| #
04e46975 |
| 16-Dec-2024 |
Etienne Carriere <etienne.carriere@foss.st.com> |
tree-wide: use ROUNDUP_DIV() where applicable
Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable.
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Je
tree-wide: use ROUNDUP_DIV() where applicable
Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable.
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| #
63778faa |
| 12-Feb-2024 |
Etienne Carriere <etienne.carriere@foss.st.com> |
ta: pkcs11: implement AES GCM operations
Implement AES GCM authenticated encryption and decryption.
AES GCM decryption requires that the output data is revealed only once
decryption is finalized an
ta: pkcs11: implement AES GCM operations
Implement AES GCM authenticated encryption and decryption.
AES GCM decryption requires that the output data is revealed only once
decryption is finalized and the MAC signature successfully verified.
For this operation, the AES GCM context references a dynamically
allocated data buffer to store output data as they are generated by
each call to TEE_AEUpdate().
AES GCM one-shot operation in the pkc11 TA is a bit specific in that
it requires an extra TEE operation handle to save the initialized
operation state in case of one shot processing request (C_Encrypt()
or C_Decrypt() cryptoki API functions) that queries the output buffer
size. GP TEE Internal Core API does not define a single API function
for such one shot operation that could be called to query the output
buffer size. We must first fully process the input data (TEE_AEUpdate())
before we can query the output buffer size with TEE_AEEncryptFinal() or
TEE_AEDecryptFinal(). Consequently we will need to process again the
input data when client provides a well sized output buffer as we are not
sure that input data will be the same. Therefore the implementation
allocates a 2nd operation handle, copy the operation state into after
it is initialized and use this context to restore this initial state in
case the one shot AE operation is returning PKCS11_CKR_BUFFER_TOO_SMALL.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Co-developed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
show more ...
|
| #
5d5f504f |
| 10-Dec-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: remove empty tee_release_ctr_operation()
Remove function tee_release_ctr_operation() that is empty since
the generic sequence already releases CTR operation extra context.
Reviewed-by:
ta: pkcs11: remove empty tee_release_ctr_operation()
Remove function tee_release_ctr_operation() that is empty since
the generic sequence already releases CTR operation extra context.
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| #
512cbf1d |
| 15-Jul-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: adds support for symmetric AES cipher modes
Adds support for the AES modes ECB, CBC, CTR and CTS.
Much infrastructure is added to handle mechanisms.
Reviewed-by: Vesa Jääskeläinen <ves
ta: pkcs11: adds support for symmetric AES cipher modes
Adds support for the AES modes ECB, CBC, CTR and CTS.
Much infrastructure is added to handle mechanisms.
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|