| #
e2ec831c |
| 03-Jul-2023 |
Jihwan Park <jihwp@amazon.com> |
core: crypto_bignum_free(): add indirection and set pointer to NULL
To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.
Signed-off-by: J
core: crypto_bignum_free(): add indirection and set pointer to NULL
To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.
Signed-off-by: Jihwan Park <jihwp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
show more ...
|
| #
1220a68b |
| 24-Apr-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: versal: ecc: allow software fallback on key allocation
The driver only supports ECDH/ECDSA key types. Other key types shall be
entirely handled by a software implementation enabled at compil
crypto: versal: ecc: allow software fallback on key allocation
The driver only supports ECDH/ECDSA key types. Other key types shall be
entirely handled by a software implementation enabled at compile time.
Fixes xtest regression 4006:
regression_4006.43 Asym Crypto case 426 algo 0x80000046 line 373
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| #
92d75aef |
| 24-Apr-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto_api: acipher: ecc key allocation API, pass the key type
For Elliptic Curve, the cryptographic API can fallback to its software
operation instead of failing due to the lack of hardware support
crypto_api: acipher: ecc key allocation API, pass the key type
For Elliptic Curve, the cryptographic API can fallback to its software
operation instead of failing due to the lack of hardware support.
The relevant code can be see seen in the function
crypto_acipher_alloc_ecc_keypair(..).
crypto_api/acipher/ecc.c however does not pass the key type to the
relevant driver and therefore the backend driver can not take the
correct action at allocation time.
This commit addresses that limitation.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>
show more ...
|
| #
9cf576a9 |
| 06-Mar-2023 |
Jerome Forissier <jerome.forissier@linaro.org> |
drivers: crypto: versal: do not use deprecated algorithm macros
The TEE_ALG_ECDSA_P384 and TEE_ALG_ECDSA_P521 constants are deprecated
since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHAR
drivers: crypto: versal: do not use deprecated algorithm macros
The TEE_ALG_ECDSA_P384 and TEE_ALG_ECDSA_P521 constants are deprecated
since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET
and TEE_ALG_ECDSA_SHA*"). Therefore use TEE_ALG_ECDSA_SHA384 or
TEE_ALG_ECDSA_SHA512 instead (no functional change since the
aforementioned commit made them equal).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
e8bbd0e0 |
| 30-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: versal: ecc: sign/verify fix
Both the message (hash) and the generated signatures must be swapped.
The following custom tests were executed for P384 (prime384v1) and
P521 (nistp521) curves.
crypto: versal: ecc: sign/verify fix
Both the message (hash) and the generated signatures must be swapped.
The following custom tests were executed for P384 (prime384v1) and
P521 (nistp521) curves.
Signing and verifying using pkcs#11 alone (ie like done in xtest) was
not sufficient to capture this bug.
PTOOL='pkcs11-tool --module /usr/lib/libckteec.so.0.1.0'
SO_PIN=55555555
PIN=44444444
FILE=hello
printf "OP-TEE: create key pair"
$PTOOL --id 01 --label ldts --token-label fio --pin $PIN \
--keypairgen \
--key-type EC:prime384v1
printf "OP-TEE: read the public key"
$PTOOL -l --pin $PIN --id 01 \
--read-object --type pubkey --output-file pubkey.spki
printf "Openssl: export key to PEM"
openssl ec -inform DER -outform PEM -in pubkey.spki -pubin > pubkey.pub
printf "Create file to sign"
echo "hello world" > $FILE
printf "OpenSSL: create the file sha384"
openssl dgst -binary -sha384 $FILE > $FILE.hash
printf "OP-TEE: generate signature "
$PTOOL --pin $PIN --id 01 --label ldts --token-label fio \
--sign
--input-file $FILE.hash
--output-file $FILE.sig
--mechanism ECDSA
-f openssl
printf "OpenSSL: verify signature"
openssl dgst -sha384 -verify pubkey.pub -signature "$FILE".sig "$FILE"
printf "OP-TEE: verify signature"
$PTOOL --pin $PIN --id 01 --label ldts --token-label fio \
--verify \
--input-file $FILE.hash \
--signature-format openssl \
--signature-file $FILE.sig \
--mechanism ECDSA
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| #
49b0febc |
| 04-Jul-2022 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: versal: elliptic curve cryptography driver
This driver uses the PLM xilsecure service to deliver ECC sign/verify
functionality.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked
crypto: versal: elliptic curve cryptography driver
This driver uses the PLM xilsecure service to deliver ECC sign/verify
functionality.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|