120
121 allowed = true;
122 break;
123
124 case PKCS11_FUNC_STEP_FINAL:
125 if (session->processing->always_authen &&
126 !session->processing->relogged)
127 return PKCS11_CKR_USER_NOT_LOGGED_IN;
128
129 if (session->processing->step == PKCS11_FUNC_STEP_ONESHOT) {
130 EMSG("Cannot perform final on oneshot processing");
131 return PKCS11_CKR_OPERATION_ACTIVE;
132 }
133 return PKCS11_CKR_OK;
134
135 default:
136 TEE_Panic(step);
137 break;
138 }
139
140 if (!allowed) {
141 EMSG("Processing %#x/%s not permitted (%u/%u)",
142 (unsigned int)mechanism_type, id2str_proc(mechanism_type),
143 function, step);
144 return PKCS11_CKR_MECHANISM_INVALID;
145 }
146
147 return PKCS11_CKR_OK;
148 }
149
150 /*
151 * Object default boolean attributes as per PKCS#11
152 */
pkcs11_object_default_boolprop(uint32_t attribute)153 static uint8_t *pkcs11_object_default_boolprop(uint32_t attribute)
154 {
155 static const uint8_t bool_true = 1;
156 static const uint8_t bool_false;
157
158 switch (attribute) {
159 /* As per PKCS#11 default value */
160 case PKCS11_CKA_MODIFIABLE:
161 case PKCS11_CKA_COPYABLE:
162 case PKCS11_CKA_DESTROYABLE:
163 return (uint8_t *)&bool_true;
164 case PKCS11_CKA_TOKEN:
165 case PKCS11_CKA_PRIVATE:
166 case PKCS11_CKA_WRAP_WITH_TRUSTED:
167 case PKCS11_CKA_ALWAYS_AUTHENTICATE:
168 case PKCS11_CKA_SENSITIVE:
169 return (uint8_t *)&bool_false;
170 /* Token specific default value */
171 case PKCS11_CKA_SIGN:
172 case PKCS11_CKA_VERIFY:
173 case PKCS11_CKA_DERIVE:
174 case PKCS11_CKA_ENCRYPT:
175 case PKCS11_CKA_DECRYPT:
176 case PKCS11_CKA_SIGN_RECOVER:
177 case PKCS11_CKA_VERIFY_RECOVER:
178 case PKCS11_CKA_WRAP:
179 case PKCS11_CKA_UNWRAP:
180 case PKCS11_CKA_EXTRACTABLE:
181 case PKCS11_CKA_TRUSTED:
182 return (uint8_t *)&bool_false;
183 default:
184 DMSG("No default for boolprop attribute %#"PRIx32, attribute);
185 return NULL;
186 }
187 }
188
189 /*
190 * Object expects several boolean attributes to be set to a default value
191 * or to a validate client configuration value. This function append the input
192 * attribute (id/size/value) in the serialized object.
193 */
pkcs11_import_object_boolprop(struct obj_attrs ** out,struct obj_attrs * templ,uint32_t attribute)194 static enum pkcs11_rc pkcs11_import_object_boolprop(struct obj_attrs **out,
195 struct obj_attrs *templ,
196 uint32_t attribute)
197 {
198 enum pkcs11_rc rc = PKCS11_CKR_OK;
199 uint8_t bbool = 0;
200 uint32_t size = sizeof(uint8_t);
201 void *attr = NULL;
202
203 rc = get_attribute(templ, attribute, &bbool, &size);
204 if (rc) {
205 if (rc != PKCS11_RV_NOT_FOUND)
206 return rc;
207 attr = pkcs11_object_default_boolprop(attribute);
208 if (!attr)
209 return PKCS11_CKR_TEMPLATE_INCOMPLETE;
210 } else {
211 attr = &bbool;
212 }
213
214 /* Boolean attributes are 1byte in the ABI, no alignment issue */
215 return add_attribute(out, attribute, attr, sizeof(uint8_t));
216 }
217
set_mandatory_boolprops(struct obj_attrs ** out,struct obj_attrs * temp,uint32_t const * bp,size_t bp_count)218 static enum pkcs11_rc set_mandatory_boolprops(struct obj_attrs **out,
219 struct obj_attrs *temp,
220 uint32_t const *bp,
221 size_t bp_count)
222 {
223 enum pkcs11_rc rc = PKCS11_CKR_OK;
224 size_t n = 0;
225
226 for (n = 0; n < bp_count; n++) {
227 rc = pkcs11_import_object_boolprop(out, temp, bp[n]);
228 if (rc)
229 return rc;
230 }
231
232 return rc;
233 }
234
set_mandatory_attributes(struct obj_attrs ** out,struct obj_attrs * temp,uint32_t const * attrs,size_t attrs_count)235 static enum pkcs11_rc set_mandatory_attributes(struct obj_attrs **out,
236 struct obj_attrs *temp,
237 uint32_t const *attrs,
238 size_t attrs_count)
239 {
240 enum pkcs11_rc rc = PKCS11_CKR_OK;
241 size_t n = 0;
242
243 for (n = 0; n < attrs_count; n++) {
244 uint32_t size = 0;
245 void *value = NULL;
246
247 if (get_attribute_ptr(temp, attrs[n], &value, &size))
248 return PKCS11_CKR_TEMPLATE_INCOMPLETE;
249
250 rc = add_attribute(out, attrs[n], value, size);
251 if (rc)
252 return rc;
253 }
254
255 return rc;
256 }
257
get_default_value(enum pkcs11_attr_id id,void ** value,uint32_t * size)258 static enum pkcs11_rc get_default_value(enum pkcs11_attr_id id, void **value,
259 uint32_t *size)
260 {
261 /* should have been taken care of already */
262 assert(!pkcs11_attr_is_boolean(id));
263
264 /* All other attributes have an empty default value */
265 *value = NULL;
266 *size = 0;
267 return PKCS11_CKR_OK;
268 }
269
set_optional_attributes_with_def(struct obj_attrs ** out,struct obj_attrs * temp,uint32_t const * attrs,size_t attrs_count,bool default_to_null)270 static enum pkcs11_rc set_optional_attributes_with_def(struct obj_attrs **out,
271 struct obj_attrs *temp,
272 uint32_t const *attrs,
273 size_t attrs_count,
274 bool default_to_null)
275 {
276 enum pkcs11_rc rc = PKCS11_CKR_OK;
277 size_t n = 0;
278
279 for (n = 0; n < attrs_count; n++) {
280 uint32_t size = 0;
281 void *value = NULL;
282
283 rc = get_attribute_ptr(temp, attrs[n], &value, &size);
284 if (rc == PKCS11_RV_NOT_FOUND) {
285 if (default_to_null) {
286 rc = get_default_value(attrs[n], &value, &size);
287 } else {
288 rc = PKCS11_CKR_OK;
289 continue;
290 }
291 }
292 if (rc)
293 return rc;
294
295 rc = add_attribute(out, attrs[n], value, size);
296 if (rc)
297 return rc;
298 }
299
300 return rc;
301 }
302
set_attributes_opt_or_null(struct obj_attrs ** out,struct obj_attrs * temp,uint32_t const * attrs,size_t attrs_count)303 static enum pkcs11_rc set_attributes_opt_or_null(struct obj_attrs **out,
304 struct obj_attrs *temp,
305 uint32_t const *attrs,
306 size_t attrs_count)
307 {
308 return set_optional_attributes_with_def(out, temp, attrs, attrs_count,
309 true /* defaults to empty */);
310 }
311
set_optional_attributes(struct obj_attrs ** out,struct obj_attrs * temp,uint32_t const * attrs,size_t attrs_count)312 static enum pkcs11_rc set_optional_attributes(struct obj_attrs **out,
313 struct obj_attrs *temp,
314 uint32_t const *attrs,
315 size_t attrs_count)
316 {
317 return set_optional_attributes_with_def(out, temp, attrs, attrs_count,
318 false /* no default value */);
319 }
320
321 /*
322 * Below are listed the mandated or optional expected attributes for
323 * PKCS#11 storage objects.
324 *
325 * Note: boolprops (mandated boolean attributes) PKCS11_CKA_ALWAYS_SENSITIVE,
326 * and PKCS11_CKA_NEVER_EXTRACTABLE are set by the token, not provided
327 * in the client template.
328 */
329
330 /* PKCS#11 specification for any object (session/token) of the storage */
331 static const uint32_t any_object_boolprops[] = {
332 PKCS11_CKA_TOKEN, PKCS11_CKA_PRIVATE,
333 PKCS11_CKA_MODIFIABLE, PKCS11_CKA_COPYABLE, PKCS11_CKA_DESTROYABLE,
334 };
335
336 static const uint32_t any_object_opt_or_null[] = {
337 PKCS11_CKA_LABEL,
338 };
339
340 /* PKCS#11 specification for raw data object (+any_object_xxx) */
341 const uint32_t raw_data_opt_or_null[] = {
342 PKCS11_CKA_OBJECT_ID, PKCS11_CKA_APPLICATION, PKCS11_CKA_VALUE,
343 };
344
345 /* PKCS#11 specification for certificate object (+pkcs11_any_object_xxx) */
346 static const uint32_t pkcs11_certificate_mandated[] = {
347 PKCS11_CKA_CERTIFICATE_TYPE,
348 };
349
350 static const uint32_t pkcs11_certificate_boolprops[] = {
351 PKCS11_CKA_TRUSTED,
352 };
353
354 static const uint32_t pkcs11_certificate_optional[] = {
355 PKCS11_CKA_CERTIFICATE_CATEGORY, PKCS11_CKA_CHECK_VALUE,
356 PKCS11_CKA_START_DATE, PKCS11_CKA_END_DATE, PKCS11_CKA_PUBLIC_KEY_INFO,
357 };
358
359 /*
360 * PKCS#11 specification for X.509 certificate object (+pkcs11_certificate_xxx)
361 */
362 static const uint32_t pkcs11_x509_certificate_mandated[] = {
363 PKCS11_CKA_SUBJECT,
364 };
365
366 static const uint32_t pkcs11_x509_certificate_optional[] = {
367 PKCS11_CKA_ID, PKCS11_CKA_ISSUER, PKCS11_CKA_SERIAL_NUMBER,
368 PKCS11_CKA_VALUE, PKCS11_CKA_URL,
369 PKCS11_CKA_HASH_OF_SUBJECT_PUBLIC_KEY,
370 PKCS11_CKA_HASH_OF_ISSUER_PUBLIC_KEY,
371 PKCS11_CKA_JAVA_MIDP_SECURITY_DOMAIN, PKCS11_CKA_NAME_HASH_ALGORITHM,
372 };
373
374 /* PKCS#11 specification for any key object (+any_object_xxx) */
375 static const uint32_t any_key_boolprops[] = {
376 PKCS11_CKA_DERIVE,
377 };
378
379 static const uint32_t any_key_opt_or_null[] = {
380 PKCS11_CKA_ID,
381 PKCS11_CKA_START_DATE, PKCS11_CKA_END_DATE,
382 };
383
384 static const uint32_t any_key_optional[] = {
385 PKCS11_CKA_ALLOWED_MECHANISMS,
386 };
387
388 /* PKCS#11 specification for any symmetric key (+any_key_xxx) */
389 static const uint32_t symm_key_boolprops[] = {
390 PKCS11_CKA_ENCRYPT, PKCS11_CKA_DECRYPT,
391 PKCS11_CKA_SIGN, PKCS11_CKA_VERIFY,
392 PKCS11_CKA_WRAP, PKCS11_CKA_UNWRAP,
393 PKCS11_CKA_SENSITIVE, PKCS11_CKA_EXTRACTABLE,
394 PKCS11_CKA_WRAP_WITH_TRUSTED, PKCS11_CKA_TRUSTED,
395 };
396
397 static const uint32_t symm_key_opt_or_null[] = {
398 PKCS11_CKA_WRAP_TEMPLATE, PKCS11_CKA_UNWRAP_TEMPLATE,
399 PKCS11_CKA_DERIVE_TEMPLATE, PKCS11_CKA_VALUE,
400 };
401
402 static const uint32_t symm_key_optional[] = {
403 PKCS11_CKA_VALUE_LEN,
404 };
405
406 /* PKCS#11 specification for any asymmetric public key (+any_key_xxx) */
407 static const uint32_t public_key_boolprops[] = {
408 PKCS11_CKA_ENCRYPT, PKCS11_CKA_VERIFY, PKCS11_CKA_VERIFY_RECOVER,
409 PKCS11_CKA_WRAP,
410 PKCS11_CKA_TRUSTED,
411 };
412
413 static const uint32_t public_key_mandated[] = {
414 };
415
416 static const uint32_t public_key_opt_or_null[] = {
417 PKCS11_CKA_SUBJECT, PKCS11_CKA_WRAP_TEMPLATE,
418 PKCS11_CKA_PUBLIC_KEY_INFO,
419 };
420
421 /* PKCS#11 specification for any asymmetric private key (+any_key_xxx) */
422 static const uint32_t private_key_boolprops[] = {
423 PKCS11_CKA_DECRYPT, PKCS11_CKA_SIGN, PKCS11_CKA_SIGN_RECOVER,
424 PKCS11_CKA_UNWRAP,
425 PKCS11_CKA_SENSITIVE, PKCS11_CKA_EXTRACTABLE,
426 PKCS11_CKA_WRAP_WITH_TRUSTED, PKCS11_CKA_ALWAYS_AUTHENTICATE,
427 };
428
429 static const uint32_t private_key_mandated[] = {
430 };
431
432 static const uint32_t private_key_opt_or_null[] = {
433 PKCS11_CKA_SUBJECT, PKCS11_CKA_UNWRAP_TEMPLATE,
434 PKCS11_CKA_PUBLIC_KEY_INFO,
435 };
436
437 /* PKCS#11 specification for any RSA key (+public/private_key_xxx) */
438 static const uint32_t rsa_pub_key_gen_mand[] = {
439 PKCS11_CKA_MODULUS_BITS,
440 };
441
442 static const uint32_t rsa_pub_key_create_mand[] = {
443 PKCS11_CKA_MODULUS, PKCS11_CKA_PUBLIC_EXPONENT,
444 };
445
446 static const uint32_t rsa_pub_key_gen_opt_or_null[] = {
447 PKCS11_CKA_PUBLIC_EXPONENT,
448 };
449
450 static const uint32_t rsa_priv_key_opt_or_null[] = {
451 PKCS11_CKA_MODULUS, PKCS11_CKA_PUBLIC_EXPONENT,
452 PKCS11_CKA_PRIVATE_EXPONENT,
453 PKCS11_CKA_PRIME_1, PKCS11_CKA_PRIME_2,
454 PKCS11_CKA_EXPONENT_1, PKCS11_CKA_EXPONENT_2, PKCS11_CKA_COEFFICIENT,
455 };
456
457 /* PKCS#11 specification for any EC key (+public/private_key_xxx) */
458 static const uint32_t ec_public_key_mandated[] = {
459 PKCS11_CKA_EC_PARAMS,
460 };
461
462 static const uint32_t ec_public_key_opt_or_null[] = {
463 PKCS11_CKA_EC_POINT,
464 };
465
466 static const uint32_t ec_private_key_mandated[] = {
467 };
468
469 static const uint32_t ec_private_key_opt_or_null[] = {
470 PKCS11_CKA_EC_PARAMS,
471 PKCS11_CKA_VALUE,
472 };
473
474 static const uint32_t eddsa_private_key_opt_or_null[] = {
475 PKCS11_CKA_EC_PARAMS,
476 PKCS11_CKA_VALUE,
477 PKCS11_CKA_EC_POINT,
478 };
479
create_storage_attributes(struct obj_attrs ** out,struct obj_attrs * temp)480 static enum pkcs11_rc create_storage_attributes(struct obj_attrs **out,
481 struct obj_attrs *temp)
482 {
483 enum pkcs11_class_id class = PKCS11_CKO_UNDEFINED_ID;
484 enum pkcs11_rc rc = PKCS11_CKR_OK;
485
486 rc = init_attributes_head(out);
487 if (rc)
488 return rc;
489
490 /* Object class is mandatory */
491 class = get_class(temp);
492 if (class == PKCS11_CKO_UNDEFINED_ID) {
493 EMSG("Class attribute not found");
494
495 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
496 }
497 rc = add_attribute(out, PKCS11_CKA_CLASS, &class, sizeof(uint32_t));
498 if (rc)
499 return rc;
500
501 rc = set_mandatory_boolprops(out, temp, any_object_boolprops,
502 ARRAY_SIZE(any_object_boolprops));
503 if (rc)
504 return rc;
505
506 return set_attributes_opt_or_null(out, temp, any_object_opt_or_null,
507 ARRAY_SIZE(any_object_opt_or_null));
508 }
509
create_genkey_attributes(struct obj_attrs ** out,struct obj_attrs * temp)510 static enum pkcs11_rc create_genkey_attributes(struct obj_attrs **out,
511 struct obj_attrs *temp)
512 {
513 uint32_t type = PKCS11_CKO_UNDEFINED_ID;
514 enum pkcs11_rc rc = PKCS11_CKR_OK;
515
516 rc = create_storage_attributes(out, temp);
517 if (rc)
518 return rc;
519
520 type = get_key_type(temp);
521 if (type == PKCS11_CKK_UNDEFINED_ID) {
522 EMSG("Key type attribute not found");
523
524 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
525 }
526 rc = add_attribute(out, PKCS11_CKA_KEY_TYPE, &type, sizeof(uint32_t));
527 if (rc)
528 return rc;
529
530 rc = set_mandatory_boolprops(out, temp, any_key_boolprops,
531 ARRAY_SIZE(any_key_boolprops));
532 if (rc)
533 return rc;
534
535 rc = set_attributes_opt_or_null(out, temp, any_key_opt_or_null,
536 ARRAY_SIZE(any_key_opt_or_null));
537 if (rc)
538 return rc;
539
540 return set_optional_attributes(out, temp, any_key_optional,
541 ARRAY_SIZE(any_key_optional));
542
543 }
544
create_symm_key_attributes(struct obj_attrs ** out,struct obj_attrs * temp)545 static enum pkcs11_rc create_symm_key_attributes(struct obj_attrs **out,
546 struct obj_attrs *temp)
547 {
548 enum pkcs11_rc rc = PKCS11_CKR_OK;
549
550 assert(get_class(temp) == PKCS11_CKO_SECRET_KEY);
551
552 rc = create_genkey_attributes(out, temp);
553 if (rc)
554 return rc;
555
556 assert(get_class(*out) == PKCS11_CKO_SECRET_KEY);
557
558 switch (get_key_type(*out)) {
559 case PKCS11_CKK_GENERIC_SECRET:
560 case PKCS11_CKK_AES:
561 case PKCS11_CKK_MD5_HMAC:
562 case PKCS11_CKK_SHA_1_HMAC:
563 case PKCS11_CKK_SHA256_HMAC:
564 case PKCS11_CKK_SHA384_HMAC:
565 case PKCS11_CKK_SHA512_HMAC:
566 case PKCS11_CKK_SHA224_HMAC:
567 break;
568 default:
569 EMSG("Invalid key type %#"PRIx32"/%s",
570 get_key_type(*out), id2str_key_type(get_key_type(*out)));
571
572 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
573 }
574
575 rc = set_mandatory_boolprops(out, temp, symm_key_boolprops,
576 ARRAY_SIZE(symm_key_boolprops));
577 if (rc)
578 return rc;
579
580 rc = set_attributes_opt_or_null(out, temp, symm_key_opt_or_null,
581 ARRAY_SIZE(symm_key_opt_or_null));
582 if (rc)
583 return rc;
584
585 return set_optional_attributes(out, temp, symm_key_optional,
586 ARRAY_SIZE(symm_key_optional));
587 }
588
create_data_attributes(struct obj_attrs ** out,struct obj_attrs * temp)589 static enum pkcs11_rc create_data_attributes(struct obj_attrs **out,
590 struct obj_attrs *temp)
591 {
592 enum pkcs11_rc rc = PKCS11_CKR_OK;
593
594 assert(get_class(temp) == PKCS11_CKO_DATA);
595
596 rc = create_storage_attributes(out, temp);
597 if (rc)
598 return rc;
599
600 assert(get_class(*out) == PKCS11_CKO_DATA);
601
602 return set_attributes_opt_or_null(out, temp, raw_data_opt_or_null,
603 ARRAY_SIZE(raw_data_opt_or_null));
604 }
605
create_certificate_attributes(struct obj_attrs ** out,struct obj_attrs * temp)606 static enum pkcs11_rc create_certificate_attributes(struct obj_attrs **out,
607 struct obj_attrs *temp)
608 {
609 uint32_t const *mandated = NULL;
610 uint32_t const *optional = NULL;
611 size_t mandated_count = 0;
612 size_t optional_count = 0;
613 void *attr_value = NULL;
614 uint32_t attr_size = 0;
615 uint32_t default_cert_category =
616 PKCS11_CK_CERTIFICATE_CATEGORY_UNSPECIFIED;
617 uint32_t default_name_hash_alg = PKCS11_CKM_SHA_1;
618 uint32_t cert_category = 0;
619 enum pkcs11_rc rc = PKCS11_CKR_OK;
620
621 assert(get_class(temp) == PKCS11_CKO_CERTIFICATE);
622
623 rc = create_storage_attributes(out, temp);
624 if (rc)
625 return rc;
626
627 assert(get_class(*out) == PKCS11_CKO_CERTIFICATE);
628
629 rc = set_mandatory_boolprops(out, temp, pkcs11_certificate_boolprops,
630 ARRAY_SIZE(pkcs11_certificate_boolprops));
631 if (rc)
632 return rc;
633
634 rc = set_mandatory_attributes(out, temp, pkcs11_certificate_mandated,
635 ARRAY_SIZE(pkcs11_certificate_mandated));
636 if (rc)
637 return rc;
638
639 rc = set_optional_attributes(out, temp, pkcs11_certificate_optional,
640 ARRAY_SIZE(pkcs11_certificate_optional));
641 if (rc)
642 return rc;
643
644 switch (get_certificate_type(*out)) {
645 case PKCS11_CKC_X_509:
646 mandated = pkcs11_x509_certificate_mandated;
647 optional = pkcs11_x509_certificate_optional;
648 mandated_count = ARRAY_SIZE(pkcs11_x509_certificate_mandated);
649 optional_count = ARRAY_SIZE(pkcs11_x509_certificate_optional);
650 break;
651 default:
652 EMSG("Invalid certificate type %#"PRIx32"/%s",
653 get_certificate_type(*out),
654 id2str_certificate_type(get_certificate_type(*out)));
655
656 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
657 }
658
659 rc = set_mandatory_attributes(out, temp, mandated, mandated_count);
660 if (rc)
661 return rc;
662
663 rc = set_optional_attributes(out, temp, optional, optional_count);
664 if (rc)
665 return rc;
666
667 attr_size = 0;
668 rc = get_attribute_ptr(*out, PKCS11_CKA_CERTIFICATE_CATEGORY,
669 &attr_value, &attr_size);
670 if (rc == PKCS11_CKR_OK && attr_size == sizeof(cert_category)) {
671 /* Sanitize certificate category */
672 TEE_MemMove(&cert_category, attr_value, sizeof(cert_category));
673
674 switch (cert_category) {
675 case PKCS11_CK_CERTIFICATE_CATEGORY_UNSPECIFIED:
676 case PKCS11_CK_CERTIFICATE_CATEGORY_TOKEN_USER:
677 case PKCS11_CK_CERTIFICATE_CATEGORY_AUTHORITY:
678 case PKCS11_CK_CERTIFICATE_CATEGORY_OTHER_ENTITY:
679 break;
680 default:
681 EMSG("Invalid certificate category %#"PRIx32,
682 cert_category);
683
684 return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID;
685 }
686 } else if (rc == PKCS11_RV_NOT_FOUND) {
687 /* Set default category when missing */
688 rc = set_attribute(out, PKCS11_CKA_CERTIFICATE_CATEGORY,
689 &default_cert_category,
690 sizeof(default_cert_category));
691 if (rc)
692 return rc;
693 } else {
694 /* All other cases are errors */
695 EMSG("Invalid certificate category");
696
697 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
698 }
699
700 attr_size = 0;
701 rc = get_attribute_ptr(*out, PKCS11_CKA_NAME_HASH_ALGORITHM, NULL,
702 &attr_size);
703 if (rc == PKCS11_CKR_OK && attr_size == sizeof(uint32_t)) {
704 /* We accept any algorithm what caller wanted to specify */
705 } else if (rc == PKCS11_RV_NOT_FOUND) {
706 /* Set default hash algorithm when missing */
707 rc = set_attribute(out, PKCS11_CKA_NAME_HASH_ALGORITHM,
708 &default_name_hash_alg,
709 sizeof(default_name_hash_alg));
710 if (rc)
711 return rc;
712 } else {
713 /* All other cases are errors */
714 EMSG("Invalid name hash algorithm");
715
716 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
717 }
718
719 return rc;
720 }
721
create_pub_key_attributes(struct obj_attrs ** out,struct obj_attrs * temp,enum processing_func function)722 static enum pkcs11_rc create_pub_key_attributes(struct obj_attrs **out,
723 struct obj_attrs *temp,
724 enum processing_func function)
725 {
726 uint32_t const *mandated = NULL;
727 uint32_t const *oon = NULL;
728 size_t mandated_count = 0;
729 size_t oon_count = 0;
730 enum pkcs11_rc rc = PKCS11_CKR_OK;
731
732 assert(get_class(temp) == PKCS11_CKO_PUBLIC_KEY);
733
734 rc = create_genkey_attributes(out, temp);
735 if (rc)
736 return rc;
737
738 assert(get_class(*out) == PKCS11_CKO_PUBLIC_KEY);
739
740 rc = set_mandatory_boolprops(out, temp, public_key_boolprops,
741 ARRAY_SIZE(public_key_boolprops));
742 if (rc)
743 return rc;
744
745 rc = set_mandatory_attributes(out, temp, public_key_mandated,
746 ARRAY_SIZE(public_key_mandated));
747 if (rc)
748 return rc;
749
750 rc = set_attributes_opt_or_null(out, temp,
751 public_key_opt_or_null,
752 ARRAY_SIZE(public_key_opt_or_null));
753 if (rc)
754 return rc;
755
756 switch (get_key_type(*out)) {
757 case PKCS11_CKK_RSA:
758 switch (function) {
759 case PKCS11_FUNCTION_GENERATE_PAIR:
760 mandated = rsa_pub_key_gen_mand;
761 oon = rsa_pub_key_gen_opt_or_null;
762 mandated_count = ARRAY_SIZE(rsa_pub_key_gen_mand);
763 oon_count = ARRAY_SIZE(rsa_pub_key_gen_opt_or_null);
764 break;
765 case PKCS11_FUNCTION_IMPORT:
766 mandated = rsa_pub_key_create_mand;
767 mandated_count = ARRAY_SIZE(rsa_pub_key_create_mand);
768 break;
769 default:
770 EMSG("Unsupported function %#"PRIx32"/%s", function,
771 id2str_function(function));
772
773 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
774 }
775 break;
776 case PKCS11_CKK_EC:
777 case PKCS11_CKK_EC_EDWARDS:
778 mandated = ec_public_key_mandated;
779 oon = ec_public_key_opt_or_null;
780 mandated_count = ARRAY_SIZE(ec_public_key_mandated);
781 oon_count = ARRAY_SIZE(ec_public_key_opt_or_null);
782 break;
783 default:
784 EMSG("Invalid key type %#"PRIx32"/%s",
785 get_key_type(*out), id2str_key_type(get_key_type(*out)));
786
787 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
788 }
789
790 rc = set_mandatory_attributes(out, temp, mandated, mandated_count);
791 if (rc)
792 return rc;
793
794 return set_attributes_opt_or_null(out, temp, oon, oon_count);
795 }
796
create_priv_key_attributes(struct obj_attrs ** out,struct obj_attrs * temp)797 static enum pkcs11_rc create_priv_key_attributes(struct obj_attrs **out,
798 struct obj_attrs *temp)
799 {
800 uint32_t const *mandated = NULL;
801 uint32_t const *oon = NULL;
802 size_t mandated_count = 0;
803 size_t oon_count = 0;
804 enum pkcs11_rc rc = PKCS11_CKR_OK;
805
806 assert(get_class(temp) == PKCS11_CKO_PRIVATE_KEY);
807
808 rc = create_genkey_attributes(out, temp);
809 if (rc)
810 return rc;
811
812 assert(get_class(*out) == PKCS11_CKO_PRIVATE_KEY);
813
814 rc = set_mandatory_boolprops(out, temp, private_key_boolprops,
815 ARRAY_SIZE(private_key_boolprops));
816 if (rc)
817 return rc;
818
819 rc = set_mandatory_attributes(out, temp, private_key_mandated,
820 ARRAY_SIZE(private_key_mandated));
821 if (rc)
822 return rc;
823
824 rc = set_attributes_opt_or_null(out, temp, private_key_opt_or_null,
825 ARRAY_SIZE(private_key_opt_or_null));
826 if (rc)
827 return rc;
828
829 switch (get_key_type(*out)) {
830 case PKCS11_CKK_RSA:
831 oon = rsa_priv_key_opt_or_null;
832 oon_count = ARRAY_SIZE(rsa_priv_key_opt_or_null);
833 break;
834 case PKCS11_CKK_EC:
835 mandated = ec_private_key_mandated;
836 oon = ec_private_key_opt_or_null;
837 mandated_count = ARRAY_SIZE(ec_private_key_mandated);
838 oon_count = ARRAY_SIZE(ec_private_key_opt_or_null);
839 break;
840 case PKCS11_CKK_EC_EDWARDS:
841 mandated = ec_private_key_mandated;
842 oon = eddsa_private_key_opt_or_null;
843 mandated_count = ARRAY_SIZE(ec_private_key_mandated);
844 oon_count = ARRAY_SIZE(eddsa_private_key_opt_or_null);
845 break;
846 default:
847 EMSG("Invalid key type %#"PRIx32"/%s",
848 get_key_type(*out), id2str_key_type(get_key_type(*out)));
849
850 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
851 }
852
853 rc = set_mandatory_attributes(out, temp, mandated, mandated_count);
854 if (rc)
855 return rc;
856
857 return set_attributes_opt_or_null(out, temp, oon, oon_count);
858 }
859
860 static enum pkcs11_rc
sanitize_symm_key_attributes(struct obj_attrs ** temp,enum processing_func function)861 sanitize_symm_key_attributes(struct obj_attrs **temp,
862 enum processing_func function)
863 {
864 enum pkcs11_rc rc = PKCS11_CKR_OK;
865 uint32_t a_size = 0;
866
867 assert(get_class(*temp) == PKCS11_CKO_SECRET_KEY);
868
869 rc = get_attribute_ptr(*temp, PKCS11_CKA_VALUE, NULL, &a_size);
870
871 switch (get_key_type(*temp)) {
872 case PKCS11_CKK_GENERIC_SECRET:
873 case PKCS11_CKK_AES:
874 case PKCS11_CKK_MD5_HMAC:
875 case PKCS11_CKK_SHA_1_HMAC:
876 case PKCS11_CKK_SHA256_HMAC:
877 case PKCS11_CKK_SHA384_HMAC:
878 case PKCS11_CKK_SHA512_HMAC:
879 case PKCS11_CKK_SHA224_HMAC:
880 switch (function) {
881 case PKCS11_FUNCTION_IMPORT:
882 /* CKA_VALUE is a mandatory with C_CreateObject */
883 if (rc || a_size == 0)
884 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
885
886 if (get_attribute_ptr(*temp, PKCS11_CKA_VALUE_LEN, NULL,
887 NULL) != PKCS11_RV_NOT_FOUND)
888 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
889
890 return add_attribute(temp, PKCS11_CKA_VALUE_LEN,
891 &a_size, sizeof(uint32_t));
892 case PKCS11_FUNCTION_GENERATE:
893 if (rc != PKCS11_RV_NOT_FOUND)
894 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
895 break;
896 default:
897 break;
898 }
899 break;
900 default:
901 EMSG("Invalid key type %#"PRIx32"/%s",
902 get_key_type(*temp), id2str_key_type(get_key_type(*temp)));
903
904 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
905 }
906
907 return PKCS11_CKR_OK;
908 }
909
910 /*
911 * Create an attribute list for a new object from a template and a parent
912 * object (optional) for an object generation function (generate, copy,
913 * derive...).
914 *
915 * PKCS#11 directives on the supplied template and expected return value:
916 * - template has an invalid attribute ID: ATTRIBUTE_TYPE_INVALID
917 * - template has an invalid value for an attribute: ATTRIBUTE_VALID_INVALID
918 * - template has value for a read-only attribute: ATTRIBUTE_READ_ONLY
919 * - template+default+parent => still miss an attribute: TEMPLATE_INCONSISTENT
920 *
921 * INFO on PKCS11_CMD_COPY_OBJECT:
922 * - parent PKCS11_CKA_COPYIABLE=false => return ACTION_PROHIBITED.
923 * - template can specify PKCS11_CKA_TOKEN, PKCS11_CKA_PRIVATE,
924 * PKCS11_CKA_MODIFIABLE, PKCS11_CKA_DESTROYABLE.
925 * - SENSITIVE can change from false to true, not from true to false.
926 * - LOCAL is the parent LOCAL
927 */
928 enum pkcs11_rc
create_attributes_from_template(struct obj_attrs ** out,void * template,size_t template_size,struct obj_attrs * parent,enum processing_func function,enum pkcs11_mechanism_id mecha,enum pkcs11_class_id template_class)929 create_attributes_from_template(struct obj_attrs **out, void *template,
930 size_t template_size,
931 struct obj_attrs *parent,
932 enum processing_func function,
933 enum pkcs11_mechanism_id mecha,
934 enum pkcs11_class_id template_class)
935 {
936 struct obj_attrs *temp = NULL;
937 struct obj_attrs *attrs = NULL;
938 enum pkcs11_rc rc = PKCS11_CKR_OK;
939 uint8_t local = 0;
940 uint8_t always_sensitive = 0;
941 uint8_t never_extract = 0;
942 uint8_t extractable = 0;
943 uint32_t class = PKCS11_UNDEFINED_ID;
944 uint32_t type = PKCS11_UNDEFINED_ID;
945 uint32_t mechanism_id = PKCS11_CKM_UNDEFINED_ID;
946 struct obj_attrs *req_attrs = NULL;
947 uint32_t size = 0;
948 uint32_t indirect_template = PKCS11_CKA_UNDEFINED_ID;
949
950 #ifdef DEBUG /* Sanity: check function argument */
951 trace_attributes_from_api_head("template", template, template_size);
952 switch (function) {
953 case PKCS11_FUNCTION_GENERATE:
954 case PKCS11_FUNCTION_GENERATE_PAIR:
955 case PKCS11_FUNCTION_IMPORT:
956 case PKCS11_FUNCTION_MODIFY:
957 case PKCS11_FUNCTION_DERIVE:
958 case PKCS11_FUNCTION_UNWRAP:
959 case PKCS11_FUNCTION_COPY:
960 break;
961 default:
962 TEE_Panic(TEE_ERROR_NOT_SUPPORTED);
963 }
964 #endif
965
966 /*
967 * For PKCS11_FUNCTION_GENERATE, find the class and type
968 * based on the mechanism. These will be passed as hint
969 * sanitize_client_object() and added in temp if not
970 * already present
971 */
972 if (function == PKCS11_FUNCTION_GENERATE) {
973 switch (mecha) {
974 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN:
975 class = PKCS11_CKO_SECRET_KEY;
976 type = PKCS11_CKK_GENERIC_SECRET;
977 break;
978 case PKCS11_CKM_AES_KEY_GEN:
979 class = PKCS11_CKO_SECRET_KEY;
980 type = PKCS11_CKK_AES;
981 break;
982 default:
983 TEE_Panic(TEE_ERROR_NOT_SUPPORTED);
984 }
985 }
986
987 /*
988 * For PKCS11_FUNCTION_GENERATE_PAIR, find the class and type
989 * based on the mechanism. These will be passed as hint
990 * sanitize_client_object() and added in temp if not
991 * already present
992 */
993 if (function == PKCS11_FUNCTION_GENERATE_PAIR) {
994 switch (mecha) {
995 case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN:
996 class = template_class;
997 type = PKCS11_CKK_EDDSA;
998 break;
999 case PKCS11_CKM_EC_KEY_PAIR_GEN:
1000 class = template_class;
1001 type = PKCS11_CKK_EC;
1002 break;
1003 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN:
1004 class = template_class;
1005 type = PKCS11_CKK_RSA;
1006 break;
1007 default:
1008 TEE_Panic(TEE_ERROR_NOT_SUPPORTED);
1009 }
1010 }
1011
1012 /*
1013 * Check and remove duplicates if any and create a new temporary
1014 * template
1015 */
1016 rc = sanitize_client_object(&temp, template, template_size, class,
1017 type);
1018 if (rc)
1019 goto out;
1020
1021 /*
1022 * For function type modify and copy return the created template
1023 * from here. Rest of the code below is for creating objects
1024 * or generating keys.
1025 */
1026 switch (function) {
1027 case PKCS11_FUNCTION_MODIFY:
1028 case PKCS11_FUNCTION_COPY:
1029 *out = temp;
1030 return rc;
1031 case PKCS11_FUNCTION_DERIVE:
1032 case PKCS11_FUNCTION_UNWRAP:
1033 if (function == PKCS11_FUNCTION_UNWRAP)
1034 indirect_template = PKCS11_CKA_UNWRAP_TEMPLATE;
1035 else
1036 indirect_template = PKCS11_CKA_DERIVE_TEMPLATE;
1037
1038 rc = get_attribute_ptr(parent, indirect_template,
1039 (void *)&req_attrs, &size);
1040 if (rc == PKCS11_CKR_OK && size != 0) {
1041 rc = attributes_match_add_reference(&temp, req_attrs);
1042 if (rc)
1043 goto out;
1044 }
1045 break;
1046 default:
1047 break;
1048 }
1049
1050 /*
1051 * Check if class and type in temp are consistent with the mechanism
1052 */
1053 switch (mecha) {
1054 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN:
1055 if (get_class(temp) != PKCS11_CKO_SECRET_KEY ||
1056 get_key_type(temp) != PKCS11_CKK_GENERIC_SECRET) {
1057 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1058 goto out;
1059 }
1060 break;
1061 case PKCS11_CKM_AES_KEY_GEN:
1062 if (get_class(temp) != PKCS11_CKO_SECRET_KEY ||
1063 get_key_type(temp) != PKCS11_CKK_AES) {
1064 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1065 goto out;
1066 }
1067 break;
1068 case PKCS11_CKM_EC_KEY_PAIR_GEN:
1069 if ((get_class(temp) != PKCS11_CKO_PUBLIC_KEY &&
1070 get_class(temp) != PKCS11_CKO_PRIVATE_KEY) ||
1071 get_key_type(temp) != PKCS11_CKK_EC) {
1072 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1073 goto out;
1074 }
1075 break;
1076 case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN:
1077 if ((get_class(temp) != PKCS11_CKO_PUBLIC_KEY &&
1078 get_class(temp) != PKCS11_CKO_PRIVATE_KEY) ||
1079 get_key_type(temp) != PKCS11_CKK_EC_EDWARDS) {
1080 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1081 goto out;
1082 }
1083 break;
1084 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN:
1085 if ((get_class(temp) != PKCS11_CKO_PUBLIC_KEY &&
1086 get_class(temp) != PKCS11_CKO_PRIVATE_KEY) ||
1087 get_key_type(temp) != PKCS11_CKK_RSA) {
1088 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1089 goto out;
1090 }
1091 break;
1092 default:
1093 break;
1094 }
1095
1096 if (!sanitize_consistent_class_and_type(temp)) {
1097 EMSG("Inconsistent class/type");
1098 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1099 goto out;
1100 }
1101
1102 /*
1103 * TBD - Add a check to see if temp contains any attribute which
1104 * is not consistent with the object class or type and return error.
1105 * In current implementation such attributes are ignored and not
1106 * added to final object while PKCS#11 specification expects a
1107 * failure and an error code be returned.
1108 */
1109
1110 switch (get_class(temp)) {
1111 case PKCS11_CKO_DATA:
1112 rc = create_data_attributes(&attrs, temp);
1113 break;
1114 case PKCS11_CKO_CERTIFICATE:
1115 rc = create_certificate_attributes(&attrs, temp);
1116 break;
1117 case PKCS11_CKO_SECRET_KEY:
1118 rc = sanitize_symm_key_attributes(&temp, function);
1119 if (rc)
1120 goto out;
1121 rc = create_symm_key_attributes(&attrs, temp);
1122 break;
1123 case PKCS11_CKO_PUBLIC_KEY:
1124 rc = create_pub_key_attributes(&attrs, temp, function);
1125 break;
1126 case PKCS11_CKO_PRIVATE_KEY:
1127 rc = create_priv_key_attributes(&attrs, temp);
1128 break;
1129 default:
1130 DMSG("Invalid object class %#"PRIx32"/%s",
1131 get_class(temp), id2str_class(get_class(temp)));
1132
1133 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1134 break;
1135 }
1136 if (rc)
1137 goto out;
1138
1139 if (get_attribute_ptr(temp, PKCS11_CKA_LOCAL, NULL, NULL) !=
1140 PKCS11_RV_NOT_FOUND) {
1141 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1142 goto out;
1143 }
1144
1145 if (get_attribute_ptr(temp, PKCS11_CKA_KEY_GEN_MECHANISM, NULL, NULL) !=
1146 PKCS11_RV_NOT_FOUND) {
1147 rc = PKCS11_CKR_TEMPLATE_INCONSISTENT;
1148 goto out;
1149 }
1150
1151 switch (function) {
1152 case PKCS11_FUNCTION_GENERATE:
1153 case PKCS11_FUNCTION_GENERATE_PAIR:
1154 local = PKCS11_TRUE;
1155 break;
1156 case PKCS11_FUNCTION_IMPORT:
1157 case PKCS11_FUNCTION_DERIVE:
1158 case PKCS11_FUNCTION_UNWRAP:
1159 default:
1160 local = PKCS11_FALSE;
1161 break;
1162 }
1163 rc = add_attribute(&attrs, PKCS11_CKA_LOCAL, &local, sizeof(local));
1164 if (rc)
1165 goto out;
1166
1167 switch (get_class(attrs)) {
1168 case PKCS11_CKO_SECRET_KEY:
1169 case PKCS11_CKO_PRIVATE_KEY:
1170 case PKCS11_CKO_PUBLIC_KEY:
1171 always_sensitive = PKCS11_FALSE;
1172 never_extract = PKCS11_FALSE;
1173
1174 switch (function) {
1175 case PKCS11_FUNCTION_DERIVE:
1176 always_sensitive =
1177 get_bool(parent, PKCS11_CKA_ALWAYS_SENSITIVE) &&
1178 get_bool(attrs, PKCS11_CKA_SENSITIVE);
1179 never_extract =
1180 get_bool(parent, PKCS11_CKA_NEVER_EXTRACTABLE) &&
1181 !get_bool(attrs, PKCS11_CKA_EXTRACTABLE);
1182 break;
1183 case PKCS11_FUNCTION_UNWRAP:
1184 always_sensitive = PKCS11_FALSE;
1185 never_extract = PKCS11_FALSE;
1186 extractable = PKCS11_TRUE;
1187
1188 /*
1189 * Check if template passed by user has CKA_EXTRACTABLE.
1190 * If not, by default value of CKA_EXTRACTABLE is set as
1191 * TRUE.
1192 */
1193 if (get_attribute_ptr(temp, PKCS11_CKA_EXTRACTABLE,
1194 NULL,
1195 NULL) == PKCS11_RV_NOT_FOUND) {
1196 rc = set_attribute(&attrs,
1197 PKCS11_CKA_EXTRACTABLE,
1198 &extractable,
1199 sizeof(extractable));
1200 if (rc)
1201 goto out;
1202 }
1203 break;
1204 case PKCS11_FUNCTION_GENERATE:
1205 case PKCS11_FUNCTION_GENERATE_PAIR:
1206 always_sensitive = get_bool(attrs,
1207 PKCS11_CKA_SENSITIVE);
1208 never_extract = !get_bool(attrs,
1209 PKCS11_CKA_EXTRACTABLE);
1210 break;
1211 default:
1212 break;
1213 }
1214
1215 rc = add_attribute(&attrs, PKCS11_CKA_ALWAYS_SENSITIVE,
1216 &always_sensitive, sizeof(always_sensitive));
1217 if (rc)
1218 goto out;
1219
1220 rc = add_attribute(&attrs, PKCS11_CKA_NEVER_EXTRACTABLE,
1221 &never_extract, sizeof(never_extract));
1222 if (rc)
1223 goto out;
1224
1225 /* Keys mandate attribute PKCS11_CKA_KEY_GEN_MECHANISM */
1226 if (local)
1227 mechanism_id = mecha;
1228 else
1229 mechanism_id = PKCS11_CK_UNAVAILABLE_INFORMATION;
1230
1231 rc = add_attribute(&attrs, PKCS11_CKA_KEY_GEN_MECHANISM,
1232 &mechanism_id, sizeof(mechanism_id));
1233 if (rc)
1234 goto out;
1235 break;
1236
1237 default:
1238 break;
1239 }
1240
1241 *out = attrs;
1242
1243 #ifdef DEBUG
1244 trace_attributes("object", attrs);
1245 #endif
1246
1247 out:
1248 TEE_Free(temp);
1249 if (rc)
1250 TEE_Free(attrs);
1251
1252 return rc;
1253 }
1254
check_attrs_misc_integrity(struct obj_attrs * head)1255 static enum pkcs11_rc check_attrs_misc_integrity(struct obj_attrs *head)
1256 {
1257 if (get_bool(head, PKCS11_CKA_NEVER_EXTRACTABLE) &&
1258 get_bool(head, PKCS11_CKA_EXTRACTABLE)) {
1259 DMSG("Never/Extractable attributes mismatch %d/%d",
1260 get_bool(head, PKCS11_CKA_NEVER_EXTRACTABLE),
1261 get_bool(head, PKCS11_CKA_EXTRACTABLE));
1262
1263 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1264 }
1265
1266 if (get_bool(head, PKCS11_CKA_ALWAYS_SENSITIVE) &&
1267 !get_bool(head, PKCS11_CKA_SENSITIVE)) {
1268 DMSG("Sensitive/always attributes mismatch %d/%d",
1269 get_bool(head, PKCS11_CKA_SENSITIVE),
1270 get_bool(head, PKCS11_CKA_ALWAYS_SENSITIVE));
1271
1272 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1273 }
1274
1275 return PKCS11_CKR_OK;
1276 }
1277
object_is_private(struct obj_attrs * head)1278 bool object_is_private(struct obj_attrs *head)
1279 {
1280 return get_bool(head, PKCS11_CKA_PRIVATE);
1281 }
1282
object_is_token(struct obj_attrs * head)1283 bool object_is_token(struct obj_attrs *head)
1284 {
1285 return get_bool(head, PKCS11_CKA_TOKEN);
1286 }
1287
object_is_modifiable(struct obj_attrs * head)1288 bool object_is_modifiable(struct obj_attrs *head)
1289 {
1290 return get_bool(head, PKCS11_CKA_MODIFIABLE);
1291 }
1292
object_is_copyable(struct obj_attrs * head)1293 bool object_is_copyable(struct obj_attrs *head)
1294 {
1295 return get_bool(head, PKCS11_CKA_COPYABLE);
1296 }
1297
1298 /*
1299 * Check access to object against authentication to token
1300 */
check_access_attrs_against_token(struct pkcs11_session * session,struct obj_attrs * head)1301 enum pkcs11_rc check_access_attrs_against_token(struct pkcs11_session *session,
1302 struct obj_attrs *head)
1303 {
1304 bool private = true;
1305
1306 switch (get_class(head)) {
1307 case PKCS11_CKO_SECRET_KEY:
1308 case PKCS11_CKO_PRIVATE_KEY:
1309 case PKCS11_CKO_PUBLIC_KEY:
1310 case PKCS11_CKO_DATA:
1311 case PKCS11_CKO_CERTIFICATE:
1312 private = object_is_private(head);
1313 break;
1314 default:
1315 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1316 }
1317
1318 if (private && (pkcs11_session_is_public(session) ||
1319 pkcs11_session_is_so(session))) {
1320 DMSG("Private object access from a public or SO session");
1321
1322 return PKCS11_CKR_USER_NOT_LOGGED_IN;
1323 }
1324
1325 return PKCS11_CKR_OK;
1326 }
1327
1328 /*
1329 * Check the attributes of a to-be-created object matches the token state
1330 */
check_created_attrs_against_token(struct pkcs11_session * session,struct obj_attrs * head)1331 enum pkcs11_rc check_created_attrs_against_token(struct pkcs11_session *session,
1332 struct obj_attrs *head)
1333 {
1334 enum pkcs11_rc rc = PKCS11_CKR_OK;
1335
1336 rc = check_attrs_misc_integrity(head);
1337 if (rc)
1338 return rc;
1339
1340 if (get_bool(head, PKCS11_CKA_TRUSTED) &&
1341 !pkcs11_session_is_so(session)) {
1342 DMSG("Can't create trusted object");
1343
1344 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1345 }
1346
1347 if (get_bool(head, PKCS11_CKA_TOKEN) &&
1348 !pkcs11_session_is_read_write(session)) {
1349 DMSG("Can't create persistent object");
1350
1351 return PKCS11_CKR_SESSION_READ_ONLY;
1352 }
1353
1354 /*
1355 * TODO: START_DATE and END_DATE: complies with current time?
1356 */
1357 return PKCS11_CKR_OK;
1358 }
1359
1360 #define DMSG_BAD_BBOOL(attr, proc, head) \
1361 do { \
1362 uint32_t __maybe_unused _attr = (attr); \
1363 uint8_t __maybe_unused _bvalue = 0; \
1364 enum pkcs11_rc __maybe_unused _rc = PKCS11_CKR_OK; \
1365 \
1366 _rc = get_attribute((head), _attr, &_bvalue, NULL); \
1367 DMSG("%s issue for %s: %sfound, value %"PRIu8, \
1368 id2str_attr(_attr), id2str_proc((proc)), \
1369 _rc ? "not " : "", _bvalue); \
1370 } while (0)
1371
check_attr_bval(uint32_t proc_id __maybe_unused,struct obj_attrs * head,uint32_t attribute,bool val)1372 static bool __maybe_unused check_attr_bval(uint32_t proc_id __maybe_unused,
1373 struct obj_attrs *head,
1374 uint32_t attribute, bool val)
1375 {
1376 uint8_t bbool = 0;
1377 uint32_t sz = sizeof(bbool);
1378
1379 if (!get_attribute(head, attribute, &bbool, &sz) && !!bbool == val)
1380 return true;
1381
1382 DMSG_BAD_BBOOL(attribute, proc_id, head);
1383 return false;
1384 }
1385
1386 /*
1387 * Check the attributes of a new secret match the processing/mechanism
1388 * used to create it.
1389 *
1390 * @proc_id - PKCS11_CKM_xxx
1391 * @head - head of the attributes of the to-be-created object.
1392 */
check_created_attrs_against_processing(uint32_t proc_id,struct obj_attrs * head)1393 enum pkcs11_rc check_created_attrs_against_processing(uint32_t proc_id,
1394 struct obj_attrs *head)
1395 {
1396 /*
1397 * Processings that do not create secrets are not expected to call
1398 * this function which would panic.
1399 */
1400 switch (proc_id) {
1401 case PKCS11_PROCESSING_IMPORT:
1402 case PKCS11_CKM_ECDH1_DERIVE:
1403 case PKCS11_CKM_AES_ECB:
1404 case PKCS11_CKM_AES_CBC:
1405 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA:
1406 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA:
1407 case PKCS11_CKM_RSA_AES_KEY_WRAP:
1408 assert(check_attr_bval(proc_id, head, PKCS11_CKA_LOCAL, false));
1409 break;
1410 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN:
1411 case PKCS11_CKM_AES_KEY_GEN:
1412 case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN:
1413 case PKCS11_CKM_EC_KEY_PAIR_GEN:
1414 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN:
1415 assert(check_attr_bval(proc_id, head, PKCS11_CKA_LOCAL, true));
1416 break;
1417 default:
1418 TEE_Panic(proc_id);
1419 break;
1420 }
1421
1422 switch (proc_id) {
1423 case PKCS11_CKM_GENERIC_SECRET_KEY_GEN:
1424 assert(get_key_type(head) == PKCS11_CKK_GENERIC_SECRET);
1425 break;
1426 case PKCS11_CKM_AES_KEY_GEN:
1427 assert(get_key_type(head) == PKCS11_CKK_AES);
1428 break;
1429 case PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN:
1430 assert(get_key_type(head) == PKCS11_CKK_EC_EDWARDS);
1431 break;
1432 case PKCS11_CKM_EC_KEY_PAIR_GEN:
1433 assert(get_key_type(head) == PKCS11_CKK_EC);
1434 break;
1435 case PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN:
1436 assert(get_key_type(head) == PKCS11_CKK_RSA);
1437 break;
1438 case PKCS11_PROCESSING_IMPORT:
1439 case PKCS11_CKM_ECDH1_DERIVE:
1440 default:
1441 break;
1442 }
1443
1444 return PKCS11_CKR_OK;
1445 }
1446
1447 /* Return min and max key size supported for a key_type in bytes */
get_key_min_max_sizes(enum pkcs11_key_type key_type,uint32_t * min_key_size,uint32_t * max_key_size)1448 static void get_key_min_max_sizes(enum pkcs11_key_type key_type,
1449 uint32_t *min_key_size,
1450 uint32_t *max_key_size)
1451 {
1452 enum pkcs11_mechanism_id mechanism = PKCS11_CKM_UNDEFINED_ID;
1453
1454 switch (key_type) {
1455 case PKCS11_CKK_GENERIC_SECRET:
1456 mechanism = PKCS11_CKM_GENERIC_SECRET_KEY_GEN;
1457 break;
1458 case PKCS11_CKK_AES:
1459 mechanism = PKCS11_CKM_AES_KEY_GEN;
1460 break;
1461 case PKCS11_CKK_MD5_HMAC:
1462 mechanism = PKCS11_CKM_MD5_HMAC;
1463 break;
1464 case PKCS11_CKK_SHA_1_HMAC:
1465 mechanism = PKCS11_CKM_SHA_1_HMAC;
1466 break;
1467 case PKCS11_CKK_SHA224_HMAC:
1468 mechanism = PKCS11_CKM_SHA224_HMAC;
1469 break;
1470 case PKCS11_CKK_SHA256_HMAC:
1471 mechanism = PKCS11_CKM_SHA256_HMAC;
1472 break;
1473 case PKCS11_CKK_SHA384_HMAC:
1474 mechanism = PKCS11_CKM_SHA384_HMAC;
1475 break;
1476 case PKCS11_CKK_SHA512_HMAC:
1477 mechanism = PKCS11_CKM_SHA512_HMAC;
1478 break;
1479 case PKCS11_CKK_EC:
1480 mechanism = PKCS11_CKM_EC_KEY_PAIR_GEN;
1481 break;
1482 case PKCS11_CKK_EDDSA:
1483 mechanism = PKCS11_CKM_EC_EDWARDS_KEY_PAIR_GEN;
1484 break;
1485 case PKCS11_CKK_RSA:
1486 mechanism = PKCS11_CKM_RSA_PKCS_KEY_PAIR_GEN;
1487 break;
1488 default:
1489 TEE_Panic(key_type);
1490 break;
1491 }
1492
1493 mechanism_supported_key_sizes_bytes(mechanism, min_key_size,
1494 max_key_size);
1495 }
1496
check_created_attrs(struct obj_attrs * key1,struct obj_attrs * key2)1497 enum pkcs11_rc check_created_attrs(struct obj_attrs *key1,
1498 struct obj_attrs *key2)
1499 {
1500 enum pkcs11_rc rc = PKCS11_CKR_OK;
1501 struct obj_attrs *secret = NULL;
1502 struct obj_attrs *private = NULL;
1503 struct obj_attrs *public = NULL;
1504 uint32_t max_key_size = 0;
1505 uint32_t min_key_size = 0;
1506 uint32_t key_length = 0;
1507
1508 switch (get_class(key1)) {
1509 case PKCS11_CKO_SECRET_KEY:
1510 secret = key1;
1511 break;
1512 case PKCS11_CKO_PUBLIC_KEY:
1513 public = key1;
1514 break;
1515 case PKCS11_CKO_PRIVATE_KEY:
1516 private = key1;
1517 break;
1518 default:
1519 return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID;
1520 }
1521
1522 if (key2) {
1523 switch (get_class(key2)) {
1524 case PKCS11_CKO_PUBLIC_KEY:
1525 public = key2;
1526 if (private == key1)
1527 break;
1528
1529 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1530 case PKCS11_CKO_PRIVATE_KEY:
1531 private = key2;
1532 if (public == key1)
1533 break;
1534
1535 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1536 default:
1537 return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID;
1538 }
1539
1540 if (get_key_type(private) != get_key_type(public))
1541 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1542 }
1543
1544 if (secret) {
1545 switch (get_key_type(secret)) {
1546 case PKCS11_CKK_AES:
1547 case PKCS11_CKK_GENERIC_SECRET:
1548 case PKCS11_CKK_MD5_HMAC:
1549 case PKCS11_CKK_SHA_1_HMAC:
1550 case PKCS11_CKK_SHA224_HMAC:
1551 case PKCS11_CKK_SHA256_HMAC:
1552 case PKCS11_CKK_SHA384_HMAC:
1553 case PKCS11_CKK_SHA512_HMAC:
1554 break;
1555 default:
1556 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1557 }
1558
1559 /* Get key size */
1560 rc = get_u32_attribute(secret, PKCS11_CKA_VALUE_LEN,
1561 &key_length);
1562 if (rc)
1563 return PKCS11_CKR_TEMPLATE_INCOMPLETE;
1564 }
1565 if (public) {
1566 switch (get_key_type(public)) {
1567 case PKCS11_CKK_RSA:
1568 /* Get key size */
1569 rc = get_u32_attribute(public, PKCS11_CKA_MODULUS_BITS,
1570 &key_length);
1571 if (rc)
1572 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1573 key_length = ROUNDUP(key_length, 8) / 8;
1574 break;
1575 case PKCS11_CKK_EC:
1576 case PKCS11_CKK_EC_EDWARDS:
1577 break;
1578 default:
1579 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1580 }
1581 }
1582 if (private) {
1583 switch (get_key_type(private)) {
1584 case PKCS11_CKK_RSA:
1585 case PKCS11_CKK_EC:
1586 case PKCS11_CKK_EC_EDWARDS:
1587 break;
1588 default:
1589 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
1590 }
1591 }
1592
1593 /*
1594 * Check key size for symmetric keys and RSA keys
1595 * EC is bound to domains, no need to check here.
1596 */
1597 switch (get_key_type(key1)) {
1598 case PKCS11_CKK_EC:
1599 case PKCS11_CKK_EC_EDWARDS:
1600 return PKCS11_CKR_OK;
1601 default:
1602 break;
1603 }
1604
1605 get_key_min_max_sizes(get_key_type(key1), &min_key_size, &max_key_size);
1606 if (key_length < min_key_size || key_length > max_key_size) {
1607 EMSG("Length %"PRIu32" vs range [%"PRIu32" %"PRIu32"]",
1608 key_length, min_key_size, max_key_size);
1609
1610 return PKCS11_CKR_KEY_SIZE_RANGE;
1611 }
1612
1613 if (secret && get_key_type(secret) == PKCS11_CKK_AES) {
1614 if (key_length != 16 && key_length != 24 && key_length != 32)
1615 return PKCS11_CKR_KEY_SIZE_RANGE;
1616 }
1617
1618 return PKCS11_CKR_OK;
1619 }
1620
1621 /* Check processing ID against attribute ALLOWED_MECHANISMS if any */
parent_key_complies_allowed_processings(uint32_t proc_id,struct obj_attrs * head)1622 static bool parent_key_complies_allowed_processings(uint32_t proc_id,
1623 struct obj_attrs *head)
1624 {
1625 char *attr = NULL;
1626 uint32_t size = 0;
1627 uint32_t proc = 0;
1628 size_t count = 0;
1629 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
1630
1631 rc = get_attribute_ptr(head, PKCS11_CKA_ALLOWED_MECHANISMS,
1632 (void *)&attr, &size);
1633 if (rc == PKCS11_RV_NOT_FOUND)
1634 return true;
1635 if (rc) {
1636 EMSG("unexpected attributes state");
1637 TEE_Panic(TEE_ERROR_BAD_STATE);
1638 }
1639
1640 for (count = size / sizeof(uint32_t); count; count--) {
1641 TEE_MemMove(&proc, attr, sizeof(uint32_t));
1642 attr += sizeof(uint32_t);
1643
1644 if (proc == proc_id)
1645 return true;
1646 }
1647
1648 DMSG("can't find %s in allowed list", id2str_proc(proc_id));
1649 return false;
1650 }
1651
func_to_attr(enum processing_func func)1652 static enum pkcs11_attr_id func_to_attr(enum processing_func func)
1653 {
1654 switch (func) {
1655 case PKCS11_FUNCTION_ENCRYPT:
1656 return PKCS11_CKA_ENCRYPT;
1657 case PKCS11_FUNCTION_DECRYPT:
1658 return PKCS11_CKA_DECRYPT;
1659 case PKCS11_FUNCTION_SIGN:
1660 return PKCS11_CKA_SIGN;
1661 case PKCS11_FUNCTION_VERIFY:
1662 return PKCS11_CKA_VERIFY;
1663 case PKCS11_FUNCTION_WRAP:
1664 return PKCS11_CKA_WRAP;
1665 case PKCS11_FUNCTION_UNWRAP:
1666 return PKCS11_CKA_UNWRAP;
1667 case PKCS11_FUNCTION_DERIVE:
1668 return PKCS11_CKA_DERIVE;
1669 default:
1670 return PKCS11_CKA_UNDEFINED_ID;
1671 }
1672 }
1673
1674 enum pkcs11_rc
check_parent_attrs_against_processing(enum pkcs11_mechanism_id proc_id,enum processing_func function,struct obj_attrs * head)1675 check_parent_attrs_against_processing(enum pkcs11_mechanism_id proc_id,
1676 enum processing_func function,
1677 struct obj_attrs *head)
1678 {
1679 enum pkcs11_class_id key_class = get_class(head);
1680 enum pkcs11_key_type key_type = get_key_type(head);
1681 enum pkcs11_attr_id attr = func_to_attr(function);
1682
1683 if (!get_bool(head, attr)) {
1684 DMSG("%s not permitted", id2str_attr(attr));
1685 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1686 }
1687
1688 /* Check processing complies with parent key family */
1689 switch (proc_id) {
1690 case PKCS11_CKM_AES_ECB:
1691 case PKCS11_CKM_AES_CBC:
1692 case PKCS11_CKM_AES_CTS:
1693 case PKCS11_CKM_AES_CTR:
1694 case PKCS11_CKM_AES_CMAC:
1695 case PKCS11_CKM_AES_CMAC_GENERAL:
1696 if (key_class == PKCS11_CKO_SECRET_KEY &&
1697 key_type == PKCS11_CKK_AES)
1698 break;
1699
1700 DMSG("%s invalid key %s/%s", id2str_proc(proc_id),
1701 id2str_class(key_class), id2str_key_type(key_type));
1702
1703 if (function == PKCS11_FUNCTION_WRAP)
1704 return PKCS11_CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
1705 else if (function == PKCS11_FUNCTION_UNWRAP)
1706 return PKCS11_CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
1707 else
1708 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1709
1710 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA:
1711 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA:
1712 if (key_class != PKCS11_CKO_SECRET_KEY &&
1713 key_type != PKCS11_CKK_AES)
1714 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1715
1716 if (get_bool(head, PKCS11_CKA_ENCRYPT)) {
1717 /*
1718 * Intentionally refuse to proceed despite
1719 * PKCS#11 specifications v2.40 and v3.0 not expecting
1720 * this behavior to avoid potential security issue
1721 * where keys derived by these mechanisms can be
1722 * revealed by doing data encryption using parent key.
1723 */
1724 return PKCS11_CKR_FUNCTION_FAILED;
1725 }
1726
1727 break;
1728 case PKCS11_CKM_MD5_HMAC:
1729 case PKCS11_CKM_SHA_1_HMAC:
1730 case PKCS11_CKM_SHA224_HMAC:
1731 case PKCS11_CKM_SHA256_HMAC:
1732 case PKCS11_CKM_SHA384_HMAC:
1733 case PKCS11_CKM_SHA512_HMAC:
1734 case PKCS11_CKM_MD5_HMAC_GENERAL:
1735 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
1736 case PKCS11_CKM_SHA224_HMAC_GENERAL:
1737 case PKCS11_CKM_SHA256_HMAC_GENERAL:
1738 case PKCS11_CKM_SHA384_HMAC_GENERAL:
1739 case PKCS11_CKM_SHA512_HMAC_GENERAL:
1740 if (key_class != PKCS11_CKO_SECRET_KEY)
1741 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1742
1743 if (key_type == PKCS11_CKK_GENERIC_SECRET)
1744 break;
1745
1746 switch (proc_id) {
1747 case PKCS11_CKM_MD5_HMAC:
1748 case PKCS11_CKM_MD5_HMAC_GENERAL:
1749 if (key_type == PKCS11_CKK_MD5_HMAC)
1750 break;
1751 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1752 case PKCS11_CKM_SHA_1_HMAC:
1753 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
1754 if (key_type == PKCS11_CKK_SHA_1_HMAC)
1755 break;
1756 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1757 case PKCS11_CKM_SHA224_HMAC:
1758 case PKCS11_CKM_SHA224_HMAC_GENERAL:
1759 if (key_type == PKCS11_CKK_SHA224_HMAC)
1760 break;
1761 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1762 case PKCS11_CKM_SHA256_HMAC:
1763 case PKCS11_CKM_SHA256_HMAC_GENERAL:
1764 if (key_type == PKCS11_CKK_SHA256_HMAC)
1765 break;
1766 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1767 case PKCS11_CKM_SHA384_HMAC:
1768 case PKCS11_CKM_SHA384_HMAC_GENERAL:
1769 if (key_type == PKCS11_CKK_SHA384_HMAC)
1770 break;
1771 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1772 case PKCS11_CKM_SHA512_HMAC:
1773 case PKCS11_CKM_SHA512_HMAC_GENERAL:
1774 if (key_type == PKCS11_CKK_SHA512_HMAC)
1775 break;
1776 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1777 default:
1778 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1779 }
1780 break;
1781
1782 case PKCS11_CKM_EDDSA:
1783 if (key_type != PKCS11_CKK_EC_EDWARDS) {
1784 EMSG("Invalid key %s for mechanism %s",
1785 id2str_type(key_type, key_class),
1786 id2str_proc(proc_id));
1787 return PKCS11_CKR_KEY_TYPE_INCONSISTENT;
1788 }
1789 if (key_class != PKCS11_CKO_PUBLIC_KEY &&
1790 key_class != PKCS11_CKO_PRIVATE_KEY) {
1791 EMSG("Invalid key class for mechanism %s",
1792 id2str_proc(proc_id));
1793
1794 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1795 }
1796 break;
1797
1798 case PKCS11_CKM_ECDSA:
1799 case PKCS11_CKM_ECDSA_SHA1:
1800 case PKCS11_CKM_ECDSA_SHA224:
1801 case PKCS11_CKM_ECDSA_SHA256:
1802 case PKCS11_CKM_ECDSA_SHA384:
1803 case PKCS11_CKM_ECDSA_SHA512:
1804 case PKCS11_CKM_ECDH1_DERIVE:
1805 if (key_type != PKCS11_CKK_EC) {
1806 EMSG("Invalid key %s for mechanism %s",
1807 id2str_type(key_type, key_class),
1808 id2str_proc(proc_id));
1809
1810 return PKCS11_CKR_KEY_TYPE_INCONSISTENT;
1811 }
1812 if (key_class != PKCS11_CKO_PUBLIC_KEY &&
1813 key_class != PKCS11_CKO_PRIVATE_KEY) {
1814 EMSG("Invalid key class for mechanism %s",
1815 id2str_proc(proc_id));
1816
1817 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1818 }
1819 break;
1820 case PKCS11_CKM_RSA_PKCS:
1821 case PKCS11_CKM_MD5_RSA_PKCS:
1822 case PKCS11_CKM_SHA1_RSA_PKCS:
1823 case PKCS11_CKM_SHA224_RSA_PKCS:
1824 case PKCS11_CKM_SHA256_RSA_PKCS:
1825 case PKCS11_CKM_SHA384_RSA_PKCS:
1826 case PKCS11_CKM_SHA512_RSA_PKCS:
1827 case PKCS11_CKM_RSA_AES_KEY_WRAP:
1828 case PKCS11_CKM_RSA_PKCS_OAEP:
1829 case PKCS11_CKM_RSA_PKCS_PSS:
1830 case PKCS11_CKM_SHA1_RSA_PKCS_PSS:
1831 case PKCS11_CKM_SHA224_RSA_PKCS_PSS:
1832 case PKCS11_CKM_SHA256_RSA_PKCS_PSS:
1833 case PKCS11_CKM_SHA384_RSA_PKCS_PSS:
1834 case PKCS11_CKM_SHA512_RSA_PKCS_PSS:
1835 if (key_type != PKCS11_CKK_RSA) {
1836 EMSG("Invalid key %s for mechanism %s",
1837 id2str_type(key_type, key_class),
1838 id2str_proc(proc_id));
1839
1840 return PKCS11_CKR_KEY_TYPE_INCONSISTENT;
1841 }
1842 if (key_class != PKCS11_CKO_PUBLIC_KEY &&
1843 key_class != PKCS11_CKO_PRIVATE_KEY) {
1844 EMSG("Invalid key class for mechanism %s",
1845 id2str_proc(proc_id));
1846
1847 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1848 }
1849 break;
1850 default:
1851 DMSG("Invalid processing %#"PRIx32"/%s", proc_id,
1852 id2str_proc(proc_id));
1853
1854 return PKCS11_CKR_MECHANISM_INVALID;
1855 }
1856
1857 if (!parent_key_complies_allowed_processings(proc_id, head)) {
1858 DMSG("Allowed mechanism failed");
1859 return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED;
1860 }
1861
1862 return PKCS11_CKR_OK;
1863 }
1864
attribute_is_exportable(struct pkcs11_attribute_head * req_attr,struct pkcs11_object * obj)1865 bool attribute_is_exportable(struct pkcs11_attribute_head *req_attr,
1866 struct pkcs11_object *obj)
1867 {
1868 uint8_t boolval = 0;
1869 uint32_t boolsize = 0;
1870 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
1871 enum pkcs11_class_id key_class = get_class(obj->attributes);
1872
1873 if (key_class != PKCS11_CKO_SECRET_KEY &&
1874 key_class != PKCS11_CKO_PRIVATE_KEY)
1875 return true;
1876
1877 switch (req_attr->id) {
1878 case PKCS11_CKA_PRIVATE_EXPONENT:
1879 case PKCS11_CKA_PRIME_1:
1880 case PKCS11_CKA_PRIME_2:
1881 case PKCS11_CKA_EXPONENT_1:
1882 case PKCS11_CKA_EXPONENT_2:
1883 case PKCS11_CKA_COEFFICIENT:
1884 case PKCS11_CKA_VALUE:
1885 boolsize = sizeof(boolval);
1886 rc = get_attribute(obj->attributes, PKCS11_CKA_EXTRACTABLE,
1887 &boolval, &boolsize);
1888 if (rc || boolval == PKCS11_FALSE)
1889 return false;
1890
1891 boolsize = sizeof(boolval);
1892 rc = get_attribute(obj->attributes, PKCS11_CKA_SENSITIVE,
1893 &boolval, &boolsize);
1894 if (rc || boolval == PKCS11_TRUE)
1895 return false;
1896 break;
1897 default:
1898 break;
1899 }
1900
1901 return true;
1902 }
1903
attr_is_modifiable_any_key(struct pkcs11_attribute_head * attr)1904 static bool attr_is_modifiable_any_key(struct pkcs11_attribute_head *attr)
1905 {
1906 switch (attr->id) {
1907 case PKCS11_CKA_ID:
1908 case PKCS11_CKA_START_DATE:
1909 case PKCS11_CKA_END_DATE:
1910 case PKCS11_CKA_DERIVE:
1911 return true;
1912 default:
1913 return false;
1914 }
1915 }
1916
attr_is_modifiable_secret_key(struct pkcs11_attribute_head * attr,struct pkcs11_session * session,struct pkcs11_object * obj)1917 static bool attr_is_modifiable_secret_key(struct pkcs11_attribute_head *attr,
1918 struct pkcs11_session *session,
1919 struct pkcs11_object *obj)
1920 {
1921 switch (attr->id) {
1922 case PKCS11_CKA_ENCRYPT:
1923 case PKCS11_CKA_DECRYPT:
1924 case PKCS11_CKA_SIGN:
1925 case PKCS11_CKA_VERIFY:
1926 case PKCS11_CKA_WRAP:
1927 case PKCS11_CKA_UNWRAP:
1928 return true;
1929 /* Can't be modified once set to CK_FALSE - 12 in Table 10 */
1930 case PKCS11_CKA_EXTRACTABLE:
1931 return get_bool(obj->attributes, attr->id);
1932 /* Can't be modified once set to CK_TRUE - 11 in Table 10 */
1933 case PKCS11_CKA_SENSITIVE:
1934 case PKCS11_CKA_WRAP_WITH_TRUSTED:
1935 return !get_bool(obj->attributes, attr->id);
1936 /* Change in CKA_TRUSTED can only be done by SO */
1937 case PKCS11_CKA_TRUSTED:
1938 return pkcs11_session_is_so(session);
1939 case PKCS11_CKA_NEVER_EXTRACTABLE:
1940 case PKCS11_CKA_ALWAYS_SENSITIVE:
1941 return false;
1942 default:
1943 return false;
1944 }
1945 }
1946
attr_is_modifiable_public_key(struct pkcs11_attribute_head * attr,struct pkcs11_session * session,struct pkcs11_object * obj __unused)1947 static bool attr_is_modifiable_public_key(struct pkcs11_attribute_head *attr,
1948 struct pkcs11_session *session,
1949 struct pkcs11_object *obj __unused)
1950 {
1951 switch (attr->id) {
1952 case PKCS11_CKA_SUBJECT:
1953 case PKCS11_CKA_ENCRYPT:
1954 case PKCS11_CKA_VERIFY:
1955 case PKCS11_CKA_VERIFY_RECOVER:
1956 case PKCS11_CKA_WRAP:
1957 return true;
1958 case PKCS11_CKA_TRUSTED:
1959 /* Change in CKA_TRUSTED can only be done by SO */
1960 return pkcs11_session_is_so(session);
1961 default:
1962 return false;
1963 }
1964 }
1965
attr_is_modifiable_private_key(struct pkcs11_attribute_head * attr,struct pkcs11_session * sess __unused,struct pkcs11_object * obj)1966 static bool attr_is_modifiable_private_key(struct pkcs11_attribute_head *attr,
1967 struct pkcs11_session *sess __unused,
1968 struct pkcs11_object *obj)
1969 {
1970 switch (attr->id) {
1971 case PKCS11_CKA_SUBJECT:
1972 case PKCS11_CKA_DECRYPT:
1973 case PKCS11_CKA_SIGN:
1974 case PKCS11_CKA_SIGN_RECOVER:
1975 case PKCS11_CKA_UNWRAP:
1976 /*
1977 * TBD: Revisit if we don't support PKCS11_CKA_PUBLIC_KEY_INFO
1978 * Specification mentions that if this attribute is
1979 * supplied as part of a template for C_CreateObject, C_CopyObject or
1980 * C_SetAttributeValue for a private key, the token MUST verify
1981 * correspondence between the private key data and the public key data
1982 * as supplied in CKA_PUBLIC_KEY_INFO. This needs to be
1983 * taken care of when this object type will be implemented
1984 */
1985 case PKCS11_CKA_PUBLIC_KEY_INFO:
1986 return true;
1987 /* Can't be modified once set to CK_FALSE - 12 in Table 10 */
1988 case PKCS11_CKA_EXTRACTABLE:
1989 return get_bool(obj->attributes, attr->id);
1990 /* Can't be modified once set to CK_TRUE - 11 in Table 10 */
1991 case PKCS11_CKA_SENSITIVE:
1992 case PKCS11_CKA_WRAP_WITH_TRUSTED:
1993 return !get_bool(obj->attributes, attr->id);
1994 case PKCS11_CKA_NEVER_EXTRACTABLE:
1995 case PKCS11_CKA_ALWAYS_SENSITIVE:
1996 return false;
1997 default:
1998 return false;
1999 }
2000 }
2001
attr_is_modifiable_certificate(struct pkcs11_attribute_head * attr,struct pkcs11_session * session,struct pkcs11_object * obj)2002 static bool attr_is_modifiable_certificate(struct pkcs11_attribute_head *attr,
2003 struct pkcs11_session *session,
2004 struct pkcs11_object *obj)
2005 {
2006 uint8_t boolval = 0;
2007 uint32_t boolsize = 0;
2008 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
2009
2010 /* Trusted certificates cannot be modified. */
2011 rc = get_attribute(obj->attributes, PKCS11_CKA_TRUSTED,
2012 &boolval, &boolsize);
2013 if (rc || boolval == PKCS11_TRUE)
2014 return false;
2015
2016 /* Common certificate attributes */
2017 switch (attr->id) {
2018 case PKCS11_CKA_TRUSTED:
2019 /*
2020 * The CKA_TRUSTED attribute cannot be set to CK_TRUE by an
2021 * application. It MUST be set by a token initialization
2022 * application or by the token’s SO.
2023 */
2024 return pkcs11_session_is_so(session);
2025 case PKCS11_CKA_CERTIFICATE_TYPE:
2026 case PKCS11_CKA_CERTIFICATE_CATEGORY:
2027 return false;
2028 default:
2029 break;
2030 }
2031
2032 /* Certificate type specific attributes */
2033 switch (get_certificate_type(obj->attributes)) {
2034 case PKCS11_CKC_X_509:
2035 /*
2036 * Only the CKA_ID, CKA_ISSUER, and CKA_SERIAL_NUMBER
2037 * attributes may be modified after the object is created.
2038 */
2039 switch (attr->id) {
2040 case PKCS11_CKA_ID:
2041 case PKCS11_CKA_ISSUER:
2042 case PKCS11_CKA_SERIAL_NUMBER:
2043 return true;
2044 default:
2045 break;
2046 }
2047 break;
2048 default:
2049 /* Unsupported certificate type */
2050 break;
2051 }
2052
2053 return false;
2054 }
2055
attribute_is_modifiable(struct pkcs11_session * session,struct pkcs11_attribute_head * req_attr,struct pkcs11_object * obj,enum pkcs11_class_id class,enum processing_func function)2056 static bool attribute_is_modifiable(struct pkcs11_session *session,
2057 struct pkcs11_attribute_head *req_attr,
2058 struct pkcs11_object *obj,
2059 enum pkcs11_class_id class,
2060 enum processing_func function)
2061 {
2062 /* Check modifiable attributes common to any object */
2063 switch (req_attr->id) {
2064 case PKCS11_CKA_LABEL:
2065 return true;
2066 case PKCS11_CKA_TOKEN:
2067 case PKCS11_CKA_MODIFIABLE:
2068 case PKCS11_CKA_DESTROYABLE:
2069 case PKCS11_CKA_PRIVATE:
2070 return function == PKCS11_FUNCTION_COPY;
2071 case PKCS11_CKA_COPYABLE:
2072 /*
2073 * Specification mentions that if the attribute value is false
2074 * it can't be set to true. Reading this we assume that it
2075 * should be possible to modify this attribute even though this
2076 * is not marked as modifiable in Table 10 if done in right
2077 * direction i.e from TRUE -> FALSE.
2078 */
2079 return get_bool(obj->attributes, req_attr->id);
2080 default:
2081 break;
2082 }
2083
2084 /* Attribute checking based on class type */
2085 switch (class) {
2086 case PKCS11_CKO_SECRET_KEY:
2087 case PKCS11_CKO_PUBLIC_KEY:
2088 case PKCS11_CKO_PRIVATE_KEY:
2089 if (attr_is_modifiable_any_key(req_attr))
2090 return true;
2091 if (class == PKCS11_CKO_SECRET_KEY &&
2092 attr_is_modifiable_secret_key(req_attr, session, obj))
2093 return true;
2094 if (class == PKCS11_CKO_PUBLIC_KEY &&
2095 attr_is_modifiable_public_key(req_attr, session, obj))
2096 return true;
2097 if (class == PKCS11_CKO_PRIVATE_KEY &&
2098 attr_is_modifiable_private_key(req_attr, session, obj))
2099 return true;
2100 break;
2101 case PKCS11_CKO_DATA:
2102 /* None of the data object attributes are modifiable */
2103 return false;
2104 case PKCS11_CKO_CERTIFICATE:
2105 return attr_is_modifiable_certificate(req_attr, session, obj);
2106 default:
2107 break;
2108 }
2109
2110 return false;
2111 }
2112
check_attrs_against_modification(struct pkcs11_session * session,struct obj_attrs * head,struct pkcs11_object * obj,enum processing_func function)2113 enum pkcs11_rc check_attrs_against_modification(struct pkcs11_session *session,
2114 struct obj_attrs *head,
2115 struct pkcs11_object *obj,
2116 enum processing_func function)
2117 {
2118 enum pkcs11_class_id class = PKCS11_CKO_UNDEFINED_ID;
2119 char *cur = NULL;
2120 char *end = NULL;
2121 size_t len = 0;
2122
2123 class = get_class(obj->attributes);
2124
2125 cur = (char *)head + sizeof(struct obj_attrs);
2126 end = cur + head->attrs_size;
2127
2128 for (; cur < end; cur += len) {
2129 /* Structure aligned copy of the pkcs11_ref in the object */
2130 struct pkcs11_attribute_head cli_ref = { };
2131
2132 TEE_MemMove(&cli_ref, cur, sizeof(cli_ref));
2133 len = sizeof(cli_ref) + cli_ref.size;
2134
2135 /*
2136 * Check 1 - Check if attribute belongs to the object
2137 * The obj->attributes has all the attributes in
2138 * it which are allowed for an object.
2139 */
2140 if (get_attribute_ptr(obj->attributes, cli_ref.id, NULL,
2141 NULL) == PKCS11_RV_NOT_FOUND)
2142 return PKCS11_CKR_ATTRIBUTE_TYPE_INVALID;
2143
2144 /* Check 2 - Is attribute modifiable */
2145 if (!attribute_is_modifiable(session, &cli_ref, obj, class,
2146 function))
2147 return PKCS11_CKR_ATTRIBUTE_READ_ONLY;
2148
2149 /*
2150 * Checks for modification in PKCS11_CKA_TOKEN and
2151 * PKCS11_CKA_PRIVATE are required for PKCS11_FUNCTION_COPY
2152 * only, so skip them for PKCS11_FUNCTION_MODIFY.
2153 */
2154 if (function == PKCS11_FUNCTION_MODIFY)
2155 continue;
2156
2157 /*
2158 * An attempt to copy an object to a token will fail for
2159 * RO session
2160 */
2161 if (cli_ref.id == PKCS11_CKA_TOKEN &&
2162 get_bool(head, PKCS11_CKA_TOKEN)) {
2163 if (!pkcs11_session_is_read_write(session)) {
2164 DMSG("Can't copy to token in a RO session");
2165 return PKCS11_CKR_SESSION_READ_ONLY;
2166 }
2167 }
2168
2169 if (cli_ref.id == PKCS11_CKA_PRIVATE) {
2170 bool parent_priv =
2171 get_bool(obj->attributes, cli_ref.id);
2172 bool obj_priv = get_bool(head, cli_ref.id);
2173
2174 /*
2175 * If PKCS11_CKA_PRIVATE is being set to TRUE from
2176 * FALSE, user has to be logged in
2177 */
2178 if (!parent_priv && obj_priv) {
2179 if ((pkcs11_session_is_public(session) ||
2180 pkcs11_session_is_so(session)))
2181 return PKCS11_CKR_USER_NOT_LOGGED_IN;
2182 }
2183
2184 /*
2185 * Restriction added - Even for Copy, do not allow
2186 * modification of CKA_PRIVATE from TRUE to FALSE
2187 */
2188 if (parent_priv && !obj_priv)
2189 return PKCS11_CKR_TEMPLATE_INCONSISTENT;
2190 }
2191 }
2192
2193 return PKCS11_CKR_OK;
2194 }
2195
set_secret_key_data(struct obj_attrs ** head,void * data,size_t key_size)2196 static enum pkcs11_rc set_secret_key_data(struct obj_attrs **head, void *data,
2197 size_t key_size)
2198 {
2199 uint32_t size = sizeof(uint32_t);
2200 uint32_t key_length = 0;
2201 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
2202
2203 /* Get key size if present in template */
2204 rc = get_attribute(*head, PKCS11_CKA_VALUE_LEN, &key_length, &size);
2205 if (rc && rc != PKCS11_RV_NOT_FOUND)
2206 return rc;
2207
2208 if (key_length) {
2209 if (key_size < key_length)
2210 return PKCS11_CKR_DATA_LEN_RANGE;
2211 } else {
2212 key_length = key_size;
2213 rc = set_attribute(head, PKCS11_CKA_VALUE_LEN, &key_length,
2214 sizeof(uint32_t));
2215 if (rc)
2216 return rc;
2217 }
2218
2219 /* Now we can check the VALUE_LEN field */
2220 rc = check_created_attrs(*head, NULL);
2221 if (rc)
2222 return rc;
2223
2224 /* Remove the default empty value attribute if found */
2225 rc = remove_empty_attribute(head, PKCS11_CKA_VALUE);
2226 if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND)
2227 return PKCS11_CKR_GENERAL_ERROR;
2228
2229 return add_attribute(head, PKCS11_CKA_VALUE, data, key_length);
2230 }
2231
set_private_key_data_rsa(struct obj_attrs ** head,void * data,size_t key_size)2232 static enum pkcs11_rc set_private_key_data_rsa(struct obj_attrs **head,
2233 void *data,
2234 size_t key_size)
2235 {
2236 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
2237 int mbedtls_rc = 0;
2238 uint32_t key_bits = 0;
2239 uint32_t size = 0;
2240 uint32_t buffer_size = 0;
2241 void *buffer = NULL;
2242 mbedtls_pk_context pk = { };
2243 mbedtls_rsa_context *rsa = NULL;
2244 mbedtls_mpi n = { };
2245 mbedtls_mpi e = { };
2246 mbedtls_mpi d = { };
2247 mbedtls_mpi p = { };
2248 mbedtls_mpi q = { };
2249
2250 rc = get_u32_attribute(*head, PKCS11_CKA_MODULUS_BITS, &key_bits);
2251 if (rc && rc != PKCS11_RV_NOT_FOUND)
2252 return rc;
2253
2254 if (remove_empty_attribute(head, PKCS11_CKA_MODULUS) ||
2255 remove_empty_attribute(head, PKCS11_CKA_PUBLIC_EXPONENT) ||
2256 remove_empty_attribute(head, PKCS11_CKA_PRIVATE_EXPONENT) ||
2257 remove_empty_attribute(head, PKCS11_CKA_PRIME_1) ||
2258 remove_empty_attribute(head, PKCS11_CKA_PRIME_2))
2259 return PKCS11_CKR_GENERAL_ERROR;
2260
2261 mbedtls_pk_init(&pk);
2262 mbedtls_mpi_init(&n);
2263 mbedtls_mpi_init(&e);
2264 mbedtls_mpi_init(&d);
2265 mbedtls_mpi_init(&p);
2266 mbedtls_mpi_init(&q);
2267
2268 mbedtls_rc = mbedtls_pk_parse_key(&pk, data, key_size, NULL, 0);
2269 if (mbedtls_rc) {
2270 rc = PKCS11_CKR_ARGUMENTS_BAD;
2271 goto out;
2272 }
2273
2274 rsa = mbedtls_pk_rsa(pk);
2275 mbedtls_rc = mbedtls_rsa_export(rsa, &n, &p, &q, &d, &e);
2276 if (mbedtls_rc) {
2277 rc = PKCS11_CKR_ARGUMENTS_BAD;
2278 goto out;
2279 }
2280
2281 if (key_bits && mbedtls_mpi_bitlen(&n) != key_bits) {
2282 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE;
2283 goto out;
2284 }
2285
2286 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&n), 8);
2287 buffer_size = size;
2288 buffer = TEE_Malloc(buffer_size, TEE_USER_MEM_HINT_NO_FILL_ZERO);
2289 if (!buffer) {
2290 rc = PKCS11_CKR_DEVICE_MEMORY;
2291 goto out;
2292 }
2293
2294 mbedtls_rc = mbedtls_mpi_write_binary(&n, buffer, size);
2295 if (mbedtls_rc) {
2296 rc = PKCS11_CKR_WRAPPED_KEY_INVALID;
2297 goto out;
2298 }
2299
2300 rc = add_attribute(head, PKCS11_CKA_MODULUS, buffer, size);
2301 if (rc)
2302 goto out;
2303
2304 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&e), 8);
2305 if (buffer_size < size) {
2306 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE;
2307 goto out;
2308 }
2309
2310 mbedtls_rc = mbedtls_mpi_write_binary(&e, buffer, size);
2311 if (mbedtls_rc) {
2312 rc = PKCS11_CKR_WRAPPED_KEY_INVALID;
2313 goto out;
2314 }
2315
2316 rc = add_attribute(head, PKCS11_CKA_PUBLIC_EXPONENT, buffer, size);
2317 if (rc)
2318 goto out;
2319
2320 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&d), 8);
2321 if (buffer_size < size) {
2322 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE;
2323 goto out;
2324 }
2325
2326 mbedtls_rc = mbedtls_mpi_write_binary(&d, buffer, size);
2327 if (mbedtls_rc) {
2328 rc = PKCS11_CKR_WRAPPED_KEY_INVALID;
2329 goto out;
2330 }
2331
2332 rc = add_attribute(head, PKCS11_CKA_PRIVATE_EXPONENT, buffer, size);
2333 if (rc)
2334 goto out;
2335
2336 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&p), 8);
2337 if (buffer_size < size) {
2338 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE;
2339 goto out;
2340 }
2341
2342 mbedtls_rc = mbedtls_mpi_write_binary(&p, buffer, size);
2343 if (mbedtls_rc) {
2344 rc = PKCS11_CKR_WRAPPED_KEY_INVALID;
2345 goto out;
2346 }
2347
2348 rc = add_attribute(head, PKCS11_CKA_PRIME_1, buffer, size);
2349 if (rc)
2350 goto out;
2351
2352 size = ROUNDUP_DIV(mbedtls_mpi_bitlen(&q), 8);
2353 if (buffer_size < size) {
2354 rc = PKCS11_CKR_WRAPPED_KEY_LEN_RANGE;
2355 goto out;
2356 }
2357
2358 mbedtls_rc = mbedtls_mpi_write_binary(&q, buffer, size);
2359 if (mbedtls_rc) {
2360 rc = PKCS11_CKR_WRAPPED_KEY_INVALID;
2361 goto out;
2362 }
2363
2364 rc = add_attribute(head, PKCS11_CKA_PRIME_2, buffer, size);
2365
2366 out:
2367 mbedtls_pk_free(&pk);
2368 mbedtls_mpi_free(&n);
2369 mbedtls_mpi_free(&e);
2370 mbedtls_mpi_free(&d);
2371 mbedtls_mpi_free(&p);
2372 mbedtls_mpi_free(&q);
2373 TEE_Free(buffer);
2374 return rc;
2375 }
2376
set_key_data(struct obj_attrs ** head,void * data,size_t key_size)2377 enum pkcs11_rc set_key_data(struct obj_attrs **head, void *data,
2378 size_t key_size)
2379 {
2380 switch (get_class(*head)) {
2381 case PKCS11_CKO_SECRET_KEY:
2382 return set_secret_key_data(head, data, key_size);
2383 case PKCS11_CKO_PRIVATE_KEY:
2384 if (get_key_type(*head) == PKCS11_CKK_RSA)
2385 return set_private_key_data_rsa(head, data, key_size);
2386 break;
2387 default:
2388 return PKCS11_CKR_GENERAL_ERROR;
2389 }
2390
2391 return PKCS11_CKR_GENERAL_ERROR;
2392 }
2393
alloc_copy_attribute_value(struct obj_attrs * head,void ** data,uint32_t * sz)2394 static enum pkcs11_rc alloc_copy_attribute_value(struct obj_attrs *head,
2395 void **data, uint32_t *sz)
2396 {
2397 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
2398 void *buffer = NULL;
2399 void *value = NULL;
2400
2401 rc = get_attribute_ptr(head, PKCS11_CKA_VALUE, &value, sz);
2402 if (rc)
2403 return PKCS11_CKR_ARGUMENTS_BAD;
2404
2405 buffer = TEE_Malloc(*sz, TEE_USER_MEM_HINT_NO_FILL_ZERO);
2406 if (!buffer)
2407 return PKCS11_CKR_DEVICE_MEMORY;
2408
2409 TEE_MemMove(buffer, value, *sz);
2410 *data = buffer;
2411
2412 return PKCS11_CKR_OK;
2413 }
2414
2415 static enum pkcs11_rc
encode_rsa_private_key_der(struct obj_attrs * head,void ** data,uint32_t * sz)2416 encode_rsa_private_key_der(struct obj_attrs *head, void **data, uint32_t *sz)
2417 {
2418 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
2419 int i = 0;
2420 int mbedtls_rc = 0;
2421 int start = 0;
2422 int der_size = 0;
2423 void *n = NULL;
2424 void *p = NULL;
2425 void *q = NULL;
2426 void *d = NULL;
2427 void *e = NULL;
2428 uint32_t n_len = 0;
2429 uint32_t p_len = 0;
2430 uint32_t q_len = 0;
2431 uint32_t d_len = 0;
2432 uint32_t e_len = 0;
2433 uint8_t *buffer = NULL;
2434 mbedtls_pk_context pk = { };
2435 mbedtls_rsa_context *rsa = NULL;
2436 const mbedtls_pk_info_t *pk_info = NULL;
2437
2438 mbedtls_pk_init(&pk);
2439 pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
2440 if (mbedtls_pk_setup(&pk, pk_info)) {
2441 rc = PKCS11_CKR_GENERAL_ERROR;
2442 goto out;
2443 }
2444
2445 rc = get_attribute_ptr(head, PKCS11_CKA_MODULUS, &n, &n_len);
2446 if (rc)
2447 goto out;
2448
2449 rc = get_attribute_ptr(head, PKCS11_CKA_PRIME_1, &p, &p_len);
2450 if (rc)
2451 goto out;
2452
2453 rc = get_attribute_ptr(head, PKCS11_CKA_PRIME_2, &q, &q_len);
2454 if (rc)
2455 goto out;
2456
2457 rc = get_attribute_ptr(head, PKCS11_CKA_PRIVATE_EXPONENT, &d, &d_len);
2458 if (rc)
2459 goto out;
2460
2461 rc = get_attribute_ptr(head, PKCS11_CKA_PUBLIC_EXPONENT, &e, &e_len);
2462 if (rc)
2463 goto out;
2464
2465 rsa = mbedtls_pk_rsa(pk);
2466 mbedtls_rc = mbedtls_rsa_import_raw(rsa, n, n_len, p, p_len,
2467 q, q_len, d, d_len, e, e_len);
2468 if (mbedtls_rc) {
2469 rc = PKCS11_CKR_ARGUMENTS_BAD;
2470 goto out;
2471 }
2472
2473 if (mbedtls_rsa_complete(rsa)) {
2474 rc = PKCS11_CKR_ARGUMENTS_BAD;
2475 goto out;
2476 }
2477
2478 if (mbedtls_rsa_check_privkey(rsa)) {
2479 rc = PKCS11_CKR_ARGUMENTS_BAD;
2480 goto out;
2481 }
2482
2483 der_size = n_len * 8;
2484 buffer = TEE_Malloc(der_size, TEE_USER_MEM_HINT_NO_FILL_ZERO);
2485 if (!buffer) {
2486 rc = PKCS11_CKR_DEVICE_MEMORY;
2487 goto out;
2488 }
2489
2490 mbedtls_rc = mbedtls_pk_write_key_der(&pk, buffer, der_size);
2491 if (mbedtls_rc < 0) {
2492 rc = PKCS11_CKR_ARGUMENTS_BAD;
2493 goto out;
2494 }
2495
2496 start = der_size - mbedtls_rc;
2497 for (i = 0; i < mbedtls_rc; i++) {
2498 buffer[i] = buffer[i + start];
2499 buffer[i + start] = 0;
2500 }
2501
2502 *data = buffer;
2503 *sz = mbedtls_rc;
2504 out:
2505 mbedtls_pk_free(&pk);
2506
2507 if (rc)
2508 TEE_Free(buffer);
2509
2510 return rc;
2511 }
2512
alloc_key_data_to_wrap(struct obj_attrs * head,void ** data,uint32_t * sz)2513 enum pkcs11_rc alloc_key_data_to_wrap(struct obj_attrs *head, void **data,
2514 uint32_t *sz)
2515 {
2516 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
2517
2518 switch (get_class(head)) {
2519 case PKCS11_CKO_SECRET_KEY:
2520 rc = alloc_copy_attribute_value(head, data, sz);
2521 break;
2522 case PKCS11_CKO_PRIVATE_KEY:
2523 if (get_key_type(head) == PKCS11_CKK_RSA)
2524 rc = encode_rsa_private_key_der(head, data, sz);
2525 break;
2526 default:
2527 break;
2528 }
2529
2530 return rc;
2531 }
2532
add_missing_attribute_id(struct obj_attrs ** pub_head,struct obj_attrs ** priv_head)2533 enum pkcs11_rc add_missing_attribute_id(struct obj_attrs **pub_head,
2534 struct obj_attrs **priv_head)
2535 {
2536 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
2537 void *id1 = NULL;
2538 uint32_t id1_size = 0;
2539 void *id2 = NULL;
2540 uint32_t id2_size = 0;
2541
2542 assert(pub_head);
2543 assert(priv_head);
2544
2545 rc = get_attribute_ptr(*pub_head, PKCS11_CKA_ID, &id1, &id1_size);
2546 if (rc) {
2547 if (rc != PKCS11_RV_NOT_FOUND)
2548 return rc;
2549 id1 = NULL;
2550 } else if (!id1_size) {
2551 id1 = NULL;
2552 }
2553
2554 rc = get_attribute_ptr(*priv_head, PKCS11_CKA_ID, &id2, &id2_size);
2555 if (rc) {
2556 if (rc != PKCS11_RV_NOT_FOUND)
2557 return rc;
2558 id2 = NULL;
2559 } else if (!id2_size) {
2560 id2 = NULL;
2561 }
2562
2563 /* Both have value -- let them be what caller has specified them */
2564 if (id1 && id2)
2565 return PKCS11_CKR_OK;
2566
2567 /* Both are empty -- leave empty values */
2568 if (!id1 && !id2)
2569 return PKCS11_CKR_OK;
2570
2571 /* Cross copy CKA_ID value */
2572 if (id1)
2573 return set_attribute(priv_head, PKCS11_CKA_ID, id1, id1_size);
2574 else
2575 return set_attribute(pub_head, PKCS11_CKA_ID, id2, id2_size);
2576 }
2577