| c4108388 | 22-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: token_capabilities.h: add missing includes
Adds missing includes in token_capabilities.h.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jer
ta: pkcs11: token_capabilities.h: add missing includes
Adds missing includes in token_capabilities.h.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 39b43b78 | 04-May-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: replace complicated params pointer calculation
Replaces params pointer calculations on the form
ctrl = ¶ms[0];
out = ¶ms[2];
with a plain
ctrl = params;
out = params + 2;
in all
ta: pkcs11: replace complicated params pointer calculation
Replaces params pointer calculations on the form
ctrl = ¶ms[0];
out = ¶ms[2];
with a plain
ctrl = params;
out = params + 2;
in all entry function still using this form.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 4daf39b3 | 23-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: use enum pkcs11_rc instead of uint32_t
Uses enum pkcs11_rc instead of uint32_t where appropriate, that is, as
function return type and local return value type.
Reviewed-by: Rouven Czerw
ta: pkcs11: use enum pkcs11_rc instead of uint32_t
Uses enum pkcs11_rc instead of uint32_t where appropriate, that is, as
function return type and local return value type.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f40f331f | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: use serialargs_get_session_from_handle()
Change command processing entry functions to use helper function
serialargs_get_session_from_handle() to get session from the
session handle seri
ta: pkcs11: use serialargs_get_session_from_handle()
Change command processing entry functions to use helper function
serialargs_get_session_from_handle() to get session from the
session handle serialized input argument instead of the 2 step
serialargs_get()/pkcs11_handle2session().
No functional change as current functions always first checked
session validity prior other arguments validity, assuming client
arguments were well serialized.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 3158faf6 | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: helper function to get session from serial arguments
Add helper function serialargs_get_session_from_handle() to get
session instance from a 32bit session handle value in the
client seri
ta: pkcs11: helper function to get session from serial arguments
Add helper function serialargs_get_session_from_handle() to get
session instance from a 32bit session handle value in the
client serialized arguments.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 02b4d42a | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: set default token serial number based on token ID
With this change, token serial number is string "0...0000000<N>" over
16 characters, led with '0' and ending with token ID decimal value
ta: pkcs11: set default token serial number based on token ID
With this change, token serial number is string "0...0000000<N>" over
16 characters, led with '0' and ending with token ID decimal value.
It is common for the client application to decide the slot to use
based on the token serial number. Therefore change the default value
to be based on the token ID to avoid having the same serial numbers
on every token.
Co-developed-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[jf: cast sizeof() to int in snprintf() with field with specifier '*']
Signed-off-by: Jerome Forissier <jerome@forissier.org>
show more ...
|
| d628ebd9 | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: set slot information to gpd.tee.deviceID if available
Use gpd.tee.deviceID to provide a device specific UUID as part of the
slot information (field with enough size for UUID).
Co-develo
ta: pkcs11: set slot information to gpd.tee.deviceID if available
Use gpd.tee.deviceID to provide a device specific UUID as part of the
slot information (field with enough size for UUID).
Co-developed-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| 29b0949a | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: remove unused variable token in entry_ck_slot_info()
Remove unused variable token in entry_ck_slot_info().
No functional change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro
ta: pkcs11: remove unused variable token in entry_ck_slot_info()
Remove unused variable token in entry_ck_slot_info().
No functional change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| aa442cde | 15-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: remove unused PIN encryption key functions
PINs are hashed with a salt instead of being encrypted with a secret
key. So remove the now unused management of these secret keys.
Acked-by:
ta: pkcs11: remove unused PIN encryption key functions
PINs are hashed with a salt instead of being encrypted with a secret
key. So remove the now unused management of these secret keys.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f7cc36c0 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT
Implements login/logout support.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carrier
ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT
Implements login/logout support.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 1dbb91e7 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_SET_PIN
PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.
Acked-by: Rouven Czerwinski <r.czerwinski@p
ta: pkcs11: implement command PKCS11_CMD_SET_PIN
PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| e8dbd92c | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_INIT_PIN
PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
b
ta: pkcs11: implement command PKCS11_CMD_INIT_PIN
PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
be logged to current session in order to call this function
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f485be04 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN
PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already
ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN
PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already done and destroy objects that can be. As objects are not yet
supported in the TA, this later feature is not implemented.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| e86828f4 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helper to update token persistent database
update_persistent_db() updates the persistent database or panics on
failure.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-deve
ta: pkcs11: helper to update token persistent database
update_persistent_db() updates the persistent database or panics on
failure.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 40bbca26 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: update PIN fields in struct token_persistent_main
Replaces the fields use to keep track of encrypted PINs with fields to
keep track of hashed PINs instead.
Acked-by: Rouven Czerwinski <
ta: pkcs11: update PIN fields in struct token_persistent_main
Replaces the fields use to keep track of encrypted PINs with fields to
keep track of hashed PINs instead.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| bef8bc68 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helpers for PIN hashing
Adds helpers to hash PIN and to verify the hash of a PIN. The PIN is
hashed together with user type and a generated salt. A used salt never
takes the value 0 so t
ta: pkcs11: helpers for PIN hashing
Adds helpers to hash PIN and to verify the hash of a PIN. The PIN is
hashed together with user type and a generated salt. A used salt never
takes the value 0 so that can be used to tell if a PIN is set.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 8e03579e | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion
Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
ca
ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion
Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
caller in PKCS#11 return code format.
The function returns PKCS11_CKR_GENERAL_ERROR for TEE_Result values that
do not strictly match a PKCS#11 return code.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 70224f58 | 05-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: drop derive from AES_ECB
Drop key derivation as a capability of mechanisms AES_ECB as not part
of the PKCS#11 specification.
Reported-by: Ricardo Salveti <ricardo@foundries.io>
Signed-o
ta: pkcs11: drop derive from AES_ECB
Drop key derivation as a capability of mechanisms AES_ECB as not part
of the PKCS#11 specification.
Reported-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 6459f267 | 08-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: fix MECHANISM_IDS to return OK when no output buffer
Fix PKCS11 TA command PKCS11_CMD_MECHANISM_IDS to handle case
where client provides a NULL buffer reference when querying the
list of
ta: pkcs11: fix MECHANISM_IDS to return OK when no output buffer
Fix PKCS11 TA command PKCS11_CMD_MECHANISM_IDS to handle case
where client provides a NULL buffer reference when querying the
list of supported mechanism IDs. In such case TA should return OK,
not PKCS11_CKR_BUFFER_TOO_SMALL.
This change is needed since commit [1] that makes an OP-TEE TA able
to receive memref parameters with a NULL buffer reference.
Link: [1] 20b567068a37 ("libutee: flag NULL pointer using invalid shm id")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| 226699cb | 02-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: remove inline comment about persistent object database
Remove inline comment that is not relevant since PKCS11 object
database is not implemented yet.
Signed-off-by: Etienne Carriere <e
ta: pkcs11: remove inline comment about persistent object database
Remove inline comment that is not relevant since PKCS11 object
database is not implemented yet.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| ee49d9f2 | 02-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: fixup header file inclusion ordering
Fix order of included header files where applicable.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r
ta: pkcs11: fixup header file inclusion ordering
Fix order of included header files where applicable.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| fce35058 | 02-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: fixup user id in init_pin_key()
Minor simplification of init_pin_keys() prototype. Change argument
unsigned int uid to enum pkcs11_user_type type since it's what is
provided by the calle
ta: pkcs11: fixup user id in init_pin_key()
Minor simplification of init_pin_keys() prototype. Change argument
unsigned int uid to enum pkcs11_user_type type since it's what is
provided by the called and expected by the function.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 6e4f8f17 | 12-Mar-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: session commands support
Add and remove session from session list owned by the client
session. Generate client session IDs using handle.c (produced
indices like starting from 1).
entry_
ta: pkcs11: session commands support
Add and remove session from session list owned by the client
session. Generate client session IDs using handle.c (produced
indices like starting from 1).
entry_ck_open_session(): uses set_session_state() to default
new session instances.
entry_ck_close_session() and entry_ck_close_all_sessions() use
close_ck_session() to factorize session resource release.
entry_ck_session_info() reads session state as when called.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| e084583e | 12-Mar-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: register a client instance for each opened TEE session
Each TEE session open toward the TA creates a client reference. It can
be used by command handlers to identify client. Client refer
ta: pkcs11: register a client instance for each opened TEE session
Each TEE session open toward the TA creates a client reference. It can
be used by command handlers to identify client. Client reference is
passed between TA and client library using the TEE session argument
in the GPD TEE Client API. Value used is the client instance address
in the TA (as a void *) and is abstracted with an opaque ID by OP-TEE
Core between being exposed to client.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| 22ada947 | 12-Mar-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: handle database for various client references
Dump core/kernel/handle.c into PKCS11 TA source tree with some
changes:
- Remove ptr_destructor() support,
- Adapt the TEE Internal APIs (I.
ta: pkcs11: handle database for various client references
Dump core/kernel/handle.c into PKCS11 TA source tree with some
changes:
- Remove ptr_destructor() support,
- Adapt the TEE Internal APIs (I.e. TEE_MemMove() instead of memcpy()),
- Produce 32bit IDs starting from 1, 0 is reserved as undefined reference.
Most handles return by the TA to the client are 32bit unsigned values
as per TA API. handle.c will manage these IDs.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|