History log of /optee_os/ta/pkcs11/sub.mk (Results 1 – 9 of 9)
Revision Date Author Comments
# 8cf8403b 11-Dec-2024 Etienne Carriere <etienne.carriere@foss.st.com>

ta: pkcs11: default disable CFG_PKCS11_TA_RSA_X_509

Disable CFG_PKCS11_TA_RSA_X_509 in pkcs11 TA default configuration
since raw RSA signature (CKM_RSA_X_509) computation and verification
can be uns

ta: pkcs11: default disable CFG_PKCS11_TA_RSA_X_509

Disable CFG_PKCS11_TA_RSA_X_509 in pkcs11 TA default configuration
since raw RSA signature (CKM_RSA_X_509) computation and verification
can be unsafe. Target systems willing to embed its support (e.g. for
some TSL v1.2 support) will need to enable it explicitly.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...


# e02f17f3 24-Jul-2024 Alexandre Marechal <alexandre.marechal@st.com>

ta: pkcs11: add CKM_RSA_X_509 authentication

Add support for CKM_RSA_X_509 mechanism for sing/verify operations.

Sign and verify operations are processed using TEE decrypt/encrypt
operation since G

ta: pkcs11: add CKM_RSA_X_509 authentication

Add support for CKM_RSA_X_509 mechanism for sing/verify operations.

Sign and verify operations are processed using TEE decrypt/encrypt
operation since GP TEE Internal Core API specification only allows
these modes for TEE_ALG_RSA_NOPAD algorithm. The pkcs11 TA only support
sign operation when the provided payload is exactly of the same size
as the RSA key used and checks the generate signature is of right size.

This mechanism can be needed to support CKM_RSA_X_509 for TLSv1.2
connections.

Add CFG_PKCS11_TA_RSA_X_509 to allow configuring the pkcs11 TA
with or without raw RSA crypto support. The config switch is default
enabled.

Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...


# 69de4b2d 08-Jan-2024 Etienne Carriere <etienne.carriere@foss.st.com>

ta: pkcs11: default enable key check value support

Default enable support for key check value attribute in pkcs11 TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne

ta: pkcs11: default enable key check value support

Default enable support for key check value attribute in pkcs11 TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...


# bcac2127 24-Nov-2023 Marouene Boubakri <marouene.boubakri@nxp.com>

ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE

Add PKCS11_CKA_CHECK_VALUE as an optional attribute of symmetric
key and certificate objects . As per the PKCS#11 specification, key
c

ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE

Add PKCS11_CKA_CHECK_VALUE as an optional attribute of symmetric
key and certificate objects . As per the PKCS#11 specification, key
check value attribute is optional therefore add pkcs11 TA configuration
switch CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE to embed or not the support.

When supported, as per the spec, the attribute can be either the
legitimate value recomputed by the PKCS#11 token or a zero-sized value
called a no-value for when client does not want the attribute to set
in an object.

This change adds the support for the pcks11 TA commands related to
Cryptoki API functions C_GenerateKey(), C_CreateObject(), C_CopyObject(),
C_SetAttributeValue(), C_UnwrapKey() and C_DeriveKey(). TA command
related to C_FindOjects() support the attribute without any change.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...


# 5818fdfd 07-Dec-2021 Sahil Malhotra <sahil.malhotra@nxp.com>

ta: pkcs11: increase default heap size to 32kB

In some test cases, 16kB memory configured is not enough, specifically
while generating RSA keys, so increasing the default heap size to 32kB.

Signed-

ta: pkcs11: increase default heap size to 32kB

In some test cases, 16kB memory configured is not enough, specifically
while generating RSA keys, so increasing the default heap size to 32kB.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


# 95636b36 25-Aug-2021 Etienne Carriere <etienne.carriere@linaro.org>

ta: pkcs11: make heap size configurable

Add a configuration switch for the PKCS11 TA heap size defaulting
to 16kB as legacy.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-b

ta: pkcs11: make heap size configurable

Add a configuration switch for the PKCS11 TA heap size defaulting
to 16kB as legacy.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


# edce8377 25-Aug-2021 Etienne Carriere <etienne.carriere@linaro.org>

ta: pkcs11: describe CFG_PKCS11_TA_TOKEN_COUNT

Add a default value and a description for PKCS11 TA config switch
CFG_PKCS11_TA_TOKEN_COUNT in ta/pkcs11/sub.mk.

Signed-off-by: Etienne Carriere <etie

ta: pkcs11: describe CFG_PKCS11_TA_TOKEN_COUNT

Add a default value and a description for PKCS11 TA config switch
CFG_PKCS11_TA_TOKEN_COUNT in ta/pkcs11/sub.mk.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


# 06bc8d19 25-Aug-2021 Etienne Carriere <etienne.carriere@linaro.org>

ta: pkcs11: move default config to ta sub.mk

Move PKCS#11 TA default configuration settings from mk/config.mk
to ta/pkcs11/sub.mk.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Revi

ta: pkcs11: move default config to ta sub.mk

Move PKCS#11 TA default configuration settings from mk/config.mk
to ta/pkcs11/sub.mk.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


# f8a3a2c4 11-Jan-2019 Etienne Carriere <etienne.carriere@linaro.org>

ta: pkcs11: base for PKCS#11 services and TA API

PKCS11 TA aims at providing PKCS#11 compliant services through a
trusted application operating as a secure service provider. This
is the first step f

ta: pkcs11: base for PKCS#11 services and TA API

PKCS11 TA aims at providing PKCS#11 compliant services through a
trusted application operating as a secure service provider. This
is the first step for the PKCS#11 TA that introduces the TA skeleton
source file tree.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...