src - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
f5c0739c	22-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add access check on new object when deriving/unwrapping Access check is also required on created attributes when a new object is created when deriving/unwrapping keys. Reviewed-by: Vesa ta: pkcs11: Add access check on new object when deriving/unwrapping Access check is also required on created attributes when a new object is created when deriving/unwrapping keys. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... processing.c
e3f0cb56	05-Jul-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for indirect templates Add support for handling indirect template - CKA_DERIVE_TEMPLATE and CKA_UNWRAP_TEMPLATE during key derivation/unwrapping. Reviewed-by: Vesa Jääskeläi ta: pkcs11: Add support for indirect templates Add support for handling indirect template - CKA_DERIVE_TEMPLATE and CKA_UNWRAP_TEMPLATE during key derivation/unwrapping. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... attributes.c attributes.h pkcs11_attributes.c
3668310b	05-Jul-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add implementation for unwrapping keys Add implementation for handling C_UnwrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.c ta: pkcs11: Add implementation for unwrapping keys Add implementation for handling C_UnwrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... entry.c processing.c processing.h processing_symm.c
5f80f270	25-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add implementation for wrapping keys Add implementation for handling C_WrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> ta: pkcs11: Add implementation for wrapping keys Add implementation for handling C_WrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... entry.c pkcs11_attributes.c pkcs11_attributes.h pkcs11_helpers.c pkcs11_token.c pkcs11_token.h processing.c processing.h processing_symm.c token_capabilities.c
06b47dc4	25-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add missing error codes Some error codes related with wrap, unwrap and random number API's were missing from the list. These have been added. Reviewed-by: Vesa Jääskeläinen <vesa.jaaske ta: pkcs11: Add missing error codes Some error codes related with wrap, unwrap and random number API's were missing from the list. These have been added. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/boot.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj_dyn_shm.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-hikey/conf.mk /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c /optee_os/core/arch/arm/plat-imx/registers/imx6-crm.h /optee_os/core/arch/arm/plat-imx/registers/imx6.h /optee_os/core/arch/arm/plat-imx/registers/imx8m-crm.h /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/plat-ls/link.mk /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-marvell/otx2/core_pos.S /optee_os/core/arch/arm/plat-marvell/platform_config.h /optee_os/core/arch/arm/plat-marvell/sub.mk /optee_os/core/arch/arm/plat-rcar/conf.mk /optee_os/core/arch/arm/plat-rcar/core_pos_a64.S /optee_os/core/arch/arm/plat-rcar/hw_rng.c /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rcar/rcar.h /optee_os/core/arch/arm/plat-rcar/romapi.c /optee_os/core/arch/arm/plat-rcar/romapi.h /optee_os/core/arch/arm/plat-rcar/romapi_call.S /optee_os/core/arch/arm/plat-rcar/sub.mk /optee_os/core/arch/arm/plat-zynq7k/main.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c /optee_os/core/drivers/crypto/caam/include/caam_utils_dmaobj.h /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_asn1_oid.h /optee_os/core/drivers/imx_i2c.c /optee_os/core/drivers/imx_rngb.c /optee_os/core/drivers/scif.c /optee_os/core/include/kernel/wait_queue.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/signed_hdr.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tpm.c /optee_os/core/kernel/user_ta.c /optee_os/core/kernel/wait_queue.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/lib/libtomcrypt/src/headers/tomcrypt_pk.h /optee_os/core/lib/libtomcrypt/src/headers/tomcrypt_private.h /optee_os/core/lib/libtomcrypt/src/pk/rsa/rsa_make_key.c /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/pta/hwrng.c /optee_os/core/pta/sub.mk /optee_os/core/tee/fs_dirfile.c /optee_os/core/tee/tadb.c /optee_os/core/tee/tee_ree_fs.c /optee_os/ldelf/ta_elf_rel.c /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libutee/include/rng_pta_client.h /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/mk/config.mk /optee_os/ta/pkcs11/include/pkcs11_ta.h pkcs11_helpers.c
fb279d8b	26-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for elliptic curve signing & verification Add support for performing elliptic curve signing & verification operations for: - ECDSA with supplied hash value - Multi stage SHA ta: pkcs11: Add support for elliptic curve signing & verification Add support for performing elliptic curve signing & verification operations for: - ECDSA with supplied hash value - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3 Elliptic Curve Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/ta/pkcs11/include/pkcs11_ta.h pkcs11_attributes.c pkcs11_helpers.c pkcs11_token.c pkcs11_token.h processing.c processing.h processing_asymm.c processing_ec.c sub.mk token_capabilities.c
02b16804	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for elliptic curve key pair generation Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3.5 Elliptic curve ta: pkcs11: Add support for elliptic curve key pair generation Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3.5 Elliptic curve key pair generation Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Co-developed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/scripts/dump_ec_curve_params.sh pkcs11_attributes.c processing.c processing.h processing_ec.c sub.mk token_capabilities.c
013934d8	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add generic support for key pair generation This commit only adds common key pair generation support code. Actual mechanism specific key pair generation codes are in their own commits. ta: pkcs11: Add generic support for key pair generation This commit only adds common key pair generation support code. Actual mechanism specific key pair generation codes are in their own commits. Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.13 Key management functions C_GenerateKeyPair Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/ta/pkcs11/include/pkcs11_ta.h entry.c pkcs11_attributes.c pkcs11_helpers.c processing.c processing.h
5e1d94eb	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add helper for setting up CKA_ID value When generating a new key pair object adds CKA_ID attribute from paired object template if value given. Reviewed-by: Etienne Carriere <etienne.car ta: pkcs11: Add helper for setting up CKA_ID value When generating a new key pair object adds CKA_ID attribute from paired object template if value given. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... pkcs11_attributes.c pkcs11_attributes.h
26b6badb	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Fix get_default_value/PKCS11_CKA_PUBLIC_KEY_INFO Default value for CKA_PUBLIC_KEY_INFO is empty unless asymmetric mechanism is specified. When asymmetric mechanism is specified it shoul ta: pkcs11: Fix get_default_value/PKCS11_CKA_PUBLIC_KEY_INFO Default value for CKA_PUBLIC_KEY_INFO is empty unless asymmetric mechanism is specified. When asymmetric mechanism is specified it should contribute the actual value. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... pkcs11_attributes.c
edd95148	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: CKA_SUBJECT is mandatory for keys but has default value When creating a new public/private key in its template it is not mandatory to have CKA_SUBJECT field. However in the object stored ta: pkcs11: CKA_SUBJECT is mandatory for keys but has default value When creating a new public/private key in its template it is not mandatory to have CKA_SUBJECT field. However in the object stored in it must be present. If CKA_SUBJECT is not present it will be given empty default value. In PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01: 4.8 Public key objects: CKA_SUBJECT -- DER-encoding of the key subject name (default empty) 4.9 Private key objects: CKA_SUBJECT -- DER-encoding of the key subject name (default empty) Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/.azure-pipelines.yml /optee_os/.travis.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/arm.h /optee_os/core/arch/arm/include/arm32.h /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/boot.h /optee_os/core/arch/arm/include/kernel/delay.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/kernel/tz_proc_def.h /optee_os/core/arch/arm/include/kernel/tz_ssvce_def.h /optee_os/core/arch/arm/include/kernel/vfp.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/mm/tee_pager.h /optee_os/core/arch/arm/include/optee_ffa.h /optee_os/core/arch/arm/include/sm/optee_smc.h /optee_os/core/arch/arm/include/sm/psci.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/misc_a32.S /optee_os/core/arch/arm/kernel/misc_a64.S /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/tee_time_arm_cntpct.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/kernel/thread_optee_smc_a32.S /optee_os/core/arch/arm/kernel/thread_private.h /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a32.S /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/crypto_conf.mk /optee_os/core/arch/arm/plat-imx/imx-regs.h /optee_os/core/arch/arm/plat-imx/pm/psci.c /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/crypto_conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-ls/sub.mk /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_clk.c /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/fvp_spmc_pm.c /optee_os/core/arch/arm/sm/psci.c /optee_os/core/drivers/crypto/caam/acipher/caam_dh.c /optee_os/core/drivers/crypto/caam/acipher/caam_dsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime_dsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime_rsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/caam/acipher/local.h /optee_os/core/drivers/crypto/caam/acipher/sub.mk /optee_os/core/drivers/crypto/caam/caam_ctrl.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c /optee_os/core/drivers/crypto/caam/hal/sub.mk /optee_os/core/drivers/crypto/caam/include/caam_acipher.h /optee_os/core/drivers/crypto/caam/include/caam_desc_ccb_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_helper.h /optee_os/core/drivers/crypto/caam/include/caam_trace.h /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/crypto_api/acipher/dh.c /optee_os/core/drivers/crypto/crypto_api/acipher/dsa.c /optee_os/core/drivers/crypto/crypto_api/acipher/sub.mk /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt.h /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/drivers/gic.c /optee_os/core/drivers/imx_wdog.c /optee_os/core/drivers/sp805_wdt.c /optee_os/core/include/bench.h /optee_os/core/include/drivers/imx/dcp.h /optee_os/core/include/drivers/imx_wdog.h /optee_os/core/include/drivers/ls_gpio.h /optee_os/core/include/drivers/ls_i2c.h /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/tzc380.h /optee_os/core/include/drivers/tzc400.h /optee_os/core/include/kernel/asan.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/pm.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/include/mm/fobj.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/mm/tee_mmu_types.h /optee_os/core/include/optee_msg.h /optee_os/core/include/optee_rpc_cmd.h /optee_os/core/include/tee/fs_htree.h /optee_os/core/include/tee/tee_fs.h /optee_os/core/include/tee/tee_fs_key_manager.h /optee_os/core/include/tee/tee_svc_storage.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/interrupt.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/zlib/zconf.h /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/mm/sub.mk /optee_os/core/mm/vm.c /optee_os/core/pta/scmi.c /optee_os/core/pta/sub.mk /optee_os/core/tee/entry_std.c /optee_os/core/tee/tee_pobj.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/core/tee/tee_svc_storage.c /optee_os/lib/libmbedtls/core/sm2-dsa.c /optee_os/lib/libmbedtls/core/sm2-pke.c /optee_os/lib/libmbedtls/mbedtls/library/md2.c /optee_os/lib/libmbedtls/mbedtls/library/md4.c /optee_os/lib/libmbedtls/mbedtls/library/md5.c /optee_os/lib/libmbedtls/mbedtls/library/ripemd160.c /optee_os/lib/libmbedtls/mbedtls/library/sha512.c /optee_os/lib/libutee/include/arm64_user_sysreg.h /optee_os/lib/libutee/include/arm_user_sysreg.h /optee_os/lib/libutee/include/pta_invoke_tests.h /optee_os/lib/libutee/include/pta_scmi_client.h /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/isoc/include/sys/queue.h /optee_os/mk/config.mk /optee_os/scripts/mem_usage.py pkcs11_attributes.c
ed8bece7	09-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Remove class and key check for indirect attributes In sanitize_indirect_attributes(), class and key check is performed to check that the indirect attribute is provided only for particula ta: pkcs11: Remove class and key check for indirect attributes In sanitize_indirect_attributes(), class and key check is performed to check that the indirect attribute is provided only for particular type of key objects. This check causes issue in case an indirect template further has pointer to another indirect template. It is not essential for an indirect template to have class and key attributes. When creating objects for classes which don't support the indirect template, this would result in scenario where error is not returned. However, the indirect attribute won't get added to the created object. This is inline with how the other attributes are dealt with currently. eg. if while creating a secret key, a public key attribute is passed, it is currently ignored rather than returning error. A probable fix is to check all the attributes in the user provided template with the attributes of the type of object which needs to be created. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... sanitize_object.c
02dbcc7e	13-Apr-2021	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: use a temporary list for object under creation This change removes the hacky handling of whether object was previously in a list of not. This is replaced by default registering pkcs11 ob ta: pkcs11: use a temporary list for object under creation This change removes the hacky handling of whether object was previously in a list of not. This is replaced by default registering pkcs11 objects in a temporary list at object allocation so it can be blindly removed from its list when destroyed and can be safely moved to its destination list (either a session object list or a token object list) when object is successfully created. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome@forissier.org> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> show more ... /optee_os/.azure-pipelines.yml /optee_os/core/arch/arm/include/kernel/abort.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/mm/tee_pager.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/unwind_arm64.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/mm/sub.mk /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-imx/crypto_conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/crypto_conf.mk /optee_os/core/arch/arm/plat-ls/platform_config.h /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-mediatek/platform_config.h /optee_os/core/arch/arm/plat-rcar/link.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/nsec-service/stm32mp1_svc_setup.c /optee_os/core/arch/arm/plat-stm32mp1/sub.mk /optee_os/core/arch/arm/tee/sub.mk /optee_os/core/drivers/bcm_sotp.c /optee_os/core/drivers/crypto/caam/acipher/caam_ecc.c /optee_os/core/drivers/crypto/caam/acipher/caam_math.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/caam/acipher/sub.mk /optee_os/core/drivers/crypto/caam/caam_ctrl.c /optee_os/core/drivers/crypto/caam/caam_desc.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_xts.c /optee_os/core/drivers/crypto/caam/cipher/local.h /optee_os/core/drivers/crypto/caam/hal/ls/registers/ctrl_regs.h /optee_os/core/drivers/crypto/caam/hash/caam_hash.c /optee_os/core/drivers/crypto/caam/hash/caam_hash_mac.c /optee_os/core/drivers/crypto/caam/hash/local.h /optee_os/core/drivers/crypto/caam/include/caam_acipher.h /optee_os/core/drivers/crypto/caam/include/caam_common.h /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_helper.h /optee_os/core/drivers/crypto/caam/include/caam_io.h /optee_os/core/drivers/crypto/caam/include/caam_jr_status.h /optee_os/core/drivers/crypto/caam/include/caam_status.h /optee_os/core/drivers/crypto/caam/include/caam_trace.h /optee_os/core/drivers/crypto/caam/include/caam_types.h /optee_os/core/drivers/crypto/caam/include/caam_utils_dmaobj.h /optee_os/core/drivers/crypto/caam/include/caam_utils_mem.h /optee_os/core/drivers/crypto/caam/include/caam_utils_sgt.h /optee_os/core/drivers/crypto/caam/include/caam_utils_status.h /optee_os/core/drivers/crypto/caam/utils/sub.mk /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/caam/utils/utils_mem.c /optee_os/core/drivers/crypto/caam/utils/utils_sgt.c /optee_os/core/drivers/crypto/caam/utils/utils_sgt_v1.c /optee_os/core/drivers/crypto/caam/utils/utils_sgt_v2.c /optee_os/core/drivers/crypto/caam/utils/utils_status.c /optee_os/core/drivers/crypto/se050/core/cipher.c /optee_os/core/drivers/scmi-msg/smt.c /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/kernel/early_ta.h /optee_os/core/include/kernel/embedded_ts.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/mm/fobj.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/mm/vm.h /optee_os/core/include/tee/entry_std.h /optee_os/core/include/tee/tee_fs_rpc.h /optee_os/core/kernel/early_ta.c /optee_os/core/kernel/embedded_ts.c /optee_os/core/kernel/pseudo_ta.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/secstor_ta.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/user_ta.c /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/mm/sub.mk /optee_os/core/mm/vm.c /optee_os/core/sub.mk /optee_os/core/tee/entry_std.c /optee_os/core/tee/sub.mk /optee_os/core/tee/tee_fs_rpc.c /optee_os/core/tee/tee_svc_cryp.c /optee_os/lib/libmbedtls/sub.mk /optee_os/mk/compile.mk /optee_os/mk/config.mk object.c
c95980b1	12-Mar-2021	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: fix comment stating no mechanism is supported Remove the inline comment that states the implementation does not yet support any mechanism as is it not true. Signed-off-by: Etienne Carri ta: pkcs11: fix comment stating no mechanism is supported Remove the inline comment that states the implementation does not yet support any mechanism as is it not true. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... token_capabilities.c
372064dc	10-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add restriction in C_GetAttributeValue() Support for getting indirect template attributes using C_GetAttributeValue() is not supported as of now. Explicitly return error if such attribut ta: pkcs11: Add restriction in C_GetAttributeValue() Support for getting indirect template attributes using C_GetAttributeValue() is not supported as of now. Explicitly return error if such attribute value is requested. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... object.c
196bcd93	10-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add sanitize function for symmetric keys The specification [1] mandates some rules for CKA_VALUE and CKA_VALUE_LEN for keys of type CKO_GENERIC_SECRET in Table 45, Table 47. These checks ta: pkcs11: Add sanitize function for symmetric keys The specification [1] mandates some rules for CKA_VALUE and CKA_VALUE_LEN for keys of type CKO_GENERIC_SECRET in Table 45, Table 47. These checks were missing in current implementation. Add explicit checks for this when creating such objects. [1] - PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11_attributes.c
0ac5c695	09-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Modify optional attributes for symmetric key CKA_VALUE_LEN attribute may not be required for some CKO_GENERIC_SECRET type keys eg CKK_DES etc. So, move the attribute from opt_or_null arr ta: pkcs11: Modify optional attributes for symmetric key CKA_VALUE_LEN attribute may not be required for some CKO_GENERIC_SECRET type keys eg CKK_DES etc. So, move the attribute from opt_or_null array to optional so that this attribute doesn't get added by default as NULL if not present in the user supplied template. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/plat-imx/registers/imx6.h /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/crypto.mk /optee_os/core/drivers/gic.c /optee_os/core/drivers/imx_rngb.c /optee_os/core/drivers/scmi-msg/base.c /optee_os/core/drivers/scmi-msg/clock.c /optee_os/core/drivers/scmi-msg/common.h /optee_os/core/drivers/scmi-msg/entry.c /optee_os/core/drivers/scmi-msg/reset_domain.c /optee_os/core/drivers/scmi-msg/smt.c /optee_os/core/drivers/scmi-msg/voltage_domain.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stpmic1.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/stpmic1.h /optee_os/core/include/mm/core_memprot.h /optee_os/core/kernel/pm.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/mk/config.mk pkcs11_attributes.c
eb88d2de	08-Mar-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Make it possible to disable support for C_DigestKey() By default C_DigestKey() functions as specified in specifciation. To disable the functionality: CFG_PKCS11_TA_ALLOW_DIGEST_KEY = n ta: pkcs11: Make it possible to disable support for C_DigestKey() By default C_DigestKey() functions as specified in specifciation. To disable the functionality: CFG_PKCS11_TA_ALLOW_DIGEST_KEY = n Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/mk/config.mk processing_digest.c
9e91a619	20-Feb-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for digest operations Implements support for digest operations as specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.10 Me ta: pkcs11: Add support for digest operations Implements support for digest operations as specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.10 Message digesting functions Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/ta/pkcs11/include/pkcs11_ta.h entry.c pkcs11_attributes.c pkcs11_attributes.h pkcs11_helpers.c processing.c processing.h processing_digest.c sub.mk token_capabilities.c
eb6141b6	28-Feb-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add API for releasing active processing When error condition is detected in Cryptoki API side in bad argument processing add support for terminating active processing to comply with the ta: pkcs11: Add API for releasing active processing When error condition is detected in Cryptoki API side in bad argument processing add support for terminating active processing to comply with the specification. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/ta/pkcs11/include/pkcs11_ta.h entry.c pkcs11_attributes.h pkcs11_helpers.c processing.c processing.h
c1cef3d9	21-Feb-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add debug helper for PKCS11_CKR_ATTRIBUTE_SENSITIVE Add debug symbol into return code table. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne ta: pkcs11: Add debug helper for PKCS11_CKR_ATTRIBUTE_SENSITIVE Add debug symbol into return code table. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... pkcs11_helpers.c
d05ab5fe	06-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Fix error code returned by entry_processing_key() check_parent_attrs_against_processing() checks if the right attributes are set in the key to be used for a cryptgraphic purpose. It retu ta: pkcs11: Fix error code returned by entry_processing_key() check_parent_attrs_against_processing() checks if the right attributes are set in the key to be used for a cryptgraphic purpose. It returns error - CKR_KEY_FUNCTION_NOT_PERMITTED if this is not the case. For C_DeriveKey(), C_UnwrapKey(), CKR_KEY_FUNCTION_NOT_PERMITTED is not specified in the error code list. So, for such errors return CKR_KEY_TYPE_INCONSISTENT instead. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/drivers/ls_dspi.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/ls_dspi.h /optee_os/lib/libutee/tee_api_objects.c processing.c
bc555ee0	14-Sep-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: relocate shared session object db to client session PKCS11 has concept of shared objects between different PKCS11 sessions which need to work. As in OP-TEE context there can be multiple ta: pkcs11: relocate shared session object db to client session PKCS11 has concept of shared objects between different PKCS11 sessions which need to work. As in OP-TEE context there can be multiple callers which should not share the objects use OP-TEE client session association to separate those from each other. Specified in: PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40 2.6 Sessions Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/abort.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/ldelf_loader.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_private.h /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/include/kernel/ldelf_loader.h /optee_os/core/include/kernel/linker.h /optee_os/core/include/kernel/pseudo_ta.h /optee_os/core/include/kernel/time_source.h /optee_os/core/include/kernel/timer.h /optee_os/core/include/kernel/unwind.h /optee_os/core/include/kernel/user_mode_ctx.h /optee_os/core/include/kernel/user_ta.h /optee_os/core/kernel/ldelf_syscalls.c /optee_os/core/kernel/user_access.c /optee_os/ldelf/main.c object.c object.h persistent_token.c pkcs11_token.c pkcs11_token.h
4dad6642	03-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Rename entry_derive_key() to make it more generic entry_derive_key() is renamed to entry_processing_key() and parameter is added to pass processing information to it. This is done becaus ta: pkcs11: Rename entry_derive_key() to make it more generic entry_derive_key() is renamed to entry_processing_key() and parameter is added to pass processing information to it. This is done because the flow for key derivation and key unwrapping is very similar and this function can be reused. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... entry.c processing.c processing.h
8c499324	03-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add function to set key data Earlier derive_key_by_symm_enc() was used to derive key by cipher operation and set the derived key value in the object attributes. Simplify it to just deriv ta: pkcs11: Add function to set key data Earlier derive_key_by_symm_enc() was used to derive key by cipher operation and set the derived key value in the object attributes. Simplify it to just derive the key and return the derived key value to calling function. Separate function is created to add this derived key value in the key object. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11_attributes.c pkcs11_attributes.h processing.c processing.h processing_symm.c
1 2 345 6 7 8 9 10