tee - OpenGrok history log for /optee_os/core/tee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
46e25a17	14-Jul-2023	loubaihui <loubaihui1@huawei.com>	crypto: rename struct x25519_keypair Since X25519 and X448 have the same key pair structure, so we rename struct x25519_keypair as struct montgomery_keypair. Signed-off-by: loubaihui <loubaihui1@hu crypto: rename struct x25519_keypair Since X25519 and X448 have the same key pair structure, so we rename struct x25519_keypair as struct montgomery_keypair. Signed-off-by: loubaihui <loubaihui1@huawei.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/plat-aspeed/platform_ast2600.c /optee_os/core/arch/arm/plat-aspeed/platform_ast2700.c /optee_os/core/arch/arm/plat-bcm/main.c /optee_os/core/arch/arm/plat-corstone1000/main.c /optee_os/core/arch/arm/plat-imx/main.c /optee_os/core/arch/arm/plat-imx/pm/cpuidle-imx7d.c /optee_os/core/arch/arm/plat-imx/pm/imx7_suspend.c /optee_os/core/arch/arm/plat-k3/main.c /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-mediatek/main.c /optee_os/core/arch/arm/plat-nuvoton/main.c /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rzn1/main.c /optee_os/core/arch/arm/plat-sam/freq.c /optee_os/core/arch/arm/plat-sam/main.c /optee_os/core/arch/arm/plat-sprd/main.c /optee_os/core/arch/arm/plat-stm/main.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-sunxi/main.c /optee_os/core/arch/arm/plat-synquacer/main.c /optee_os/core/arch/arm/plat-ti/a9_plat_init.S /optee_os/core/arch/arm/plat-ti/main.c /optee_os/core/arch/arm/plat-totalcompute/main.c /optee_os/core/arch/arm/plat-uniphier/main.c /optee_os/core/arch/arm/plat-versal/main.c /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/plat-zynq7k/main.c /optee_os/core/arch/arm/plat-zynqmp/main.c /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/arch/riscv/mm/sub.mk /optee_os/core/crypto/crypto.c /optee_os/core/drivers/clk/clk_dt.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg.c /optee_os/core/drivers/crypto/se050/glue/i2c_stm32.c /optee_os/core/drivers/plic.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/drivers/stm32mp15_huk.c /optee_os/core/drivers/sub.mk /optee_os/core/include/crypto/crypto.h /optee_os/core/include/drivers/plic.h /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/stm32_uart.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/dt.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/ldelf_loader.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/libtomcrypt/x25519.c tee_svc_cryp.c /optee_os/lib/libutils/ext/include/util.h /optee_os/mk/aosp_optee.mk /optee_os/ta/pkcs11/src/pkcs11_attributes.c
4e154320	29-May-2023	Seonghyun Park <seonghp@amazon.com>	core: Apply finer-grained PAN Prior to this commit, the PAN was disabled for most of the time, within the thread scall handler. After resolving all outstanding missing unprivileged access functions, core: Apply finer-grained PAN Prior to this commit, the PAN was disabled for most of the time, within the thread scall handler. After resolving all outstanding missing unprivileged access functions, we can now enable finer- grained PAN, where the unprivileged access is only allowed inside handful of special user-access functions. There are some exceptions where we toggle PAN to allow the OP-TEE core to access user memory, instead of using user-access functions or bounce buffers. Those are crypto services and ldelf syscall handlers. Those are chosen to avoid potential large bounce buffer allocations. Signed-off-by: Seonghyun Park <seonghp@amazon.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/kernel/scall.c /optee_os/core/kernel/user_access.c tee_svc_cryp.c
a844a0b8	21-Jun-2023	Seonghyun Park <seonghp@amazon.com>	core: use user-access functions for crypto service Use user-access functions for crypto service functions, excluding encryption, decryption and hasn operations, which might require large bounce buff core: use user-access functions for crypto service Use user-access functions for crypto service functions, excluding encryption, decryption and hasn operations, which might require large bounce buffer allocations. Besides these operations, user- access functions are applied for those functions that takes attributes, IVs, big numbers, and auxiliary data from the user- space. Signed-off-by: Seonghyun Park <seonghp@amazon.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/arch/arm/kernel/arch_scall.c /optee_os/core/pta/system.c tee_svc_cryp.c
84f78978	21-Jun-2023	Seonghyun Park <seonghp@amazon.com>	core: use user-access functions for storage svc Use user-access functions within storage service syscalls, mainly to copy object id from user-spaced buffers. Signed-off-by: Seonghyun Park <seonghp@ core: use user-access functions for storage svc Use user-access functions within storage service syscalls, mainly to copy object id from user-spaced buffers. Signed-off-by: Seonghyun Park <seonghp@amazon.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... tee_svc_storage.c
376448c2	21-Jun-2023	Seonghyun Park <seonghp@amazon.com>	core: use user-access functions for passing params Use user-access functions for parameter-passing between user TA and the core when calling another TA from a TA and when entering a user TA. Signed core: use user-access functions for passing params Use user-access functions for parameter-passing between user TA and the core when calling another TA from a TA and when entering a user TA. Signed-off-by: Seonghyun Park <seonghp@amazon.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/CHANGELOG.md /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/arm64_macros.S /optee_os/core/arch/arm/include/kernel/user_access_arch.h /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/riscv/include/kernel/user_access_arch.h /optee_os/core/include/kernel/ldelf_loader.h /optee_os/core/include/kernel/user_access.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/kernel/ldelf_loader.c /optee_os/core/kernel/scall.c /optee_os/core/kernel/user_access.c /optee_os/core/kernel/user_ta.c /optee_os/core/pta/system.c tee_svc.c /optee_os/mk/config.mk
e2ec831c	03-Jul-2023	Jihwan Park <jihwp@amazon.com>	core: crypto_bignum_free(): add indirection and set pointer to NULL To prevent human mistake, crypto_bignum_free() sets the location of the bignum pointer to NULL after freeing it. Signed-off-by: J core: crypto_bignum_free(): add indirection and set pointer to NULL To prevent human mistake, crypto_bignum_free() sets the location of the bignum pointer to NULL after freeing it. Signed-off-by: Jihwan Park <jihwp@amazon.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/crypto/crypto.c /optee_os/core/drivers/crypto/caam/acipher/caam_dh.c /optee_os/core/drivers/crypto/caam/acipher/caam_dsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_ecc.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/se050/core/ecc.c /optee_os/core/drivers/crypto/se050/core/rsa.c /optee_os/core/drivers/crypto/versal/ecc.c /optee_os/core/include/crypto/crypto.h /optee_os/core/lib/libtomcrypt/dh.c /optee_os/core/lib/libtomcrypt/dsa.c /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/lib/libtomcrypt/rsa.c tee_svc_cryp.c /optee_os/lib/libmbedtls/core/bignum.c /optee_os/lib/libmbedtls/core/dh.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libmbedtls/core/rsa.c
9ab92ded	28-Jun-2023	Etienne Carriere <etienne.carriere@foss.st.com>	core: tee_svc_cryp: report RSAES_PKCS1_OAEP_MGF1 bad hash ID Fixes syscall_asymm_operate() to report inconsistent hash algorithm specified as attribute for TEE_ALG_RSAES_PKCS1_OAEP_MGF1_* operations core: tee_svc_cryp: report RSAES_PKCS1_OAEP_MGF1 bad hash ID Fixes syscall_asymm_operate() to report inconsistent hash algorithm specified as attribute for TEE_ALG_RSAES_PKCS1_OAEP_MGF1_* operations as OP-TEE only supports the hash predefined for the request algorithm TEE_ALG_RSAES_PKCS1_OAEP_MGF1_xxx. Link: https://github.com/OP-TEE/optee_os/issues/6143 Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.clang-format /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/Makefile /optee_os/core/arch/arm/dts/dt_driver_test.dtsi /optee_os/core/arch/arm/dts/sama5d2.dtsi /optee_os/core/arch/arm/dts/stm32mp13-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp13xc.dtsi /optee_os/core/arch/arm/dts/stm32mp13xf.dtsi /optee_os/core/arch/arm/dts/stm32mp15-pinctrl.dtsi /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/kernel/tlb_helpers.h /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/cache_helpers_a64.S /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_optee_smc_a32.S /optee_os/core/arch/arm/kernel/thread_optee_smc_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/kernel/tlb_helpers_a32.S /optee_os/core/arch/arm/kernel/tlb_helpers_a64.S /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/mm/mobj_dyn_shm.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-aspeed/conf.mk /optee_os/core/arch/arm/plat-aspeed/platform_ast2600.c /optee_os/core/arch/arm/plat-aspeed/platform_ast2700.c /optee_os/core/arch/arm/plat-aspeed/platform_config.h /optee_os/core/arch/arm/plat-aspeed/sub.mk /optee_os/core/arch/arm/plat-bcm/main.c /optee_os/core/arch/arm/plat-corstone1000/main.c /optee_os/core/arch/arm/plat-imx/main.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.h /optee_os/core/arch/arm/plat-k3/drivers/ti_sci_protocol.h /optee_os/core/arch/arm/plat-k3/main.c /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-mediatek/main.c /optee_os/core/arch/arm/plat-nuvoton/conf.mk /optee_os/core/arch/arm/plat-nuvoton/main.c /optee_os/core/arch/arm/plat-nuvoton/platform_config.h /optee_os/core/arch/arm/plat-nuvoton/sub.mk /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rzn1/main.c /optee_os/core/arch/arm/plat-rzn1/platform_config.h /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-sam/main.c /optee_os/core/arch/arm/plat-sam/nsec-service/sm_platform_handler.c /optee_os/core/arch/arm/plat-sam/nsec-service/smc_ids.h /optee_os/core/arch/arm/plat-sam/scmi_server.c /optee_os/core/arch/arm/plat-sam/sub.mk /optee_os/core/arch/arm/plat-sprd/main.c /optee_os/core/arch/arm/plat-stm/main.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_syscfg.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-sunxi/main.c /optee_os/core/arch/arm/plat-synquacer/main.c /optee_os/core/arch/arm/plat-ti/main.c /optee_os/core/arch/arm/plat-totalcompute/main.c /optee_os/core/arch/arm/plat-uniphier/main.c /optee_os/core/arch/arm/plat-versal/main.c /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/plat-zynq7k/main.c /optee_os/core/arch/arm/plat-zynqmp/main.c /optee_os/core/arch/riscv/include/kernel/delay_arch.h /optee_os/core/arch/riscv/include/kernel/tlb_helpers.h /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/kernel/abort.c /optee_os/core/arch/riscv/kernel/arch_scall.c /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/kernel/tee_time_rdtime.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/kernel/unwind_rv.c /optee_os/core/arch/riscv/mm/sub.mk /optee_os/core/arch/riscv/mm/tlb_helpers_rv.S /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/plat-virt/main.c /optee_os/core/arch/riscv/riscv.mk /optee_os/core/drivers/atmel_piobu.c /optee_os/core/drivers/atmel_saic.c /optee_os/core/drivers/clk/clk-stm32-core.c /optee_os/core/drivers/clk/clk-stm32mp15.c /optee_os/core/drivers/clk/clk_dt.c /optee_os/core/drivers/clk/sam/at91_clk.h /optee_os/core/drivers/clk/sam/at91_pmc.c /optee_os/core/drivers/clk/sam/at91_sckc.c /optee_os/core/drivers/clk/sam/sama5d2_clk.c /optee_os/core/drivers/gic.c /optee_os/core/drivers/gpio/gpio.c /optee_os/core/drivers/gpio/sub.mk /optee_os/core/drivers/hfic.c /optee_os/core/drivers/i2c/atmel_i2c.c /optee_os/core/drivers/imx_ele.c /optee_os/core/drivers/ls_gpio.c /optee_os/core/drivers/pinctrl/atmel_pio.c /optee_os/core/drivers/pinctrl/pinctrl.c /optee_os/core/drivers/pinctrl/sub.mk /optee_os/core/drivers/rstctrl/stm32_rstctrl.c /optee_os/core/drivers/scmi-msg/clock_generic.c /optee_os/core/drivers/scmi-msg/sub.mk /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_etzpc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_gpio.c /optee_os/core/include/drivers/atmel_saic.h /optee_os/core/include/drivers/bcm_gpio.h /optee_os/core/include/drivers/clk_dt.h /optee_os/core/include/drivers/gic.h /optee_os/core/include/drivers/gpio.h /optee_os/core/include/drivers/hfic.h /optee_os/core/include/drivers/i2c.h /optee_os/core/include/drivers/ls_gpio.h /optee_os/core/include/drivers/pinctrl.h /optee_os/core/include/drivers/pl022_spi.h /optee_os/core/include/drivers/pl061_gpio.h /optee_os/core/include/drivers/rstctrl.h /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/stm32_etzpc.h /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/drivers/versal_gpio.h /optee_os/core/include/dt-bindings/clock/at91.h /optee_os/core/include/dt-bindings/clock/stm32mp13-clks.h /optee_os/core/include/dt-bindings/regulator/st,stm32mp13-regulator.h /optee_os/core/include/dt-bindings/rtc/rtc-stm32.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/kernel/virtualization.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/include/mm/mobj.h /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/interrupt.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/thread.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/vm.c /optee_os/core/pta/tests/dt_driver_test.c /optee_os/core/pta/tests/sub.mk tee_svc_cryp.c /optee_os/keys/default.pem /optee_os/keys/default_ta.pem /optee_os/ldelf/ftrace.c /optee_os/ldelf/main.c /optee_os/ldelf/ta_elf.c /optee_os/ldelf/ta_elf.h /optee_os/lib/libunw/include/unw/unwind.h /optee_os/lib/libunw/sub.mk /optee_os/lib/libunw/unwind_arm64.c /optee_os/lib/libunw/unwind_riscv.c /optee_os/lib/libutee/arch/riscv/utee_syscalls_rv.S /optee_os/lib/libutee/include/riscv_user_sysreg.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutils/ext/arch/riscv/mcount_rv.S /optee_os/lib/libutils/ext/arch/riscv/sub.mk /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/ext/include/riscv.S /optee_os/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod.c /optee_os/lib/libutils/isoc/arch/riscv/setjmp_rv.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/setjmp.h /optee_os/mk/aosp_optee.mk /optee_os/mk/cc-option.mk /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/ftrace_format.py /optee_os/scripts/symbolize.py /optee_os/ta/arch/riscv/ta.ld.S /optee_os/ta/mk/ta_dev_kit.mk /optee_os/ta/pkcs11/src/handle.c /optee_os/ta/pkcs11/src/handle.h /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/pkcs11_token.h /optee_os/ta/pkcs11/src/processing.h /optee_os/ta/ta.mk
a0be044c	19-Apr-2023	lei zhou <lei.zhou@linaro.org>	core: crypto: change TEE_AEDecryptFinal() tag param's attribute Due to tag parameter was passed in from REE side share memory same as cipher-text source and nonce buffer/parameters. Then memory acce core: crypto: change TEE_AEDecryptFinal() tag param's attribute Due to tag parameter was passed in from REE side share memory same as cipher-text source and nonce buffer/parameters. Then memory access sanity-check marks CCM TAG buffer as ACCESS_DENIED, which triggers user TA panic. Change tag parameter's attribute from [in] to [inbuf]. This fix is expected to be addressed in next GP TEE Internal Core API specification. Link: https://github.com/OP-TEE/optee_os/issues/5946 Signed-off-by: lei zhou <lei.zhou@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/crypto/sha3_armv8a_ce.c /optee_os/core/arch/arm/crypto/sha3_armv8a_ce_a64.S /optee_os/core/arch/arm/crypto/sm4_armv8a_aese_a64.S /optee_os/core/arch/arm/crypto/sm4_armv8a_ce.c /optee_os/core/arch/arm/crypto/sm4_armv8a_ce.h /optee_os/core/arch/arm/crypto/sm4_armv8a_ce_a64.S /optee_os/core/arch/arm/crypto/sm4_armv8a_neon.c /optee_os/core/arch/arm/crypto/sm4_armv8a_neon.h /optee_os/core/arch/arm/crypto/sub.mk /optee_os/core/arch/arm/dts/at91-sama5d27_wlsom1.dtsi /optee_os/core/arch/arm/dts/stm32mp157a-dk1.dts /optee_os/core/arch/arm/dts/stm32mp157c-dk2.dts /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/include/arm.h /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/arm/include/mm/generic_ram_layout.h /optee_os/core/arch/arm/include/sm/optee_smc.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/link_dummies_init.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/thread_optee_smc_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-hisilicon/psci.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/config/imx6qdlsolo.h /optee_os/core/arch/arm/plat-imx/config/imx6sl.h /optee_os/core/arch/arm/plat-imx/config/imx6sll.h /optee_os/core/arch/arm/plat-imx/config/imx6sx.h /optee_os/core/arch/arm/plat-imx/platform_config.h /optee_os/core/arch/arm/plat-imx/pm/psci.c /optee_os/core/arch/arm/plat-imx/registers/imx8ulp.h /optee_os/core/arch/arm/plat-imx/registers/imx93.h /optee_os/core/arch/arm/plat-imx/sm_platform_handler.c /optee_os/core/arch/arm/plat-imx/sub.mk /optee_os/core/arch/arm/plat-imx/tzc380.c /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-rcar/romapi_call.S /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-sam/matrix.c /optee_os/core/arch/arm/plat-sam/matrix.h /optee_os/core/arch/arm/plat-sam/sam_sfr.c /optee_os/core/arch/arm/plat-sam/sama5d2.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-sunxi/psci.c /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/plat-vexpress/platform_config.h /optee_os/core/arch/arm/plat-zynqmp/main.c /optee_os/core/arch/arm/plat-zynqmp/platform_config.h /optee_os/core/arch/riscv/include/encoding.h /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/arch/riscv/mm/tlb_helpers_rv.S /optee_os/core/crypto.mk /optee_os/core/crypto/sm4_accel.c /optee_os/core/crypto/sub.mk /optee_os/core/drivers/atmel_piobu.c /optee_os/core/drivers/atmel_rstc.c /optee_os/core/drivers/atmel_rtc.c /optee_os/core/drivers/atmel_shdwc.c /optee_os/core/drivers/atmel_tcb.c /optee_os/core/drivers/atmel_trng.c /optee_os/core/drivers/atmel_wdt.c /optee_os/core/drivers/cbmem_console.c /optee_os/core/drivers/clk/clk-stm32mp13.c /optee_os/core/drivers/clk/clk-stm32mp15.c /optee_os/core/drivers/clk/clk_dt.c /optee_os/core/drivers/clk/sam/sama5d2_clk.c /optee_os/core/drivers/crypto/caam/acipher/caam_ecc.c /optee_os/core/drivers/crypto/caam/acipher/sub.mk /optee_os/core/drivers/crypto/caam/caam_ctrl.c /optee_os/core/drivers/crypto/caam/caam_pwr.c /optee_os/core/drivers/crypto/caam/crypto.mk /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c /optee_os/core/drivers/crypto/caam/hal/common/hal_ctrl.c /optee_os/core/drivers/crypto/caam/hal/imx_8m/registers/ctrl_regs.h /optee_os/core/drivers/crypto/caam/include/caam_acipher.h /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_hal_ctrl.h /optee_os/core/drivers/crypto/caam/include/caam_mp.h /optee_os/core/drivers/crypto/caam/include/caam_status.h /optee_os/core/drivers/crypto/caam/include/caam_trace.h /optee_os/core/drivers/crypto/caam/mp/caam_mp.c /optee_os/core/drivers/crypto/caam/mp/sub.mk /optee_os/core/drivers/crypto/caam/sub.mk /optee_os/core/drivers/crypto/caam/utils/utils_status.c /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/core/ecc.c /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/drivers/crypto/stm32/authenc.c /optee_os/core/drivers/crypto/stm32/cipher.c /optee_os/core/drivers/crypto/stm32/stm32_cryp.c /optee_os/core/drivers/crypto/versal/ecc.c /optee_os/core/drivers/i2c/atmel_i2c.c /optee_os/core/drivers/i2c/i2c.c /optee_os/core/drivers/i2c/sub.mk /optee_os/core/drivers/imx/dcp/dcp.c /optee_os/core/drivers/imx/mu/sub.mk /optee_os/core/drivers/imx_caam.c /optee_os/core/drivers/imx_csu.c /optee_os/core/drivers/imx_ele.c /optee_os/core/drivers/imx_i2c.c /optee_os/core/drivers/imx_lpuart.c /optee_os/core/drivers/imx_scu.c /optee_os/core/drivers/imx_uart.c /optee_os/core/drivers/imx_wdog.c /optee_os/core/drivers/ls_dspi.c /optee_os/core/drivers/pl011.c /optee_os/core/drivers/pm/sam/at91_pm.c /optee_os/core/drivers/rstctrl/rstctrl.c /optee_os/core/drivers/rstctrl/stm32_rstctrl.c /optee_os/core/drivers/serial8250_uart.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_etzpc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/drivers/stm32mp15_huk.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/tzc380.c /optee_os/core/drivers/xiphera_trng.c /optee_os/core/drivers/zynqmp_csu_aes.c /optee_os/core/include/crypto/crypto_accel.h /optee_os/core/include/drivers/caam_extension.h /optee_os/core/include/drivers/cbmem_console.h /optee_os/core/include/drivers/clk_dt.h /optee_os/core/include/drivers/i2c.h /optee_os/core/include/drivers/imx_mu.h /optee_os/core/include/drivers/rstctrl.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/include/kernel/linker.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/thread_private.h /optee_os/core/include/kernel/virtualization.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/console.c /optee_os/core/kernel/dt.c /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/dt_driver_test.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/thread.c /optee_os/core/lib/libtomcrypt/sha3_accel.c /optee_os/core/lib/libtomcrypt/src/hashes/sub.mk /optee_os/core/lib/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/libtomcrypt/tomcrypt.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/fobj.c /optee_os/core/pta/attestation.c /optee_os/core/pta/imx/manufacturing_protection.c /optee_os/core/pta/imx/sub.mk tee_svc_cryp.c /optee_os/ldelf/ldelf.mk /optee_os/ldelf/sub.mk /optee_os/ldelf/syscalls_rv.S /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libutee/arch/arm/sub.mk /optee_os/lib/libutee/include/elf.h /optee_os/lib/libutee/include/pta_imx_manufacturing_protection.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/sub.mk /optee_os/lib/libutee/tcb.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/user_ta_entry.c /optee_os/lib/libutee/user_ta_entry_compat.c /optee_os/lib/libutils/ext/include/bitstring.h /optee_os/mk/config.mk /optee_os/ta/arch/riscv/ta.ld.S /optee_os/ta/link.mk /optee_os/ta/link_shlib.mk /optee_os/ta/mk/build-user-ta.mk /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/ta.mk /optee_os/ta/user_ta_header.c
f5c3d85a	01-Dec-2020	Julien Masson <jmasson@baylibre.com>	core: crypto: add support MD5 hashes in RSA sign/verify/cipher Introduce support of using MD5 hashes in RSA sign/verify/cipher operations, which is required by AOSP Keymaster. This is verified in core: crypto: add support MD5 hashes in RSA sign/verify/cipher Introduce support of using MD5 hashes in RSA sign/verify/cipher operations, which is required by AOSP Keymaster. This is verified in VerificationOperationsTest.RsaSuccess VTS Test [1], which checks usage of such digests: NONE, MD5, SHA1, SHA_2_224, SHA_2_256, SHA_2_384, SHA_2_512. This patch has been inspired by commit[2]: Link: [1] https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp Link: [2] https://github.com/OP-TEE/optee_os/commit/199d0b7310d1705661a106358f1f0b46e4c5c587 ("core: crypto: add support MD5 hashes in RSA sign/verify") Signed-off-by: Julien Masson <jmasson@baylibre.com> Signed-off-by: Safae Ouajih <souajih@baylibre.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/drivers/crypto/crypto_api/acipher/rsassa.c /optee_os/core/drivers/zynqmp_csu_puf.c /optee_os/core/lib/libtomcrypt/rsa.c tee_svc_cryp.c /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c
3d70a974	19-Jun-2018	Igor Opaniuk <igor.opaniuk@linaro.org>	core: crypto: change supported HMAC key size ranges Change supported HMAC key size range from 64 to 1024 when CFG_HMAC_64_1024_RANGE config is enabled, This is required to successfully pass AOSP Key core: crypto: change supported HMAC key size ranges Change supported HMAC key size range from 64 to 1024 when CFG_HMAC_64_1024_RANGE config is enabled, This is required to successfully pass AOSP Keymaster VTS tests. From TEE Internal Core API specificaion: "Table 5-9, support for other sizes or algorithms is implementation-defined." Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org> Signed-off-by: Safae Ouajih <souajih@baylibre.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/dts/sama5d2.dtsi /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/tzc380.c /optee_os/core/arch/arm/plat-imx/main.c /optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts /optee_os/core/arch/arm/plat-totalcompute/platform_config.h /optee_os/core/drivers/clk/sam/sama5d2_clk.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/caam/caam_jr.c /optee_os/core/drivers/crypto/caam/include/caam_hal_jr.h /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/include/dt-bindings/clock/at91.h /optee_os/core/include/kernel/boot.h tee_svc_cryp.c /optee_os/mk/config.mk /optee_os/ta/pkcs11/src/entry.c
c4cab13e	20-Feb-2023	Clement Faure <clement.faure@nxp.com>	core: crypto: fix memory leak in Ed25519 support The software implementation of ED25519 algorithm has a memory leak in the key and key pair allocation. Upon every public key allocation, a key pair i core: crypto: fix memory leak in Ed25519 support The software implementation of ED25519 algorithm has a memory leak in the key and key pair allocation. Upon every public key allocation, a key pair is allocated (public and private components). When freeing the public key, only the public component is freed. To reproduce the issue: $ while xtest 4016; do :; done Until the following error: * regression_4016 Test TEE Internal API ED25519 sign/verify E/LD: copy_section_headers:1124 sys_copy_from_ta_bin E/TC:? 0 ldelf_init_with_ldelf:131 ldelf failed with res: 0xffff000c /usr/src/debug/optee-test/master.imx-r0/host/xtest/regression_4000.c:6062: xtest_teec_open_session(&session, &crypt_user_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff000c = TEEC_ERROR_OUT_OF_MEMORY, expected 0x0 = TEEC_SUCCESS regression_4016 FAILED To fix the memory leak, a separate public key allocation function must be defined along a ED25519 public key structure. Fixes: 0aaad418ac8b ("core: crypto: add Ed25519 support") Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-imx/link.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.h /optee_os/core/arch/arm/plat-k3/drivers/ti_sci_protocol.h /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-totalcompute/conf.mk /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/crypto/crypto.c /optee_os/core/drivers/clk/clk-stm32mp15.c /optee_os/core/drivers/crypto/versal/crypto.mk /optee_os/core/drivers/crypto/versal/ecc.c /optee_os/core/drivers/crypto/versal/rsa.c /optee_os/core/drivers/rstctrl/stm32_rstctrl.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_etzpc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/include/crypto/crypto.h /optee_os/core/include/drivers/gic.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/include/kernel/virtualization.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/ldelf_loader.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/thread.c /optee_os/core/kernel/tpm.c /optee_os/core/lib/libtomcrypt/ed25519.c /optee_os/core/mm/core_mmu.c /optee_os/core/pta/bcm/wdt.c /optee_os/core/pta/k3/otp.c /optee_os/core/pta/k3/sub.mk /optee_os/core/pta/stats.c /optee_os/core/pta/sub.mk /optee_os/core/pta/tests/misc.c tee_svc_cryp.c /optee_os/ldelf/include/ldelf.h /optee_os/ldelf/main.c /optee_os/ldelf/ta_elf.c /optee_os/ldelf/ta_elf.h /optee_os/lib/libutee/arch/arm/arm32_user_sysreg.txt /optee_os/lib/libutee/include/k3/otp_keywriting_ta.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/ext/pthread_stubs.c /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/config.mk /optee_os/mk/lib.mk /optee_os/scripts/ts_bin_to_c.py
138c5102	14-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject Adds the TA property gpd.ta.doesNotCloseHandleOnCorruptObject. All syscalls operating on an object handle and can return TEE_ERROR_CO GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject Adds the TA property gpd.ta.doesNotCloseHandleOnCorruptObject. All syscalls operating on an object handle and can return TEE_ERROR_CORRUPT_OBJECT must also do special treatment when TEE_ERROR_CORRUPT_OBJECT is returned. Prior to gpd.ta.doesNotCloseHandleOnCorruptObject this meant removing the object and closing the object handle. With the gpd.ta.doesNotCloseHandleOnCorruptObject property the object handle shouldn't be close if this the current TA has the property set to true. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_storage.c /optee_os/lib/libutee/arch/arm/user_ta_entry.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/mk/config.mk /optee_os/ta/arch/arm/user_ta_header.c /optee_os/ta/avb/entry.c /optee_os/ta/pkcs11/src/persistent_token.c /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing_asymm.c /optee_os/ta/pkcs11/src/processing_digest.c /optee_os/ta/pkcs11/src/processing_symm.c /optee_os/ta/trusted_keys/entry.c
e81ed9d4	07-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: syscall_hash_final() support XOF Adds support in syscall_hash_final() for Extendable Output Functions, that is, TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256 for now. Acked-by: Etienne Carriere <etie core: syscall_hash_final() support XOF Adds support in syscall_hash_final() for Extendable Output Functions, that is, TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256 for now. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/crypto.mk /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/lib/libtomcrypt/hash.c /optee_os/core/lib/libtomcrypt/hmac.c /optee_os/core/lib/libtomcrypt/shake.c /optee_os/core/lib/libtomcrypt/src/hashes/sub.mk /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/libtomcrypt/tomcrypt.c tee_svc_cryp.c
260b4028	02-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: crypto: add API for SHA-3 Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are Extendable-Output Functions (XOF), core: crypto: add API for SHA-3 Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are Extendable-Output Functions (XOF), but handled as hashes in the API. Adds API for SHA-3 based HMAC functions. For XOF algorithms crypto_hash_final() can be called multiple times and generate an arbitrary amount of data. Note that this data will have a common prefix if done over the same input (see A.2 in [1]). [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/crypto/crypto.c /optee_os/core/include/crypto/crypto_impl.h tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c
c6b8eb2d	05-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Update gpd.tee.trustedStorage.antiRollback.protectionLevel Updates used values for gpd.tee.trustedStorage.antiRollback.protectionLevel according to TEE Internal Core API version 1.3.1. Note GP131: Update gpd.tee.trustedStorage.antiRollback.protectionLevel Updates used values for gpd.tee.trustedStorage.antiRollback.protectionLevel according to TEE Internal Core API version 1.3.1. Note that protection level 0 is not valid any longer, so report level 100 when RPMB isn't in use. Only root can tamper with the REE FS storage due to the REE file system permissions. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc.c
5c4bbf0f	05-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: add TA property gpd.client.endian Adds the new property "gpd.client.endian" to report the endianness used by a client. At the moment there is no way for a client to report its endianness to GP131: add TA property gpd.client.endian Adds the new property "gpd.client.endian" to report the endianness used by a client. At the moment there is no way for a client to report its endianness to OP-TEE so assume that all are little-endian. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutee/tee_api_property.c /optee_os/ta/arch/arm/user_ta_header.c
999b69d0	02-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to TEE Internal Core API version 1.3.1. The srcLen and dstLen GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to TEE Internal Core API version 1.3.1. The srcLen and dstLen parameters are changed to use size_t instead of uint32_t Adds the optional attribute TEE_ATTR_RSA_OAEP_MGF_HASH which if provided specifies the MGF1 hash function to use. Prior to GP v1.3.1 it was implementation defined. OP-TEE only supports using the same MGF1 hash function as the internal hash function of the algorithim, that is, for the algorithm TEE_ALG_RSAES_PKCS1_OAEP_MGF1_x that hash function TEE_ALG_x is used. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c
f22e1655	01-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Update TEE_CreatePersistentObject() Update TEE_CreatePersistentObject() according to TEE Internal Core API version 1.3.1. The objectIDLen parameter is changed to use size_t instead of uint32_ GP131: Update TEE_CreatePersistentObject() Update TEE_CreatePersistentObject() according to TEE Internal Core API version 1.3.1. The objectIDLen parameter is changed to use size_t instead of uint32_t. The object parameter is now an optional pointer to a handle. When NULL the standard says: If attributes is a handle on an initialized transient object, the initialized transient object SHALL be transformed to a persistent object. So syscall_storage_obj_create() is also updated accordingly. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/pta/tests/invoke.c tee_svc_storage.c /optee_os/lib/libutee/arch/arm/sub.mk /optee_os/lib/libutee/arch/arm/user_ta_entry_compat.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_api_types.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutee/tee_api_panic.c /optee_os/lib/libutee/tee_api_private.h /optee_os/lib/libutee/tee_api_property.c /optee_os/ta/arch/arm/user_ta_header.c
b93c7dff	05-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Update HKDF defines OP-TEE provides an HKDF implementation as an extension to the TEE Internal Core API which predates version 1.3 of the specification where HKDF was officially introduced. GP131: Update HKDF defines OP-TEE provides an HKDF implementation as an extension to the TEE Internal Core API which predates version 1.3 of the specification where HKDF was officially introduced. Update with the official defines and resolve name clashes. With this OP-TEE supports both the old extension and the new official API. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/utee_defines.h
fe2fd3ff	24-Nov-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and TEE_ALG_ECDSA_SHA* Adds the defines - TEE_ALG_ECDH_DERIVE_SHARED_SECRET - TEE_ALG_ECDSA_SHA1 - TEE_ALG_ECDSA_SHA224 - TEE_ALG_ECDSA_SHA256 - TEE_ALG_ GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and TEE_ALG_ECDSA_SHA* Adds the defines - TEE_ALG_ECDH_DERIVE_SHARED_SECRET - TEE_ALG_ECDSA_SHA1 - TEE_ALG_ECDSA_SHA224 - TEE_ALG_ECDSA_SHA256 - TEE_ALG_ECDSA_SHA386 - TEE_ALG_ECDSA_SHA512 from TEE Internal Core API version 1.3.1 to replace the previous now deprecated defines: - TEE_ALG_ECDSA_P192 - TEE_ALG_ECDSA_P224 - TEE_ALG_ECDSA_P256 - TEE_ALG_ECDSA_P384 - TEE_ALG_ECDSA_P521 - TEE_ALG_ECDH_P192 - TEE_ALG_ECDH_P224 - TEE_ALG_ECDH_P256 - TEE_ALG_ECDH_P384 - TEE_ALG_ECDH_P521 The new defines have new values and the values from the old defines are not reused. The syscall ABI maintains compatibility by handling both the old and new values in parallel from now on. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/Makefile /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/crypto/sha512_armv8a_ce.c /optee_os/core/arch/arm/crypto/sha512_armv8a_ce_a64.S /optee_os/core/arch/arm/crypto/sm3_armv8a_ce.c /optee_os/core/arch/arm/crypto/sm3_armv8a_ce_a64.S /optee_os/core/arch/arm/crypto/sub.mk /optee_os/core/arch/arm/dts/at91-sama5d27_som1.dtsi /optee_os/core/arch/arm/dts/at91-sama5d27_som1_ek.dts /optee_os/core/arch/arm/dts/at91-sama5d27_wlsom1.dtsi /optee_os/core/arch/arm/dts/at91-sama5d27_wlsom1_ek.dts /optee_os/core/arch/arm/dts/at91-sama5d2_xplained.dts /optee_os/core/arch/arm/dts/sama5d2.dtsi /optee_os/core/arch/arm/dts/stm32mp13-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/include/hafnium.h /optee_os/core/arch/arm/include/kernel/arch_scall.h /optee_os/core/arch/arm/include/kernel/delay_arch.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/include/scmi/scmi_server.h /optee_os/core/arch/arm/kernel/arch_scall.c /optee_os/core/arch/arm/kernel/arch_scall_a32.S /optee_os/core/arch/arm/kernel/arch_scall_a64.S /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/ldelf_loader.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/main.c /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-mediatek/platform_config.h /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-sam/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/nsec-service/stm32mp1_smc.h /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/arch/arm/plat-versal/main.c /optee_os/core/arch/arm/plat-versal/platform_config.h /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/arm/tee/sub.mk /optee_os/core/arch/riscv/include/kernel/arch_scall.h /optee_os/core/arch/riscv/include/kernel/clint.h /optee_os/core/arch/riscv/include/kernel/delay_arch.h /optee_os/core/arch/riscv/include/kernel/stmm_sp.h /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/include/kernel/time.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/include/riscv_macros.S /optee_os/core/arch/riscv/kernel/abort.c /optee_os/core/arch/riscv/kernel/arch_scall.c /optee_os/core/arch/riscv/kernel/arch_scall_rv.S /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/cache_helpers_rv.S /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/arch/riscv/kernel/link.mk /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/kernel/tee_time_rdtime.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/plat-virt/main.c /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/arch/riscv/plat-virt/sub.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/arch/riscv/tee/sub.mk /optee_os/core/core.mk /optee_os/core/crypto.mk /optee_os/core/crypto/sm3.c /optee_os/core/drivers/atmel_rstc.c /optee_os/core/drivers/atmel_shdwc.c /optee_os/core/drivers/atmel_wdt.c /optee_os/core/drivers/clk/clk.c /optee_os/core/drivers/crypto/caam/acipher/caam_math.c /optee_os/core/drivers/crypto/caam/utils/utils_delay.c /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/crypto_api/acipher/rsassa.c /optee_os/core/drivers/crypto/crypto_api/cipher/cipher.c /optee_os/core/drivers/crypto/crypto_api/hash/hash.c /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/adaptors/include/se050.h /optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c /optee_os/core/drivers/crypto/se050/adaptors/utils/utils.c /optee_os/core/drivers/crypto/se050/core/ecc.c /optee_os/core/drivers/crypto/se050/core/rsa.c /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/drivers/hfic.c /optee_os/core/drivers/ls_sfp.c /optee_os/core/drivers/rstctrl/rstctrl.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32mp15_huk.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_huk.c /optee_os/core/include/crypto/crypto_accel.h /optee_os/core/include/drivers/clk.h /optee_os/core/include/drivers/clk_dt.h /optee_os/core/include/drivers/hfic.h /optee_os/core/include/drivers/ls_sfp.h /optee_os/core/include/drivers/rstctrl.h /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/kernel/delay.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/include/kernel/scall.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/kernel/delay.c /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/notif.c /optee_os/core/kernel/otp_stubs.c /optee_os/core/kernel/scall.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_misc.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/tee_time.c /optee_os/core/kernel/tee_time_ree.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/sha512_accel.c /optee_os/core/lib/libtomcrypt/src/hashes/sha2/sub.mk /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/scmi-server/conf-optee-fvp.mk /optee_os/core/lib/scmi-server/conf-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/conf.mk /optee_os/core/lib/scmi-server/include/optee_scmi.h /optee_os/core/lib/scmi-server/scmi_server.c /optee_os/core/lib/scmi-server/sub-optee-fvp.mk /optee_os/core/lib/scmi-server/sub-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/sub.mk /optee_os/core/pta/device.c /optee_os/core/pta/imx/digprog.c /optee_os/core/pta/imx/ocotp.c /optee_os/core/pta/imx/sub.mk /optee_os/core/pta/scmi.c /optee_os/core/pta/stm32mp/bsec_pta.c /optee_os/core/pta/stm32mp/sub.mk /optee_os/core/pta/sub.mk tee_svc_cryp.c /optee_os/lib/libmbedtls/core/hash.c /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libutee/arch/riscv/sub.mk /optee_os/lib/libutee/arch/riscv/utee_syscalls_rv.S /optee_os/lib/libutee/include/pta_imx_digprog.h /optee_os/lib/libutee/include/pta_imx_ocotp.h /optee_os/lib/libutee/include/pta_scmi_client.h /optee_os/lib/libutee/include/pta_stm32mp_bsec.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/arch/riscv/atomic_rv.S /optee_os/lib/libutils/ext/arch/riscv/sub.mk /optee_os/lib/libutils/ext/include/config.h /optee_os/lib/libutils/isoc/arch/riscv/setjmp_rv.S /optee_os/lib/libutils/isoc/arch/riscv/sub.mk /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/assert.h /optee_os/lib/libutils/isoc/include/setjmp.h /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/checkpatch.sh /optee_os/ta/avb/entry.c /optee_os/ta/ta.mk
3e8a6147	15-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: crypto: fix TEE_ATTR_EDDSA_PREHASH interpretation Commit 0aaad418ac8b ("core: crypto: add Ed25519 support") introduced support for the ED25519 algorithm. This included parsing a TEE_ATTR_EDDSA core: crypto: fix TEE_ATTR_EDDSA_PREHASH interpretation Commit 0aaad418ac8b ("core: crypto: add Ed25519 support") introduced support for the ED25519 algorithm. This included parsing a TEE_ATTR_EDDSA_PREHASH parameter that unfortunately was not fully compliant with the standard. So fix this with a more strict interpretation of TEE_ATTR_EDDSA_PREHASH as described in the specification. Fixes: 0aaad418ac8b ("core: crypto: add Ed25519 support") Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Valerii Chubar <valerii_chubar@epam.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/lib/libtomcrypt/ccm.c tee_svc_cryp.c
de1cd722	20-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: syscall_storage_obj_write(): handle corrupt object All syscalls operating on an object handle and can return TEE_ERROR_CORRUPT_OBJECT must also remove the object if the return code is TEE_ERRO core: syscall_storage_obj_write(): handle corrupt object All syscalls operating on an object handle and can return TEE_ERROR_CORRUPT_OBJECT must also remove the object if the return code is TEE_ERROR_CORRUPT_OBJECT. This is missing in syscall_storage_obj_write() so add the missing call to remove the object if it is corrupt. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/plat-d06/conf.mk /optee_os/core/arch/arm/plat-d06/main.c /optee_os/core/arch/arm/plat-d06/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/drivers/lpc_uart.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_pm.c /optee_os/core/drivers/versal_puf.c /optee_os/core/include/drivers/lpc_uart.h /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/drivers/versal_puf.h /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/lib/libtomcrypt/rsa.c tee_svc_storage.c /optee_os/lib/libutee/arch/arm/utee_syscalls_a32.S /optee_os/lib/libutee/arch/arm/utee_syscalls_a64.S /optee_os/lib/libutee/arch/riscv/sub.mk /optee_os/lib/libutee/arch/riscv/utee_syscalls_rv64.S /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/utee_syscalls_asm.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing_asymm.c /optee_os/ta/pkcs11/src/processing_digest.c /optee_os/ta/pkcs11/src/processing_symm.c
d684a4ef	08-Dec-2022	Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>	core: crypto: Fix tee_obj_attr_copy_from for X25519 Make sure in tee_obj_attr_copy_from() if the source object type is TEE_TYPE_X25519_KEYPAIR the destination object type should be TEE_TYPE_X25519_P core: crypto: Fix tee_obj_attr_copy_from for X25519 Make sure in tee_obj_attr_copy_from() if the source object type is TEE_TYPE_X25519_KEYPAIR the destination object type should be TEE_TYPE_X25519_PUBLIC_KEY. The function should extract public key attributes if presented with a key pair object. According to the TEE Internal Core API Specification v1.2 we should check if the source is of type _KEYPAIR then the destination is a subset of type _PUBLIC_KEY when populating the destination object as listed in the Table 5-11. Fixes: 90040fa4c81c ("core: crypto: add X25519 support") Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com> show more ... /optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi /optee_os/core/arch/arm/plat-stm/main.c /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/drivers/imx_lpuart.c /optee_os/core/drivers/ls_sfp.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/ls_sfp.h /optee_os/core/include/drivers/serial.h /optee_os/core/kernel/console.c tee_svc_cryp.c /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/utee_syscalls.h /optee_os/lib/libutee/tee_api.c /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_attributes.h /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing.h /optee_os/ta/pkcs11/src/processing_asymm.c /optee_os/ta/pkcs11/src/processing_rsa.c /optee_os/ta/pkcs11/src/token_capabilities.c
1b865ed6	05-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_* Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by mistake the wrong values for these two. To fix this we're are renaming these IDs alt Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_* Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by mistake the wrong values for these two. To fix this we're are renaming these IDs alternative IDs which OP-TEE will recognize in addition to the correct official values when deriving a key using the TEE_ALG_SM2_KEP algorithm. TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X and TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y are only used as input parameters so there is no need to translate back to the old invalid values. Fixes: 5b385b3f835d ("core: crypto: add support for SM2 KEP") Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/crypto/crypto.c /optee_os/core/crypto/sm4-xts.c /optee_os/core/crypto/sm4.c /optee_os/core/crypto/sm4.h /optee_os/core/crypto/sub.mk /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/kernel/embedded_ts.c tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/ta/pkcs11/src/processing.c
696f56ac	22-Nov-2022	Pingan Xie <xiepingan3@huawei.com>	core, libutee: introduce TEE_ALG_SM4_XTS In this patch, The sm4-xts algorithm is supported in the GP process. Signed-off-by: Pingan Xie <xiepingan3@huawei.com> Reviewed-by: Xiaoxu Zeng <zengxiaoxu@ core, libutee: introduce TEE_ALG_SM4_XTS In this patch, The sm4-xts algorithm is supported in the GP process. Signed-off-by: Pingan Xie <xiepingan3@huawei.com> Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/core.mk /optee_os/core/crypto.mk /optee_os/core/drivers/crypto/versal/ecc.c /optee_os/core/drivers/crypto/versal/ipi.c /optee_os/core/drivers/crypto/versal/rsa.c /optee_os/core/drivers/crypto/versal/sub.mk /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_sha3_384.c /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/drivers/versal_sha3_384.h /optee_os/core/include/kernel/boot.h /optee_os/core/lib/libtomcrypt/ecc.c tee_cryp_utl.c tee_svc_cryp.c /optee_os/ldelf/ldelf.ld.S /optee_os/ldelf/ldelf.mk /optee_os/ldelf/start_rv64.S /optee_os/ldelf/sub.mk /optee_os/ldelf/ta_elf.c /optee_os/ldelf/ta_elf_rel.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libutee/include/elf_common.h /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/include/confine_array_index.h /optee_os/lib/libutils/isoc/stack_check.c /optee_os/mk/config.mk /optee_os/ta/arch/arm/user_ta_header.c /optee_os/ta/mk/build-user-ta.mk /optee_os/ta/mk/ta_dev_kit.mk /optee_os/ta/ta.mk
1 234 5 6 7 8 9 10 >>...24