sub.mk - OpenGrok history log for /optee

Revision	Date	Author	Comments
# 86922832	04-Jan-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add RSA key pair generation support Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.4 PKCS #1 RSA key pair generatio ta: pkcs11: Add RSA key pair generation support Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.4 PKCS #1 RSA key pair generation Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ...
# fb279d8b	26-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for elliptic curve signing & verification Add support for performing elliptic curve signing & verification operations for: - ECDSA with supplied hash value - Multi stage SHA ta: pkcs11: Add support for elliptic curve signing & verification Add support for performing elliptic curve signing & verification operations for: - ECDSA with supplied hash value - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3 Elliptic Curve Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ...
# 02b16804	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for elliptic curve key pair generation Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3.5 Elliptic curve ta: pkcs11: Add support for elliptic curve key pair generation Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3.5 Elliptic curve key pair generation Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Co-developed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ...
# 9e91a619	20-Feb-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for digest operations Implements support for digest operations as specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.10 Me ta: pkcs11: Add support for digest operations Implements support for digest operations as specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.10 Message digesting functions Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ...
# 512cbf1d	15-Jul-2020	Jens Wiklander <jens.wiklander@linaro.org>	ta: pkcs11: adds support for symmetric AES cipher modes Adds support for the AES modes ECB, CBC, CTR and CTS. Much infrastructure is added to handle mechanisms. Reviewed-by: Vesa Jääskeläinen <ves ta: pkcs11: adds support for symmetric AES cipher modes Adds support for the AES modes ECB, CBC, CTR and CTS. Much infrastructure is added to handle mechanisms. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ...
# b56b3d07	04-May-2020	Jens Wiklander <jens.wiklander@linaro.org>	ta: pkcs11: support command to import and destroy object Implement commands PKCS11_CMD_CREATE_OBJECT and PKCS11_CMD_DESTROY_OBJECT. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed- ta: pkcs11: support command to import and destroy object Implement commands PKCS11_CMD_CREATE_OBJECT and PKCS11_CMD_DESTROY_OBJECT. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ...
# 63f89caa	04-May-2020	Jens Wiklander <jens.wiklander@linaro.org>	ta: pkcs11: attribute helper functions * Helper functions for object attributes management. * Helper functions to safely parse client attributes template to create a list of attributes for a objec ta: pkcs11: attribute helper functions * Helper functions for object attributes management. * Helper functions to safely parse client attributes template to create a list of attributes for a object in the PKCS11 ta. * Helper functions for assigning or checking object attributes according to PKCS#11 specification. * Add id-to-string conversion for attribute/class/key types. * Helper functions to analyze object attributes. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ...
# 22ada947	12-Mar-2020	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: handle database for various client references Dump core/kernel/handle.c into PKCS11 TA source tree with some changes: - Remove ptr_destructor() support, - Adapt the TEE Internal APIs (I. ta: pkcs11: handle database for various client references Dump core/kernel/handle.c into PKCS11 TA source tree with some changes: - Remove ptr_destructor() support, - Adapt the TEE Internal APIs (I.e. TEE_MemMove() instead of memcpy()), - Produce 32bit IDs starting from 1, 0 is reserved as undefined reference. Most handles return by the TA to the client are 32bit unsigned values as per TA API. handle.c will manage these IDs. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> show more ...
# 8849c126	18-Feb-2020	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: support for mechanism embedded in a token Implement token_capabilities.c to centralize the mechanisms supported by a token. As PKCS11 TA can implemented several token, each token may pro ta: pkcs11: support for mechanism embedded in a token Implement token_capabilities.c to centralize the mechanisms supported by a token. As PKCS11 TA can implemented several token, each token may provide support for a restricted list of mechanisms and processing over these mechanisms. Array pkcs11_modes[] is used to strictly define the processing that are allowed for a mechanism as per PKCS#11 specification. Conversion of a mechanism ID into a debug friendly string is implemented in token_capabilities.c rather than pkcs11_helpers.c as for the other string helpers since the source file already defines the list of the valid mechanism IDs, hence an indirection from id2str_mechanism() to mechanism_string_id(). Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ...
# 4f8a354f	04-Feb-2020	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: de-serialization of command arguments Add serialize.c\|.h that provide functions to extract a sized data in a serialized buffer as used for command serial arguments. Signed-off-by: Etien ta: pkcs11: de-serialization of command arguments Add serialize.c\|.h that provide functions to extract a sized data in a serialized buffer as used for command serial arguments. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ...
# c84ccd0a	04-Feb-2020	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: persistent database for the pkcs11 tokens Initialize token(s) state from a persistent database. If no persistent database is found in the secure storage, initialize it to a default state ta: pkcs11: persistent database for the pkcs11 tokens Initialize token(s) state from a persistent database. If no persistent database is found in the secure storage, initialize it to a default state and save the database in secure storage. PKCS11 TA may implement several tokens each related to its own database. A token persistent database is stored in several part in TEE secure storage. The main database stores token label, flags and PINs status. Another database stores the UUIDs of the TEE persistent objects used to store the token PKCS11 objects allowing the token to find back PKCS11 persistent objects. This object database is out of the scope of this change. At runtime, a token instance is reference by a struct ck_token instance in RAM which stores the state of the token and references to the resources the token as loaded as PIN cipher keys (see paragraph below), session states and the volatile copy of the persistent databases. Among data saved in persistent database is the reference to the keys used to cipher the PINs that will be used. A symmetric encryption scheme is used using keys PKCS11 TA does not have access to. This allows PKCS11 TA to save in RAM an encrypted value of the owners PINs. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ...
# f7d7fcd9	20-Jan-2020	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: string debug trace for ta command ids ck_helper.c/.h provide will helper functions for IDs. This change starts with providing a string ID for a numerical command ID. Matching IDs a stri ta: pkcs11: string debug trace for ta command ids ck_helper.c/.h provide will helper functions for IDs. This change starts with providing a string ID for a numerical command ID. Matching IDs a strings are stored in a constant array. Macros PKCS11_ID() ease definition of ID/string conversion arrays content. Function id2str() finds the string for a IDs possibly skip a given prefix, i.e. printing "ENCRYPT" instead of "PKCS11_CKFM_ENCRYPT". TA command IDs are the first introduced ID/string conversion util. Function id2str_ta_cmd() return string "PKCS11_CMD_..." for a known command ID. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ...
# f8a3a2c4	11-Jan-2019	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: base for PKCS#11 services and TA API PKCS11 TA aims at providing PKCS#11 compliant services through a trusted application operating as a secure service provider. This is the first step f ta: pkcs11: base for PKCS#11 services and TA API PKCS11 TA aims at providing PKCS#11 compliant services through a trusted application operating as a secure service provider. This is the first step for the PKCS#11 TA that introduces the TA skeleton source file tree. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ...