For C_UnwrapKey(), if unwrapping key handle is NULL,
return CKR_UNWRAPPING_KEY_HANDLE_INVALID instead of
CKR_ARGUMENT_BAD.
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

C_GetAttributeValue() for attribute CKA_KEY_GEN_MECHANISM can also
return CK_UNAVAILABLE_INFORMATION. When in 64 bits we need to extend
CK_UNAVAILABLE_INFORMATION uint32_t value to CK_ULONG (64 bits).
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Some libraries registers notify callbacks to Cryptoki just to be on safe side
without having intention of aborting the operation.

Possibly uses for notify callback are defined in:

PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.16 Callback functions

"A typical use of a surrender callback might be to give an application user
feedback during a lengthy key pair generation operation.  Each time the
application receives a callback, it could display an additional “.” to the user."

OP-TEE do not currently have this kind of mechanism to abort key generation
thus no need for such callback.

If callee has registered for such callback and is prepared to display progress
indication or abort the progress it will just never happen. User application
receives control back upon completion of such operaton.

It also states that:

"A Cryptoki library is not required to make any surrender callbacks."

So with the change we take liberty of not making the callbacks at all.
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Add support for performing PKCS #1 RSA OAEP encryption & decryption
operations for:

- MGF1 SHA-1
- MGF1 SHA-224
- MGF1 SHA-256
- MGF1 SHA-384
- MGF1 SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.8 PKCS #1 RSA OAEP
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Add support for performing RSA PSS signing & verification operations for:

- PKCS #1 RSA PSS with supplied hash value
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.10 PKCS #1 RSA PSS
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Add support for performing RSA signing & verification operations for:

- PKCS #1 v1.5 RSA with supplied hash value
- Multi stage MD5
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.6 PKCS #1 v1.5 RSA
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Add support to generate PKCS #1 RSA keys when issuing C_GenerateKeyPair().

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.4 PKCS #1 RSA key pair generation
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>

As specified in:
PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.2 Conventions for functions returning output in a variable-length buffer

When querying size of returned variable-length buffer actual value of
*pulBufLen for input can be anything as long as pBuf is NULL and pulBufLen
is not NULL.
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>

As specified in:
PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.2 Conventions for functions returning output in a variable-length buffer

When querying size of returned variable-length buffer actual value of
*pulBufLen for input can be anything as long as pBuf is NULL and pulBufLen
is not NULL.
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Even thou CK_ULONG is known size some application might still ask the size
in generic way for all attributes.

CK_ULONG has additional twist -- in 64 bit targets user space is 64 bit
but TA interface handles that as 32 bit. This change handles both
transparently.
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

As specified in:
PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.2 Conventions for functions returning output in a variable-length buffer

When querying size of returned variable-length buffer actual value of
*pulBufLen for input can be anything as long as pBuf is NULL and pulBufLen
is not NULL.
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Add code for handling C_WrapKey(), C_UnWrapKey() for mechanisms :
CKM_AES_ECB
CKM_AES_CBC
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Allocate command ID's for C_WrapKey() and C_UnwrapKey().
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Some error codes related with wrap, unwrap and random number
API's were missing from the list. These have been added.
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

CKA_DERIVE_TEMPLATE attribute was missing from the list
when serializing/deserializing indirect attributes.
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

The shared memory size got from tee_shm object already strips offset
from total buffer size.
The offset substraction breaks memref parameters through RPC when
applying offset to them.
Signed-off-by: NTimothée Cercueil <timothee.cercueil@st.com>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NJens Wiklander <jens.wiklander@linaro.org>

Fix spelling mistake in pkcs11_api.c.
Building in debug mode fails with the following error:

src/pkcs11_api.c: In function ‘C_Sign’:
src/pkcs11_api.c:969:36: error: ‘CKR_USER_NOT_LOGG_IN’ undeclared (first use in this function); did you mean ‘CKR_USER_NOT_LOGGED_IN’?
        CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGG_IN,
                                    ^~~~~~~~~~~~~~~~~~~~

Fixes: 3f44b870 ("libckteec: add support for Signing and Verification Functions")
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NPengguang Zhu <zpghao@163.com>

Enable build of plugin framework under AOSP.
Signed-off-by: NVictor Chong <victor.chong@linaro.org>
Acked-by: NJens Wiklander <jens.wiklander@linaro.org>
Acked-by: NJerome Forissier <jerome@forissier.org>

Set log level for AOSP build to 2 (info).
Signed-off-by: NVictor Chong <victor.chong@linaro.org>
Acked-by: NJens Wiklander <jens.wiklander@linaro.org>
Acked-by: NJerome Forissier <jerome@forissier.org>

Reorder some lines to match tee-supplicant/Makefile.
Signed-off-by: NVictor Chong <victor.chong@linaro.org>
Acked-by: NJens Wiklander <jens.wiklander@linaro.org>
Acked-by: NJerome Forissier <jerome@forissier.org>

optee_client_config.mk should be installed to a more traditional and
common folder such as INCLUDEDIR instead of being installed directly to
DESTDIR (which can end up as / depending on the packaging system used).

This was noticed when packaging optee-client for OE, as DESTDIR gets set
to the deploy folder, which is later used as root for packaging
optee-client.
Signed-off-by: NRicardo Salveti <ricardo@foundries.io>
Acked-by: NJerome Forissier <jerome@forissier.org>

The readdir(3) man page mentions:

  Currently, only some filesystems (among them: Btrfs, ext2, ext3, and
  ext4) have full support for returning the file type in d_type. All
  applications must properly handle a return of DT_UNKNOWN.

Which is exactly the case on my nitrogen6x test system based on YOCTO
gatesgarth even using ext4:

  getdents64(4</usr/lib/tee-supplicant/plugins>,
  [{d_ino=3269, d_off=375390918, d_reclen=64, d_type=DT_UNKNOWN, d_name="f07bfc66-958c-4a15-99c0-260e4e7375dd.plugin"}, …], 32768) = 112

Even the regular test plugin for the tee-supplicant is identified as
DT_UNKNOWN, preventing the supplicant from loading the plugin.
Instead try to open all files within the plugin directory, excluding "."
& "..".
Signed-off-by: NRouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: NJerome Forissier <jerome@forissier.org>
Reviewed-by: NJens Wiklander <jens.wiklander@linaro.org>

Add support for signing with mechanisms:
- CKM_ECDSA
- CKM_ECDSA_SHA1
- CKM_ECDSA_SHA224
- CKM_ECDSA_SHA256
- CKM_ECDSA_SHA384
- CKM_ECDSA_SHA512
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NRicardo Salveti <ricardo@foundries.io>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Add support code for issuing C_GenerateKeyPair() command to TA.
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NRicardo Salveti <ricardo@foundries.io>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Allocate command ID for C_GenerateKeyPair() functionality.
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NRicardo Salveti <ricardo@foundries.io>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Change all impacted processing functions to release the active processing
when they find an error before invoking the TA. This is needed since
PKCS#11 specification expect the active operation is aborted (released)
when the Cryptoki API functions do not return CKR_BUFFER_TOO_SMALL or
CKR_OK.
Signed-off-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Return CKR_CANT_LOCK if mutex fails at lib initialization. This
conforms with the PKCS#11 specification v2.40-errata01. Preserve
the exit cases on mutex issues when unlocking and in C_Finalize().
Signed-off-by: NEtienne Carriere <etienne.carriere@linaro.org>
Acked-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Allocate page aligned shared memory buffer guarantee that each shared
memory buffer doesn't accidentally share a page of memory or they may
become aliased when mapped in secure world. This is normally not a big
problem but may make it a bit harder to track down buffer overruns in
shared memory buffers.

In a post Arm v8.4 architecture with FF-A [1] there's trouble since it's
not permitted to share the same physical page twice.

[1] https://developer.arm.com/documentation/den0077/latestReviewed-by: NJerome Forissier <jerome@forissier.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NJens Wiklander <jens.wiklander@linaro.org>

On some eMMC devices, the mix of RPMB and normal MMC commands can result
in GENERAL FAILURE, which then forces OP-TEE to mark the RPMB device
as dead (part of the rollback vulnerability fix).

In order to work around this problem, the linux kernel also supports
sending all the required MMC_IOC commands in one single multiple ioctl
command request, which forces the RPMB commands to be serialized,
avoiding the issue.

As MMC_IOC_MULTI_CMD is available since linux 4.3, we should be safe to
use it by default on read / write block operations.

For reference, this issue is also nicely described at the
https://www.mail-archive.com/linux-mmc@vger.kernel.org/msg17589.html.
Reviewed-by: NJerome Forissier <jerome@forissier.org>
Tested-by: NIgor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: NRicardo Salveti <ricardo@foundries.io>

An attribute template (type, pValue, ulValueLen) provided with
C_GetAttributeValue() may have pValue field as NULL pointer with
a zero/non-zero ulValueLen field. In these cases TEE should modify
the ulValueLen to hold the exact length of the specified attribute
for the object.

In the current code, for non-zero ulValueLen with pValue as NULL
pointer, an attempt was being made to read the ulValueLen length
data from NULL pointer resulting in segmentation fault. To fix this,
in such scenarios, pass ulValueLen as 0 to TEE.
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Include missing unistd.h to support type gid_t. This change fixes [1].

Link: [1] http://autobuild.buildroot.net/results/34b9946e6d59112a7eead304933534ad4739a84c/build-end.logSigned-off-by: NEtienne Carriere <etienne.carriere@linaro.org>
Acked-by: NJerome Forissier <jerome@forissier.org>

Implements support for digest operations as specified in:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.10 Message digesting functions
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

When error condition is detected in Cryptoki API side in bad argument
processing add support for terminating active processing to comply
with the specification.
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Error code CKR_DATA_LEN_RANGE is mentioned in [1] for the mechanisms
CKM_AES_ECB_ENCRYPT_DATA, CKM_AES_ECB_DECRYPT_DATA even though not
explicitly specified in [2]. So, add it in the allowed error codes
for C_DeriveKey().

[1] - Section 2.15.3 in "PKCS #11 Cryptographic Token Interface Current
Mechanisms Specification Version 2.40 Plus Errata 01"
[2] - "PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01"
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Add code for handling C_DeriveKey() for mechanisms :
    CKM_AES_ECB_ENCRYPT_DATA
    CKM_AES_CBC_ENCRYPT_DATA
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Allocate command ID for C_DeriveKey().
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Add helper function for mechanisms
CKM_AES_ECB_ENCRYPT_DATA
CKM_AES_CBC_ENCRYPT_DATA
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Add CK_KEY_DERIVATION_STRING_DATA. This provides parameters
for miscellaneous simple key derivation mechanisms.
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>

Add support code for issuing C_SeedRandom() and C_GenerateRandom()
commands to TA.
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

Allocate command IDs for C_SeedRandom() and C_GenerateRandom()
functionality.
Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>