History log of /optee_os/ta/pkcs11/src/sanitize_object.c (Results 1 – 10 of 10)
Revision Date Author Comments
# 4bc2a199 10-Jan-2024 Clement Faure <clement.faure@nxp.com>

ta: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <

ta: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...


# dbc2184e 08-Dec-2021 Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Fix memory leak

When sanitizing indirect templates, obj2 was getting allocated
twice leading to memory leak.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne

ta: pkcs11: Fix memory leak

When sanitizing indirect templates, obj2 was getting allocated
twice leading to memory leak.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/5022

show more ...


# 4137952d 23-Jan-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add certificate object support

Adds support for:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key ce

ta: pkcs11: Add certificate object support

Adds support for:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


# ed8bece7 09-Mar-2021 Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Remove class and key check for indirect attributes

In sanitize_indirect_attributes(), class and key check is performed
to check that the indirect attribute is provided only for particula

ta: pkcs11: Remove class and key check for indirect attributes

In sanitize_indirect_attributes(), class and key check is performed
to check that the indirect attribute is provided only for particular
type of key objects. This check causes issue in case an indirect
template further has pointer to another indirect template. It is not
essential for an indirect template to have class and key attributes.

When creating objects for classes which don't support the indirect
template, this would result in scenario where error is not returned.
However, the indirect attribute won't get added to the created object.
This is inline with how the other attributes are dealt with currently.
eg. if while creating a secret key, a public key attribute is passed,
it is currently ignored rather than returning error. A probable
fix is to check all the attributes in the user provided template with
the attributes of the type of object which needs to be created.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...


# 18e77482 26-Feb-2021 Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Correct the error in tracing indirect attributes

When tracing indirect attributes, size passed in
trace_attributes_from_api_head() was not correct resulting in
error.

Reviewed-by: Etien

ta: pkcs11: Correct the error in tracing indirect attributes

When tracing indirect attributes, size passed in
trace_attributes_from_api_head() was not correct resulting in
error.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...


# efe1165f 26-Feb-2021 Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Fix class check when sanitizing indirect attributes

Indirect attributes are expected only for keys. Correct this
check in sanitize_indirect_attr().

Reviewed-by: Etienne Carriere <etienn

ta: pkcs11: Fix class check when sanitizing indirect attributes

Indirect attributes are expected only for keys. Correct this
check in sanitize_indirect_attr().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...


# 46900d03 02-Dec-2020 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Fix serialization handling for non-indirect attributes

Both sides of serialization and de-serialization must match the logic.

Only TEMPLATE based arguments has indirect attributes so de

ta: pkcs11: Fix serialization handling for non-indirect attributes

Both sides of serialization and de-serialization must match the logic.

Only TEMPLATE based arguments has indirect attributes so detect them and
handle them specifically.

Otherwise use standard attribute handling code for other attributes.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


# dcad3409 18-Dec-2020 Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Add class and type hint in sanitize_client_object()

Specification allows one to pass templates while genrating
key/keypair where class and type may be omitted from the template.
In such

ta: pkcs11: Add class and type hint in sanitize_client_object()

Specification allows one to pass templates while genrating
key/keypair where class and type may be omitted from the template.
In such cases, pass class and type as hint in sanitize_client_object()
so that they can be added in the attribute list being prepared.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


# 5440719d 11-Dec-2020 Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Temporary workaround in sanitize_indirect_attr()

Since the type of key to be generated is implicit in the key generation
mechanism, the template does not need to supply a key type or cla

ta: pkcs11: Temporary workaround in sanitize_indirect_attr()

Since the type of key to be generated is implicit in the key generation
mechanism, the template does not need to supply a key type or class.
(CKA_CLASS and CKA_KEY_TYPE attributes). sanitize_indirect_attr()
expects these attributes to be available else gives an error.

The right way of handling this would be perhaps passing a hint
of the class and key type to this function if key is being generated
using key generated mechanisms. However, we don't have support for
wrap/derive key which uses the indirect attributes at present in the
code. So, we would not be able to test it. For now, just move the class
checking afer the attribute checking which helps avoid this error.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...


# 63f89caa 04-May-2020 Jens Wiklander <jens.wiklander@linaro.org>

ta: pkcs11: attribute helper functions

* Helper functions for object attributes management.
* Helper functions to safely parse client attributes template
to create a list of attributes for a objec

ta: pkcs11: attribute helper functions

* Helper functions for object attributes management.
* Helper functions to safely parse client attributes template
to create a list of attributes for a object in the PKCS11 ta.
* Helper functions for assigning or checking object attributes
according to PKCS#11 specification.
* Add id-to-string conversion for attribute/class/key types.
* Helper functions to analyze object attributes.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...