History log of /optee_os/ta/pkcs11/src/processing_rsa.c (Results 1 – 9 of 9)
Revision Date Author Comments
# c2c23cd4 14-Oct-2025 Etienne Carriere <etienne.carriere@st.com>

ta: pkcs11: be flexible on RSA private key optional attributes

Allow RSA private key to partially store the RSA private key optional
attributes without facing complaints from the GP TEE API.

On one

ta: pkcs11: be flexible on RSA private key optional attributes

Allow RSA private key to partially store the RSA private key optional
attributes without facing complaints from the GP TEE API.

On one hand, in the PKCS#11 specification, RSA private key attributes
CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2 and
CKA_COEFFICIENT are optional and the spec does not add much constraints
on their presence.

On the other hand, the GP TEE Internal Core API requests that these
5 optional attributes are all present or none is present at all.

As a trade-off, allow PKCS#11 client to partially provide them but do not
load them into the TEE object unless they are all present.

Fixes: 3dc4089afde2 ("ta: pkcs11: correct RSA keys extended attributes sanitation")
Closes: https://github.com/OP-TEE/optee_os/issues/5418
Closes: https://github.com/OP-TEE/optee_os/issues/7520
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...


# 04e46975 16-Dec-2024 Etienne Carriere <etienne.carriere@foss.st.com>

tree-wide: use ROUNDUP_DIV() where applicable

Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Je

tree-wide: use ROUNDUP_DIV() where applicable

Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...


# e02f17f3 24-Jul-2024 Alexandre Marechal <alexandre.marechal@st.com>

ta: pkcs11: add CKM_RSA_X_509 authentication

Add support for CKM_RSA_X_509 mechanism for sing/verify operations.

Sign and verify operations are processed using TEE decrypt/encrypt
operation since G

ta: pkcs11: add CKM_RSA_X_509 authentication

Add support for CKM_RSA_X_509 mechanism for sing/verify operations.

Sign and verify operations are processed using TEE decrypt/encrypt
operation since GP TEE Internal Core API specification only allows
these modes for TEE_ALG_RSA_NOPAD algorithm. The pkcs11 TA only support
sign operation when the provided payload is exactly of the same size
as the RSA key used and checks the generate signature is of right size.

This mechanism can be needed to support CKM_RSA_X_509 for TLSv1.2
connections.

Add CFG_PKCS11_TA_RSA_X_509 to allow configuring the pkcs11 TA
with or without raw RSA crypto support. The config switch is default
enabled.

Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...


# 3dc4089a 24-Apr-2024 Etienne Carriere <etienne.carriere@foss.st.com>

ta: pkcs11: correct RSA keys extended attributes sanitation

Fix RSA key attributes function load_tee_rsa_key_attrs() that badly
checks that the 5 extended RSA attributes are found in the key object.

ta: pkcs11: correct RSA keys extended attributes sanitation

Fix RSA key attributes function load_tee_rsa_key_attrs() that badly
checks that the 5 extended RSA attributes are found in the key object.

Link: https://github.com/OP-TEE/optee_test/issues/721#issuecomment-2068055537
Link: https://github.com/OP-TEE/optee_test/issues/721#issuecomment-2072064963
Fixes: 0442c956edfb ("ta: pkcs11: Add support for RSA signing & verification")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


# 45d40bda 05-Dec-2022 Valerii Chubar <valerii_chubar@epam.com>

ta: pkcs11: Add RSA AES key wrap

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

6.1.23 RSA AES KEY WRAP

The mechanism requires AES K

ta: pkcs11: Add RSA AES key wrap

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

6.1.23 RSA AES KEY WRAP

The mechanism requires AES KWP mechanism CKM_AES_KEY_WRAP_KWP
which is not currently implemented in OP-TEE nor mentioned in
Global Platform specification.

Use the MBedTLS to wrap/unwrap the target key.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


# dc8c77fc 06-Aug-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add support for RSA OAEP encryption & decryption

Add support for performing PKCS #1 RSA OAEP encryption & decryption
operations for:

- MGF1 SHA-1
- MGF1 SHA-224
- MGF1 SHA-256
- MGF1 SH

ta: pkcs11: Add support for RSA OAEP encryption & decryption

Add support for performing PKCS #1 RSA OAEP encryption & decryption
operations for:

- MGF1 SHA-1
- MGF1 SHA-224
- MGF1 SHA-256
- MGF1 SHA-384
- MGF1 SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.8 PKCS #1 RSA OAEP

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


# d9af50bc 14-Jul-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add support for RSA PSS signing & verification

Add support for performing RSA PSS signing & verification operations for:

- PKCS #1 RSA PSS with supplied hash value
- Multi stage SHA-1
-

ta: pkcs11: Add support for RSA PSS signing & verification

Add support for performing RSA PSS signing & verification operations for:

- PKCS #1 RSA PSS with supplied hash value
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.10 PKCS #1 RSA PSS

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


# 0442c956 04-Jan-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add support for RSA signing & verification

Add support for performing RSA signing & verification operations for:

- PKCS #1 v1.5 RSA with supplied hash value
- Multi stage MD5
- Multi st

ta: pkcs11: Add support for RSA signing & verification

Add support for performing RSA signing & verification operations for:

- PKCS #1 v1.5 RSA with supplied hash value
- Multi stage MD5
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1 RSA

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


# 86922832 04-Jan-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add RSA key pair generation support

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.4 PKCS #1 RSA key pair generatio

ta: pkcs11: Add RSA key pair generation support

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.4 PKCS #1 RSA key pair generation

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...