1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (c) 2017-2020, Linaro Limited
4 */
5
6 #include <assert.h>
7 #include <pkcs11_ta.h>
8 #include <string.h>
9 #include <tee_api_defines.h>
10 #include <tee_internal_api.h>
11 #include <tee_internal_api_extensions.h>
12 #include <utee_defines.h>
13 #include <util.h>
14
15 #include "attributes.h"
16 #include "object.h"
17 #include "pkcs11_attributes.h"
18 #include "pkcs11_helpers.h"
19 #include "pkcs11_token.h"
20 #include "processing.h"
21 #include "serializer.h"
22
23 struct input_data_ref {
24 size_t size;
25 void *data;
26 };
27
processing_is_tee_symm(enum pkcs11_mechanism_id proc_id)28 bool processing_is_tee_symm(enum pkcs11_mechanism_id proc_id)
29 {
30 switch (proc_id) {
31 /* Authentication */
32 case PKCS11_CKM_AES_CMAC:
33 case PKCS11_CKM_MD5_HMAC:
34 case PKCS11_CKM_SHA_1_HMAC:
35 case PKCS11_CKM_SHA224_HMAC:
36 case PKCS11_CKM_SHA256_HMAC:
37 case PKCS11_CKM_SHA384_HMAC:
38 case PKCS11_CKM_SHA512_HMAC:
39 case PKCS11_CKM_AES_CMAC_GENERAL:
40 case PKCS11_CKM_MD5_HMAC_GENERAL:
41 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
42 case PKCS11_CKM_SHA224_HMAC_GENERAL:
43 case PKCS11_CKM_SHA256_HMAC_GENERAL:
44 case PKCS11_CKM_SHA384_HMAC_GENERAL:
45 case PKCS11_CKM_SHA512_HMAC_GENERAL:
46 /* Ciphering */
47 case PKCS11_CKM_AES_ECB:
48 case PKCS11_CKM_AES_CBC:
49 case PKCS11_CKM_AES_CBC_PAD:
50 case PKCS11_CKM_AES_CTS:
51 case PKCS11_CKM_AES_CTR:
52 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA:
53 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA:
54 return true;
55 default:
56 return false;
57 }
58 }
59
60 static enum pkcs11_rc
pkcs2tee_algorithm(uint32_t * tee_id,struct pkcs11_attribute_head * proc_params)61 pkcs2tee_algorithm(uint32_t *tee_id, struct pkcs11_attribute_head *proc_params)
62 {
63 static const struct {
64 enum pkcs11_mechanism_id mech_id;
65 uint32_t tee_id;
66 } pkcs2tee_algo[] = {
67 /* AES flavors */
68 { PKCS11_CKM_AES_ECB, TEE_ALG_AES_ECB_NOPAD },
69 { PKCS11_CKM_AES_CBC, TEE_ALG_AES_CBC_NOPAD },
70 { PKCS11_CKM_AES_CBC_PAD, TEE_ALG_AES_CBC_NOPAD },
71 { PKCS11_CKM_AES_ECB_ENCRYPT_DATA, TEE_ALG_AES_ECB_NOPAD },
72 { PKCS11_CKM_AES_CBC_ENCRYPT_DATA, TEE_ALG_AES_CBC_NOPAD },
73 { PKCS11_CKM_AES_CTR, TEE_ALG_AES_CTR },
74 { PKCS11_CKM_AES_CTS, TEE_ALG_AES_CTS },
75 { PKCS11_CKM_AES_CMAC, TEE_ALG_AES_CMAC },
76 { PKCS11_CKM_AES_CMAC_GENERAL, TEE_ALG_AES_CMAC },
77 /* HMAC flavors */
78 { PKCS11_CKM_MD5_HMAC, TEE_ALG_HMAC_MD5 },
79 { PKCS11_CKM_SHA_1_HMAC, TEE_ALG_HMAC_SHA1 },
80 { PKCS11_CKM_SHA224_HMAC, TEE_ALG_HMAC_SHA224 },
81 { PKCS11_CKM_SHA256_HMAC, TEE_ALG_HMAC_SHA256 },
82 { PKCS11_CKM_SHA384_HMAC, TEE_ALG_HMAC_SHA384 },
83 { PKCS11_CKM_SHA512_HMAC, TEE_ALG_HMAC_SHA512 },
84 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_ALG_HMAC_MD5 },
85 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_ALG_HMAC_SHA1 },
86 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_ALG_HMAC_SHA224 },
87 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_ALG_HMAC_SHA256 },
88 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_ALG_HMAC_SHA384 },
89 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_ALG_HMAC_SHA512 },
90 };
91 size_t n = 0;
92
93 for (n = 0; n < ARRAY_SIZE(pkcs2tee_algo); n++) {
94 if (proc_params->id == pkcs2tee_algo[n].mech_id) {
95 *tee_id = pkcs2tee_algo[n].tee_id;
96 return PKCS11_CKR_OK;
97 }
98 }
99
100 return PKCS11_RV_NOT_IMPLEMENTED;
101 }
102
pkcs2tee_key_type(uint32_t * tee_type,struct pkcs11_object * obj)103 static enum pkcs11_rc pkcs2tee_key_type(uint32_t *tee_type,
104 struct pkcs11_object *obj)
105 {
106 static const struct {
107 enum pkcs11_key_type key_type;
108 uint32_t tee_id;
109 } pkcs2tee_key_type[] = {
110 { PKCS11_CKK_AES, TEE_TYPE_AES },
111 { PKCS11_CKK_GENERIC_SECRET, TEE_TYPE_GENERIC_SECRET },
112 { PKCS11_CKK_MD5_HMAC, TEE_TYPE_HMAC_MD5 },
113 { PKCS11_CKK_SHA_1_HMAC, TEE_TYPE_HMAC_SHA1 },
114 { PKCS11_CKK_SHA224_HMAC, TEE_TYPE_HMAC_SHA224 },
115 { PKCS11_CKK_SHA256_HMAC, TEE_TYPE_HMAC_SHA256 },
116 { PKCS11_CKK_SHA384_HMAC, TEE_TYPE_HMAC_SHA384 },
117 { PKCS11_CKK_SHA512_HMAC, TEE_TYPE_HMAC_SHA512 },
118 };
119 size_t n = 0;
120 enum pkcs11_key_type key_type = get_key_type(obj->attributes);
121
122 assert(get_class(obj->attributes) == PKCS11_CKO_SECRET_KEY);
123
124 for (n = 0; n < ARRAY_SIZE(pkcs2tee_key_type); n++) {
125 if (pkcs2tee_key_type[n].key_type == key_type) {
126 *tee_type = pkcs2tee_key_type[n].tee_id;
127 return PKCS11_CKR_OK;
128 }
129 }
130
131 return PKCS11_RV_NOT_FOUND;
132 }
133
pkcsmech2tee_key_type(uint32_t * tee_type,enum pkcs11_mechanism_id mech_id)134 static enum pkcs11_rc pkcsmech2tee_key_type(uint32_t *tee_type,
135 enum pkcs11_mechanism_id mech_id)
136 {
137 static const struct {
138 enum pkcs11_mechanism_id mech;
139 uint32_t tee_id;
140 } pkcs2tee_key_type[] = {
141 { PKCS11_CKM_MD5_HMAC, TEE_TYPE_HMAC_MD5 },
142 { PKCS11_CKM_SHA_1_HMAC, TEE_TYPE_HMAC_SHA1 },
143 { PKCS11_CKM_SHA224_HMAC, TEE_TYPE_HMAC_SHA224 },
144 { PKCS11_CKM_SHA256_HMAC, TEE_TYPE_HMAC_SHA256 },
145 { PKCS11_CKM_SHA384_HMAC, TEE_TYPE_HMAC_SHA384 },
146 { PKCS11_CKM_SHA512_HMAC, TEE_TYPE_HMAC_SHA512 },
147 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_TYPE_HMAC_MD5 },
148 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_TYPE_HMAC_SHA1 },
149 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_TYPE_HMAC_SHA224 },
150 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_TYPE_HMAC_SHA256 },
151 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_TYPE_HMAC_SHA384 },
152 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_TYPE_HMAC_SHA512 },
153 };
154 size_t n = 0;
155
156 for (n = 0; n < ARRAY_SIZE(pkcs2tee_key_type); n++) {
157 if (pkcs2tee_key_type[n].mech == mech_id) {
158 *tee_type = pkcs2tee_key_type[n].tee_id;
159 return PKCS11_CKR_OK;
160 }
161 }
162
163 return PKCS11_RV_NOT_FOUND;
164 }
165
hmac_to_tee_hash(uint32_t * algo,enum pkcs11_mechanism_id mech_id)166 static enum pkcs11_rc hmac_to_tee_hash(uint32_t *algo,
167 enum pkcs11_mechanism_id mech_id)
168 {
169 static const struct {
170 enum pkcs11_mechanism_id mech;
171 uint32_t tee_id;
172 } hmac_hash[] = {
173 { PKCS11_CKM_MD5_HMAC, TEE_ALG_MD5 },
174 { PKCS11_CKM_SHA_1_HMAC, TEE_ALG_SHA1 },
175 { PKCS11_CKM_SHA224_HMAC, TEE_ALG_SHA224 },
176 { PKCS11_CKM_SHA256_HMAC, TEE_ALG_SHA256 },
177 { PKCS11_CKM_SHA384_HMAC, TEE_ALG_SHA384 },
178 { PKCS11_CKM_SHA512_HMAC, TEE_ALG_SHA512 },
179 { PKCS11_CKM_MD5_HMAC_GENERAL, TEE_ALG_MD5 },
180 { PKCS11_CKM_SHA_1_HMAC_GENERAL, TEE_ALG_SHA1 },
181 { PKCS11_CKM_SHA224_HMAC_GENERAL, TEE_ALG_SHA224 },
182 { PKCS11_CKM_SHA256_HMAC_GENERAL, TEE_ALG_SHA256 },
183 { PKCS11_CKM_SHA384_HMAC_GENERAL, TEE_ALG_SHA384 },
184 { PKCS11_CKM_SHA512_HMAC_GENERAL, TEE_ALG_SHA512 },
185 };
186 size_t n = 0;
187
188 for (n = 0; n < ARRAY_SIZE(hmac_hash); n++) {
189 if (hmac_hash[n].mech == mech_id) {
190 *algo = hmac_hash[n].tee_id;
191 return PKCS11_CKR_OK;
192 }
193 }
194
195 return PKCS11_RV_NOT_FOUND;
196 }
197
198 static enum pkcs11_rc
allocate_tee_operation(struct pkcs11_session * session,enum processing_func function,struct pkcs11_attribute_head * params,struct pkcs11_object * obj)199 allocate_tee_operation(struct pkcs11_session *session,
200 enum processing_func function,
201 struct pkcs11_attribute_head *params,
202 struct pkcs11_object *obj)
203 {
204 uint32_t size = (uint32_t)get_object_key_bit_size(obj);
205 uint32_t key_size = size / 8;
206 uint32_t algo = 0;
207 uint32_t mode = 0;
208 uint32_t max_key_size = 0;
209 uint32_t min_key_size = 0;
210 TEE_Result res = TEE_ERROR_GENERIC;
211
212 assert(session->processing->tee_op_handle == TEE_HANDLE_NULL);
213
214 if (pkcs2tee_algorithm(&algo, params))
215 return PKCS11_CKR_FUNCTION_FAILED;
216
217 /* Sign/Verify with AES or generic key relate to TEE MAC operation */
218 switch (params->id) {
219 case PKCS11_CKM_MD5_HMAC:
220 case PKCS11_CKM_SHA_1_HMAC:
221 case PKCS11_CKM_SHA224_HMAC:
222 case PKCS11_CKM_SHA256_HMAC:
223 case PKCS11_CKM_SHA384_HMAC:
224 case PKCS11_CKM_SHA512_HMAC:
225 case PKCS11_CKM_MD5_HMAC_GENERAL:
226 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
227 case PKCS11_CKM_SHA224_HMAC_GENERAL:
228 case PKCS11_CKM_SHA256_HMAC_GENERAL:
229 case PKCS11_CKM_SHA384_HMAC_GENERAL:
230 case PKCS11_CKM_SHA512_HMAC_GENERAL:
231 mechanism_supported_key_sizes_bytes(params->id, &min_key_size,
232 &max_key_size);
233 if (key_size < min_key_size)
234 return PKCS11_CKR_KEY_SIZE_RANGE;
235
236 /*
237 * If size of generic key is greater than the size
238 * supported by TEE API, this is not considered an
239 * error. When loading TEE key, we will hash the key
240 * to generate the appropriate key for HMAC operation.
241 * This key size will not be greater than the
242 * max_key_size. So we can use max_key_size for
243 * TEE_AllocateOperation().
244 */
245 if (key_size > max_key_size)
246 size = max_key_size * 8;
247
248 mode = TEE_MODE_MAC;
249 break;
250 case PKCS11_CKM_AES_CMAC:
251 case PKCS11_CKM_AES_CMAC_GENERAL:
252 mode = TEE_MODE_MAC;
253 break;
254 default:
255 pkcs2tee_mode(&mode, function);
256 break;
257 }
258
259 res = TEE_AllocateOperation(&session->processing->tee_op_handle,
260 algo, mode, size);
261 if (res)
262 EMSG("TEE_AllocateOp. failed %#"PRIx32" %#"PRIx32" %#"PRIx32,
263 algo, mode, size);
264
265 if (res == TEE_ERROR_NOT_SUPPORTED)
266 return PKCS11_CKR_MECHANISM_INVALID;
267
268 return tee2pkcs_error(res);
269 }
270
hash_secret_helper(enum pkcs11_mechanism_id mech_id,struct pkcs11_object * obj,TEE_Attribute * tee_attr,void ** ctx,size_t * object_size_bits)271 static enum pkcs11_rc hash_secret_helper(enum pkcs11_mechanism_id mech_id,
272 struct pkcs11_object *obj,
273 TEE_Attribute *tee_attr,
274 void **ctx,
275 size_t *object_size_bits)
276 {
277 uint32_t algo = 0;
278 void *hash_ptr = NULL;
279 uint32_t hash_size = 0;
280 enum pkcs11_rc rc = PKCS11_CKR_OK;
281
282 rc = hmac_to_tee_hash(&algo, mech_id);
283 if (rc)
284 return rc;
285
286 hash_size = TEE_ALG_GET_DIGEST_SIZE(algo);
287 hash_ptr = TEE_Malloc(hash_size, 0);
288 if (!hash_ptr)
289 return PKCS11_CKR_DEVICE_MEMORY;
290
291 rc = pkcs2tee_load_hashed_attr(tee_attr, TEE_ATTR_SECRET_VALUE, obj,
292 PKCS11_CKA_VALUE, algo, hash_ptr,
293 &hash_size);
294 if (rc) {
295 EMSG("No secret/hash error");
296 TEE_Free(hash_ptr);
297 return rc;
298 }
299
300 *ctx = hash_ptr;
301
302 *object_size_bits = hash_size * 8;
303
304 return PKCS11_CKR_OK;
305 }
306
load_tee_key(struct pkcs11_session * session,struct pkcs11_object * obj,struct pkcs11_attribute_head * proc_params)307 static enum pkcs11_rc load_tee_key(struct pkcs11_session *session,
308 struct pkcs11_object *obj,
309 struct pkcs11_attribute_head *proc_params)
310 {
311 TEE_Attribute tee_attr = { };
312 size_t object_size = 0;
313 uint32_t tee_key_type = 0;
314 enum pkcs11_key_type key_type = 0;
315 enum pkcs11_rc rc = PKCS11_CKR_OK;
316 TEE_Result res = TEE_ERROR_GENERIC;
317 uint32_t max_key_size = 0;
318 uint32_t min_key_size = 0;
319
320 if (obj->key_handle != TEE_HANDLE_NULL) {
321 /* Key was already loaded and fits current need */
322 goto key_ready;
323 }
324
325 object_size = get_object_key_bit_size(obj);
326 if (!object_size)
327 return PKCS11_CKR_GENERAL_ERROR;
328
329 switch (proc_params->id) {
330 case PKCS11_CKM_MD5_HMAC:
331 case PKCS11_CKM_SHA_1_HMAC:
332 case PKCS11_CKM_SHA224_HMAC:
333 case PKCS11_CKM_SHA256_HMAC:
334 case PKCS11_CKM_SHA384_HMAC:
335 case PKCS11_CKM_SHA512_HMAC:
336 case PKCS11_CKM_MD5_HMAC_GENERAL:
337 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
338 case PKCS11_CKM_SHA224_HMAC_GENERAL:
339 case PKCS11_CKM_SHA256_HMAC_GENERAL:
340 case PKCS11_CKM_SHA384_HMAC_GENERAL:
341 case PKCS11_CKM_SHA512_HMAC_GENERAL:
342 key_type = get_key_type(obj->attributes);
343 /*
344 * If Object Key type is PKCS11_CKK_GENERIC_SECRET,
345 * determine the tee_key_type using the
346 * mechanism instead of object key_type.
347 */
348 if (key_type == PKCS11_CKK_GENERIC_SECRET)
349 rc = pkcsmech2tee_key_type(&tee_key_type,
350 proc_params->id);
351 else
352 rc = pkcs2tee_key_type(&tee_key_type, obj);
353
354 if (rc)
355 return rc;
356
357 mechanism_supported_key_sizes_bytes(proc_params->id,
358 &min_key_size,
359 &max_key_size);
360
361 if ((object_size / 8) > max_key_size) {
362 rc = hash_secret_helper(proc_params->id, obj, &tee_attr,
363 &session->processing->extra_ctx,
364 &object_size);
365 if (rc)
366 return rc;
367 } else {
368 if (!pkcs2tee_load_attr(&tee_attr,
369 TEE_ATTR_SECRET_VALUE,
370 obj,
371 PKCS11_CKA_VALUE)) {
372 EMSG("No secret found");
373 return PKCS11_CKR_FUNCTION_FAILED;
374 }
375 }
376 break;
377
378 default:
379 rc = pkcs2tee_key_type(&tee_key_type, obj);
380 if (rc)
381 return rc;
382
383 if (!pkcs2tee_load_attr(&tee_attr, TEE_ATTR_SECRET_VALUE,
384 obj, PKCS11_CKA_VALUE)) {
385 EMSG("No secret found");
386 return PKCS11_CKR_FUNCTION_FAILED;
387 }
388 break;
389 }
390
391 res = TEE_AllocateTransientObject(tee_key_type, object_size,
392 &obj->key_handle);
393 if (res) {
394 DMSG("TEE_AllocateTransientObject failed, %#"PRIx32, res);
395 return tee2pkcs_error(res);
396 }
397
398 res = TEE_PopulateTransientObject(obj->key_handle, &tee_attr, 1);
399 if (res) {
400 DMSG("TEE_PopulateTransientObject failed, %#"PRIx32, res);
401 goto error;
402 }
403
404 key_ready:
405 res = TEE_SetOperationKey(session->processing->tee_op_handle,
406 obj->key_handle);
407 if (res) {
408 DMSG("TEE_SetOperationKey failed, %#"PRIx32, res);
409 goto error;
410 }
411
412 return PKCS11_CKR_OK;
413
414 error:
415 TEE_FreeTransientObject(obj->key_handle);
416 obj->key_handle = TEE_HANDLE_NULL;
417
418 return tee2pkcs_error(res);
419 }
420
421 static enum pkcs11_rc
tee_init_derive_symm(struct active_processing * processing,struct pkcs11_attribute_head * proc_params)422 tee_init_derive_symm(struct active_processing *processing,
423 struct pkcs11_attribute_head *proc_params)
424 {
425 struct serialargs args = { };
426 enum pkcs11_rc rc = PKCS11_CKR_OK;
427 struct input_data_ref *param = NULL;
428 void *iv = NULL;
429
430 if (!proc_params)
431 return PKCS11_CKR_ARGUMENTS_BAD;
432
433 param = TEE_Malloc(sizeof(struct input_data_ref), TEE_MALLOC_FILL_ZERO);
434 if (!param)
435 return PKCS11_CKR_DEVICE_MEMORY;
436
437 serialargs_init(&args, proc_params->data, proc_params->size);
438
439 switch (proc_params->id) {
440 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA:
441 rc = serialargs_get_ptr(&args, &iv, 16);
442 if (rc)
443 goto err;
444 break;
445 default:
446 break;
447 }
448
449 rc = serialargs_get(&args, ¶m->size, sizeof(uint32_t));
450 if (rc)
451 goto err;
452
453 rc = serialargs_get_ptr(&args, ¶m->data, param->size);
454 if (rc)
455 goto err;
456
457 if (serialargs_remaining_bytes(&args)) {
458 rc = PKCS11_CKR_ARGUMENTS_BAD;
459 goto err;
460 }
461
462 processing->extra_ctx = param;
463
464 switch (proc_params->id) {
465 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA:
466 if (param->size % TEE_AES_BLOCK_SIZE) {
467 rc = PKCS11_CKR_DATA_LEN_RANGE;
468 goto err;
469 }
470 TEE_CipherInit(processing->tee_op_handle, NULL, 0);
471 break;
472 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA:
473 if (param->size % TEE_AES_BLOCK_SIZE) {
474 rc = PKCS11_CKR_DATA_LEN_RANGE;
475 goto err;
476 }
477 TEE_CipherInit(processing->tee_op_handle, iv, 16);
478 break;
479 default:
480 TEE_Panic(proc_params->id);
481 break;
482 }
483
484 return PKCS11_CKR_OK;
485
486 err:
487 processing->extra_ctx = NULL;
488 TEE_Free(param);
489 return rc;
490 }
491
492 static enum pkcs11_rc
input_hmac_len_is_valid(struct pkcs11_attribute_head * proc_params,uint32_t hmac_len)493 input_hmac_len_is_valid(struct pkcs11_attribute_head *proc_params,
494 uint32_t hmac_len)
495 {
496 uint32_t sign_sz = 0;
497
498 switch (proc_params->id) {
499 case PKCS11_CKM_MD5_HMAC_GENERAL:
500 sign_sz = TEE_MD5_HASH_SIZE;
501 break;
502 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
503 sign_sz = TEE_SHA1_HASH_SIZE;
504 break;
505 case PKCS11_CKM_SHA224_HMAC_GENERAL:
506 sign_sz = TEE_SHA224_HASH_SIZE;
507 break;
508 case PKCS11_CKM_SHA256_HMAC_GENERAL:
509 sign_sz = TEE_SHA256_HASH_SIZE;
510 break;
511 case PKCS11_CKM_SHA384_HMAC_GENERAL:
512 sign_sz = TEE_SHA384_HASH_SIZE;
513 break;
514 case PKCS11_CKM_SHA512_HMAC_GENERAL:
515 sign_sz = TEE_SHA512_HASH_SIZE;
516 break;
517 case PKCS11_CKM_AES_CMAC_GENERAL:
518 sign_sz = TEE_AES_BLOCK_SIZE;
519 break;
520 default:
521 return PKCS11_CKR_MECHANISM_INVALID;
522 }
523
524 if (!hmac_len || hmac_len > sign_sz)
525 return PKCS11_CKR_SIGNATURE_LEN_RANGE;
526
527 return PKCS11_CKR_OK;
528 }
529
530 static enum pkcs11_rc
init_tee_operation(struct pkcs11_session * session,struct pkcs11_attribute_head * proc_params)531 init_tee_operation(struct pkcs11_session *session,
532 struct pkcs11_attribute_head *proc_params)
533 {
534 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
535 uint32_t *pkcs11_data = NULL;
536
537 switch (proc_params->id) {
538 case PKCS11_CKM_AES_CMAC:
539 case PKCS11_CKM_MD5_HMAC:
540 case PKCS11_CKM_SHA_1_HMAC:
541 case PKCS11_CKM_SHA224_HMAC:
542 case PKCS11_CKM_SHA256_HMAC:
543 case PKCS11_CKM_SHA384_HMAC:
544 case PKCS11_CKM_SHA512_HMAC:
545 if (proc_params->size)
546 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
547
548 TEE_MACInit(session->processing->tee_op_handle, NULL, 0);
549 rc = PKCS11_CKR_OK;
550 break;
551 case PKCS11_CKM_AES_CMAC_GENERAL:
552 case PKCS11_CKM_MD5_HMAC_GENERAL:
553 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
554 case PKCS11_CKM_SHA224_HMAC_GENERAL:
555 case PKCS11_CKM_SHA256_HMAC_GENERAL:
556 case PKCS11_CKM_SHA384_HMAC_GENERAL:
557 case PKCS11_CKM_SHA512_HMAC_GENERAL:
558 if (proc_params->size != sizeof(uint32_t))
559 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
560
561 pkcs11_data = TEE_Malloc(sizeof(uint32_t),
562 TEE_MALLOC_FILL_ZERO);
563 if (!pkcs11_data)
564 return PKCS11_CKR_DEVICE_MEMORY;
565
566 TEE_MemMove(pkcs11_data, proc_params->data, sizeof(uint32_t));
567
568 rc = input_hmac_len_is_valid(proc_params, *pkcs11_data);
569 if (rc) {
570 TEE_Free(pkcs11_data);
571 return rc;
572 }
573
574 session->processing->extra_ctx = (void *)pkcs11_data;
575
576 TEE_MACInit(session->processing->tee_op_handle, NULL, 0);
577 rc = PKCS11_CKR_OK;
578 break;
579 case PKCS11_CKM_AES_ECB:
580 if (proc_params->size)
581 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
582
583 TEE_CipherInit(session->processing->tee_op_handle, NULL, 0);
584 rc = PKCS11_CKR_OK;
585 break;
586 case PKCS11_CKM_AES_CBC:
587 case PKCS11_CKM_AES_CBC_PAD:
588 case PKCS11_CKM_AES_CTS:
589 if (proc_params->size != 16)
590 return PKCS11_CKR_MECHANISM_PARAM_INVALID;
591
592 TEE_CipherInit(session->processing->tee_op_handle,
593 proc_params->data, 16);
594 rc = PKCS11_CKR_OK;
595 break;
596 case PKCS11_CKM_AES_CTR:
597 rc = tee_init_ctr_operation(session->processing,
598 proc_params->data,
599 proc_params->size);
600 break;
601 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA:
602 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA:
603 rc = tee_init_derive_symm(session->processing, proc_params);
604 break;
605 default:
606 TEE_Panic(proc_params->id);
607 break;
608 }
609
610 return rc;
611 }
612
init_symm_operation(struct pkcs11_session * session,enum processing_func function,struct pkcs11_attribute_head * proc_params,struct pkcs11_object * obj)613 enum pkcs11_rc init_symm_operation(struct pkcs11_session *session,
614 enum processing_func function,
615 struct pkcs11_attribute_head *proc_params,
616 struct pkcs11_object *obj)
617 {
618 enum pkcs11_rc rc = PKCS11_CKR_OK;
619
620 assert(processing_is_tee_symm(proc_params->id));
621
622 rc = allocate_tee_operation(session, function, proc_params, obj);
623 if (rc)
624 return rc;
625
626 rc = load_tee_key(session, obj, proc_params);
627 if (rc)
628 return rc;
629
630 return init_tee_operation(session, proc_params);
631 }
632
633 /* Validate input buffer size as per PKCS#11 constraints */
input_data_size_is_valid(struct active_processing * proc,enum processing_func function,size_t in_size)634 static enum pkcs11_rc input_data_size_is_valid(struct active_processing *proc,
635 enum processing_func function,
636 size_t in_size)
637 {
638 switch (proc->mecha_type) {
639 case PKCS11_CKM_AES_ECB:
640 case PKCS11_CKM_AES_CBC:
641 if (function == PKCS11_FUNCTION_ENCRYPT &&
642 in_size % TEE_AES_BLOCK_SIZE)
643 return PKCS11_CKR_DATA_LEN_RANGE;
644 if (function == PKCS11_FUNCTION_DECRYPT &&
645 in_size % TEE_AES_BLOCK_SIZE)
646 return PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE;
647 break;
648 case PKCS11_CKM_AES_CBC_PAD:
649 if (function == PKCS11_FUNCTION_DECRYPT &&
650 in_size % TEE_AES_BLOCK_SIZE)
651 return PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE;
652 break;
653 case PKCS11_CKM_AES_CTS:
654 if (function == PKCS11_FUNCTION_ENCRYPT &&
655 in_size < TEE_AES_BLOCK_SIZE)
656 return PKCS11_CKR_DATA_LEN_RANGE;
657 if (function == PKCS11_FUNCTION_DECRYPT &&
658 in_size < TEE_AES_BLOCK_SIZE)
659 return PKCS11_CKR_ENCRYPTED_DATA_LEN_RANGE;
660 break;
661 default:
662 break;
663 }
664
665 return PKCS11_CKR_OK;
666 }
667
668 /* Validate input buffer size as per PKCS#11 constraints */
input_sign_size_is_valid(struct active_processing * proc,size_t in_size)669 static enum pkcs11_rc input_sign_size_is_valid(struct active_processing *proc,
670 size_t in_size)
671 {
672 size_t sign_sz = 0;
673
674 switch (proc->mecha_type) {
675 case PKCS11_CKM_MD5_HMAC:
676 sign_sz = TEE_MD5_HASH_SIZE;
677 break;
678 case PKCS11_CKM_SHA_1_HMAC:
679 sign_sz = TEE_SHA1_HASH_SIZE;
680 break;
681 case PKCS11_CKM_SHA224_HMAC:
682 sign_sz = TEE_SHA224_HASH_SIZE;
683 break;
684 case PKCS11_CKM_SHA256_HMAC:
685 sign_sz = TEE_SHA256_HASH_SIZE;
686 break;
687 case PKCS11_CKM_SHA384_HMAC:
688 sign_sz = TEE_SHA384_HASH_SIZE;
689 break;
690 case PKCS11_CKM_SHA512_HMAC:
691 sign_sz = TEE_SHA512_HASH_SIZE;
692 break;
693 case PKCS11_CKM_AES_CMAC:
694 sign_sz = TEE_AES_BLOCK_SIZE;
695 break;
696 default:
697 return PKCS11_CKR_GENERAL_ERROR;
698 }
699
700 if (in_size != sign_sz)
701 return PKCS11_CKR_SIGNATURE_LEN_RANGE;
702
703 return PKCS11_CKR_OK;
704 }
705
706 /*
707 * step_sym_cipher - processing symmetric (and related) cipher operation step
708 *
709 * @session - current session
710 * @function - processing function (encrypt, decrypt, sign, ...)
711 * @step - step ID in the processing (oneshot, update, final)
712 * @ptype - invocation parameter types
713 * @params - invocation parameter references
714 */
step_symm_operation(struct pkcs11_session * session,enum processing_func function,enum processing_step step,uint32_t ptypes,TEE_Param * params)715 enum pkcs11_rc step_symm_operation(struct pkcs11_session *session,
716 enum processing_func function,
717 enum processing_step step,
718 uint32_t ptypes, TEE_Param *params)
719 {
720 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
721 TEE_Result res = TEE_ERROR_GENERIC;
722 void *in_buf = NULL;
723 size_t in_size = 0;
724 void *out_buf = NULL;
725 uint32_t out_size = 0;
726 void *in2_buf = NULL;
727 uint32_t in2_size = 0;
728 bool output_data = false;
729 struct active_processing *proc = session->processing;
730 uint32_t hmac_len = 0;
731 uint8_t computed_mac[TEE_MAX_HASH_SIZE] = { 0 };
732 uint32_t computed_mac_size = TEE_MAX_HASH_SIZE;
733
734 if (TEE_PARAM_TYPE_GET(ptypes, 1) == TEE_PARAM_TYPE_MEMREF_INPUT) {
735 in_buf = params[1].memref.buffer;
736 in_size = params[1].memref.size;
737 if (in_size && !in_buf)
738 return PKCS11_CKR_ARGUMENTS_BAD;
739 }
740 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_INPUT) {
741 in2_buf = params[2].memref.buffer;
742 in2_size = params[2].memref.size;
743 if (in2_size && !in2_buf)
744 return PKCS11_CKR_ARGUMENTS_BAD;
745 }
746 if (TEE_PARAM_TYPE_GET(ptypes, 2) == TEE_PARAM_TYPE_MEMREF_OUTPUT) {
747 out_buf = params[2].memref.buffer;
748 out_size = params[2].memref.size;
749 if (out_size && !out_buf)
750 return PKCS11_CKR_ARGUMENTS_BAD;
751 }
752 if (TEE_PARAM_TYPE_GET(ptypes, 3) != TEE_PARAM_TYPE_NONE)
753 return PKCS11_CKR_ARGUMENTS_BAD;
754
755 switch (step) {
756 case PKCS11_FUNC_STEP_ONESHOT:
757 case PKCS11_FUNC_STEP_UPDATE:
758 case PKCS11_FUNC_STEP_FINAL:
759 break;
760 default:
761 return PKCS11_CKR_GENERAL_ERROR;
762 }
763
764 if (step != PKCS11_FUNC_STEP_FINAL) {
765 rc = input_data_size_is_valid(proc, function, in_size);
766 if (rc)
767 return rc;
768 }
769
770 /*
771 * Feed active operation with data
772 */
773 switch (proc->mecha_type) {
774 case PKCS11_CKM_AES_CMAC:
775 case PKCS11_CKM_MD5_HMAC:
776 case PKCS11_CKM_SHA_1_HMAC:
777 case PKCS11_CKM_SHA224_HMAC:
778 case PKCS11_CKM_SHA256_HMAC:
779 case PKCS11_CKM_SHA384_HMAC:
780 case PKCS11_CKM_SHA512_HMAC:
781 case PKCS11_CKM_AES_CMAC_GENERAL:
782 case PKCS11_CKM_MD5_HMAC_GENERAL:
783 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
784 case PKCS11_CKM_SHA224_HMAC_GENERAL:
785 case PKCS11_CKM_SHA256_HMAC_GENERAL:
786 case PKCS11_CKM_SHA384_HMAC_GENERAL:
787 case PKCS11_CKM_SHA512_HMAC_GENERAL:
788 if (step == PKCS11_FUNC_STEP_FINAL ||
789 step == PKCS11_FUNC_STEP_ONESHOT)
790 break;
791
792 if (!in_buf) {
793 DMSG("No input data");
794 return PKCS11_CKR_ARGUMENTS_BAD;
795 }
796
797 switch (function) {
798 case PKCS11_FUNCTION_SIGN:
799 case PKCS11_FUNCTION_VERIFY:
800 TEE_MACUpdate(proc->tee_op_handle, in_buf, in_size);
801 rc = PKCS11_CKR_OK;
802 break;
803 default:
804 TEE_Panic(function);
805 break;
806 }
807 break;
808
809 case PKCS11_CKM_AES_ECB:
810 case PKCS11_CKM_AES_CBC:
811 case PKCS11_CKM_AES_CBC_PAD:
812 case PKCS11_CKM_AES_CTS:
813 case PKCS11_CKM_AES_CTR:
814 if (step == PKCS11_FUNC_STEP_FINAL ||
815 step == PKCS11_FUNC_STEP_ONESHOT)
816 break;
817
818 if (!in_buf) {
819 EMSG("No input data");
820 return PKCS11_CKR_ARGUMENTS_BAD;
821 }
822
823 switch (function) {
824 case PKCS11_FUNCTION_ENCRYPT:
825 case PKCS11_FUNCTION_DECRYPT:
826 res = TEE_CipherUpdate(proc->tee_op_handle,
827 in_buf, in_size,
828 out_buf, &out_size);
829 output_data = true;
830 rc = tee2pkcs_error(res);
831 break;
832 default:
833 TEE_Panic(function);
834 break;
835 }
836 break;
837
838 default:
839 TEE_Panic(proc->mecha_type);
840 break;
841 }
842
843 if (step == PKCS11_FUNC_STEP_UPDATE)
844 goto out;
845
846 /*
847 * Finalize (PKCS11_FUNC_STEP_ONESHOT/_FINAL) operation
848 */
849 switch (session->processing->mecha_type) {
850 case PKCS11_CKM_AES_CMAC:
851 case PKCS11_CKM_MD5_HMAC:
852 case PKCS11_CKM_SHA_1_HMAC:
853 case PKCS11_CKM_SHA224_HMAC:
854 case PKCS11_CKM_SHA256_HMAC:
855 case PKCS11_CKM_SHA384_HMAC:
856 case PKCS11_CKM_SHA512_HMAC:
857 switch (function) {
858 case PKCS11_FUNCTION_SIGN:
859 res = TEE_MACComputeFinal(proc->tee_op_handle,
860 in_buf, in_size, out_buf,
861 &out_size);
862 output_data = true;
863 rc = tee2pkcs_error(res);
864 break;
865 case PKCS11_FUNCTION_VERIFY:
866 rc = input_sign_size_is_valid(proc, in2_size);
867 if (rc)
868 return rc;
869 res = TEE_MACCompareFinal(proc->tee_op_handle,
870 in_buf, in_size, in2_buf,
871 in2_size);
872 rc = tee2pkcs_error(res);
873 break;
874 default:
875 TEE_Panic(function);
876 break;
877 }
878
879 break;
880
881 case PKCS11_CKM_AES_CMAC_GENERAL:
882 case PKCS11_CKM_MD5_HMAC_GENERAL:
883 case PKCS11_CKM_SHA_1_HMAC_GENERAL:
884 case PKCS11_CKM_SHA224_HMAC_GENERAL:
885 case PKCS11_CKM_SHA256_HMAC_GENERAL:
886 case PKCS11_CKM_SHA384_HMAC_GENERAL:
887 case PKCS11_CKM_SHA512_HMAC_GENERAL:
888 assert(session->processing->extra_ctx);
889 hmac_len = *(uint32_t *)session->processing->extra_ctx;
890
891 switch (function) {
892 case PKCS11_FUNCTION_SIGN:
893 if (out_size < hmac_len) {
894 /* inform client of required size */
895 out_size = hmac_len;
896 output_data = true;
897 rc = PKCS11_CKR_BUFFER_TOO_SMALL;
898 goto out;
899 }
900
901 res = TEE_MACComputeFinal(proc->tee_op_handle,
902 in_buf, in_size,
903 computed_mac,
904 &computed_mac_size);
905 if (res == TEE_SUCCESS) {
906 /* truncate to hmac_len */
907 TEE_MemMove(out_buf, computed_mac, hmac_len);
908 output_data = true;
909 }
910
911 /* inform client of required size */
912 out_size = hmac_len;
913 rc = tee2pkcs_error(res);
914 break;
915 case PKCS11_FUNCTION_VERIFY:
916 /* must compute full MAC before comparing partial */
917 res = TEE_MACComputeFinal(proc->tee_op_handle, in_buf,
918 in_size, computed_mac,
919 &computed_mac_size);
920
921 if (!in2_size || in2_size > computed_mac_size) {
922 EMSG("Invalid signature size: %"PRIu32,
923 in2_size);
924 return PKCS11_CKR_SIGNATURE_LEN_RANGE;
925 }
926
927 if (res == TEE_SUCCESS) {
928 /*
929 * Only the first in2_size bytes of the
930 * signature to be verified is passed in from
931 * caller
932 */
933 if (TEE_MemCompare(in2_buf, computed_mac,
934 in2_size)) {
935 res = TEE_ERROR_MAC_INVALID;
936 }
937 }
938
939 rc = tee2pkcs_error(res);
940 break;
941 default:
942 TEE_Panic(function);
943 break;
944 }
945
946 break;
947
948 case PKCS11_CKM_AES_ECB:
949 case PKCS11_CKM_AES_CBC:
950 case PKCS11_CKM_AES_CBC_PAD:
951 case PKCS11_CKM_AES_CTS:
952 case PKCS11_CKM_AES_CTR:
953 if (step == PKCS11_FUNC_STEP_ONESHOT && !in_buf) {
954 EMSG("No input data");
955 return PKCS11_CKR_ARGUMENTS_BAD;
956 }
957
958 switch (function) {
959 case PKCS11_FUNCTION_ENCRYPT:
960 case PKCS11_FUNCTION_DECRYPT:
961 res = TEE_CipherDoFinal(proc->tee_op_handle,
962 in_buf, in_size,
963 out_buf, &out_size);
964 output_data = true;
965 rc = tee2pkcs_error(res);
966 break;
967 default:
968 TEE_Panic(function);
969 break;
970 }
971 break;
972 default:
973 TEE_Panic(proc->mecha_type);
974 break;
975 }
976
977 out:
978 if (output_data &&
979 (rc == PKCS11_CKR_OK || rc == PKCS11_CKR_BUFFER_TOO_SMALL)) {
980 switch (TEE_PARAM_TYPE_GET(ptypes, 2)) {
981 case TEE_PARAM_TYPE_MEMREF_OUTPUT:
982 case TEE_PARAM_TYPE_MEMREF_INOUT:
983 params[2].memref.size = out_size;
984 break;
985 default:
986 rc = PKCS11_CKR_ARGUMENTS_BAD;
987 break;
988 }
989 }
990
991 return rc;
992 }
993
derive_key_by_symm_enc(struct pkcs11_session * session,void ** out_buf,uint32_t * out_size)994 enum pkcs11_rc derive_key_by_symm_enc(struct pkcs11_session *session,
995 void **out_buf, uint32_t *out_size)
996 {
997 enum pkcs11_rc rc = PKCS11_CKR_GENERAL_ERROR;
998 TEE_Result res = TEE_ERROR_GENERIC;
999 struct active_processing *proc = session->processing;
1000 struct input_data_ref *input = proc->extra_ctx;
1001 void *in_buf = NULL;
1002 void *dest_buf = NULL;
1003 uint32_t in_size = 0;
1004
1005 switch (proc->mecha_type) {
1006 case PKCS11_CKM_AES_ECB_ENCRYPT_DATA:
1007 case PKCS11_CKM_AES_CBC_ENCRYPT_DATA:
1008 if (!proc->extra_ctx)
1009 return PKCS11_CKR_ARGUMENTS_BAD;
1010
1011 in_buf = input->data;
1012 in_size = input->size;
1013
1014 *out_size = in_size;
1015 dest_buf = TEE_Malloc(*out_size, 0);
1016 if (!dest_buf)
1017 return PKCS11_CKR_DEVICE_MEMORY;
1018
1019 res = TEE_CipherDoFinal(proc->tee_op_handle, in_buf, in_size,
1020 dest_buf, out_size);
1021 rc = tee2pkcs_error(res);
1022 if (rc) {
1023 TEE_Free(dest_buf);
1024 return rc;
1025 }
1026
1027 *out_buf = dest_buf;
1028 break;
1029 default:
1030 return PKCS11_CKR_MECHANISM_INVALID;
1031 }
1032
1033 return rc;
1034 }
1035
wrap_data_by_symm_enc(struct pkcs11_session * session,void * data,uint32_t data_sz,void * out_buf,uint32_t * out_sz)1036 enum pkcs11_rc wrap_data_by_symm_enc(struct pkcs11_session *session,
1037 void *data, uint32_t data_sz,
1038 void *out_buf, uint32_t *out_sz)
1039 {
1040 TEE_Result res = TEE_ERROR_GENERIC;
1041 struct active_processing *proc = session->processing;
1042 void *in_buf = NULL;
1043 uint32_t align = 0;
1044 uint32_t in_sz = data_sz;
1045 uint32_t tmp_sz = *out_sz;
1046 uint8_t *tmp_buf = out_buf;
1047
1048 switch (proc->mecha_type) {
1049 case PKCS11_CKM_AES_ECB:
1050 case PKCS11_CKM_AES_CBC:
1051 align = data_sz % TEE_AES_BLOCK_SIZE;
1052 if (align)
1053 in_sz = data_sz + (TEE_AES_BLOCK_SIZE - align);
1054
1055 if (*out_sz < in_sz) {
1056 *out_sz = in_sz;
1057 return PKCS11_CKR_BUFFER_TOO_SMALL;
1058 }
1059
1060 if (align) {
1061 if (data_sz > TEE_AES_BLOCK_SIZE) {
1062 in_sz = data_sz - align;
1063 res = TEE_CipherUpdate(proc->tee_op_handle,
1064 data, in_sz, tmp_buf,
1065 &tmp_sz);
1066 if (res) {
1067 assert(res != TEE_ERROR_SHORT_BUFFER);
1068 return tee2pkcs_error(res);
1069 }
1070 tmp_buf += tmp_sz;
1071 tmp_sz = *out_sz - tmp_sz;
1072 } else {
1073 in_sz = 0;
1074 }
1075
1076 in_buf = TEE_Malloc(TEE_AES_BLOCK_SIZE,
1077 TEE_MALLOC_FILL_ZERO);
1078 if (!in_buf)
1079 return PKCS11_CKR_DEVICE_MEMORY;
1080
1081 TEE_MemMove(in_buf, (uint8_t *)data + in_sz, align);
1082 in_sz = TEE_AES_BLOCK_SIZE;
1083 } else {
1084 in_buf = data;
1085 in_sz = data_sz;
1086 }
1087
1088 res = TEE_CipherDoFinal(proc->tee_op_handle, in_buf, in_sz,
1089 tmp_buf, &tmp_sz);
1090 if (res == TEE_SUCCESS || res == TEE_ERROR_SHORT_BUFFER) {
1091 *out_sz = tmp_sz;
1092 if (align)
1093 *out_sz += tmp_buf - (uint8_t *)out_buf;
1094 }
1095
1096 if (align)
1097 TEE_Free(in_buf);
1098
1099 return tee2pkcs_error(res);
1100 default:
1101 return PKCS11_CKR_MECHANISM_INVALID;
1102 }
1103
1104 return PKCS11_CKR_GENERAL_ERROR;
1105 }
1106
unwrap_key_by_symm(struct pkcs11_session * session,void * data,uint32_t data_sz,void ** out_buf,uint32_t * out_sz)1107 enum pkcs11_rc unwrap_key_by_symm(struct pkcs11_session *session, void *data,
1108 uint32_t data_sz, void **out_buf,
1109 uint32_t *out_sz)
1110 {
1111 TEE_Result res = TEE_ERROR_GENERIC;
1112 struct active_processing *proc = session->processing;
1113
1114 if (input_data_size_is_valid(proc, PKCS11_FUNCTION_DECRYPT, data_sz))
1115 return PKCS11_CKR_WRAPPED_KEY_LEN_RANGE;
1116
1117 switch (proc->mecha_type) {
1118 case PKCS11_CKM_AES_ECB:
1119 case PKCS11_CKM_AES_CBC:
1120 *out_sz = 0;
1121 res = TEE_CipherDoFinal(proc->tee_op_handle, data, data_sz,
1122 NULL, out_sz);
1123 if (res != TEE_ERROR_SHORT_BUFFER) {
1124 DMSG("TEE_CipherDoFinal() issue: %#"PRIx32, res);
1125 return PKCS11_CKR_GENERAL_ERROR;
1126 }
1127
1128 *out_buf = TEE_Malloc(*out_sz, TEE_MALLOC_FILL_ZERO);
1129 if (!*out_buf)
1130 return PKCS11_CKR_DEVICE_MEMORY;
1131
1132 res = TEE_CipherDoFinal(proc->tee_op_handle, data, data_sz,
1133 *out_buf, out_sz);
1134 if (tee2pkcs_error(res)) {
1135 TEE_Free(*out_buf);
1136 *out_buf = NULL;
1137 return PKCS11_CKR_WRAPPED_KEY_INVALID;
1138 }
1139 break;
1140 default:
1141 return PKCS11_CKR_MECHANISM_INVALID;
1142 }
1143
1144 return PKCS11_CKR_OK;
1145 }
1146