pkcs11 - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
df017b2b	10-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: forbid change of CKA_PRIVATE from true to false on object copy In C_CopyObject(), forbid copying of an object with a template which attempts to change the attribute CKA_PRIVATE from true ta: pkcs11: forbid change of CKA_PRIVATE from true to false on object copy In C_CopyObject(), forbid copying of an object with a template which attempts to change the attribute CKA_PRIVATE from true to false. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_attributes.c
bc09507c	09-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for copying objects Implement command PKCS11_CMD_COPY_OBJECT. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro. ta: pkcs11: Add support for copying objects Implement command PKCS11_CMD_COPY_OBJECT. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... include/pkcs11_ta.h src/entry.c src/object.c src/object.h src/pkcs11_helpers.c
2d25a9bc	09-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for modifying objects Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carrie ta: pkcs11: Add support for modifying objects Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/.shippable.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/fsl-lx2160a-qds.dts /optee_os/core/arch/arm/dts/fsl-lx2160a-rdb.dts /optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/kernel/cache_helpers.h /optee_os/core/arch/arm/include/kernel/linker.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummy.ld /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c /optee_os/core/arch/arm/plat-imx/registers/imx6-dcp.h /optee_os/core/arch/arm/plat-imx/registers/imx6.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-ls/platform_config.h /optee_os/core/crypto.mk /optee_os/core/crypto/sm2-kdf.c /optee_os/core/crypto/sub.mk /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/adaptors/include/se050_utils.h /optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c /optee_os/core/drivers/crypto/se050/core/cipher.c /optee_os/core/drivers/crypto/se050/core/ctr.c /optee_os/core/drivers/crypto/se050/core/rsa.c /optee_os/core/drivers/crypto/se050/glue/i2c.c /optee_os/core/drivers/crypto/se050/session.c /optee_os/core/drivers/imx/dcp/dcp.c /optee_os/core/drivers/imx/dcp/dcp_huk.c /optee_os/core/drivers/imx/dcp/dcp_utils.c /optee_os/core/drivers/imx/dcp/include/dcp_utils.h /optee_os/core/drivers/imx/dcp/include/local.h /optee_os/core/drivers/imx/dcp/sub.mk /optee_os/core/drivers/imx/sub.mk /optee_os/core/drivers/sub.mk /optee_os/core/include/crypto/sm2-kdf.h /optee_os/core/include/drivers/imx/dcp.h /optee_os/core/include/kernel/huk_subkey.h /optee_os/core/include/optee_rpc_cmd.h /optee_os/core/include/tee/tee_supp_plugin_rpc.h /optee_os/core/lib/libtomcrypt/acipher_helpers.h /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/lib/libtomcrypt/sm2-kep.c /optee_os/core/lib/libtomcrypt/sm2-pke.c /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/libtomcrypt/tomcrypt.c /optee_os/core/pta/system.c /optee_os/core/tee/sub.mk /optee_os/core/tee/tee_supp_plugin_rpc.c /optee_os/core/tee/tee_svc_cryp.c /optee_os/lib/libmbedtls/core/aes_cbc.c /optee_os/lib/libmbedtls/core/aes_ctr.c /optee_os/lib/libmbedtls/core/aes_ecb.c /optee_os/lib/libmbedtls/core/dh.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libmbedtls/core/mbed_helpers.c /optee_os/lib/libmbedtls/core/mbed_helpers.h /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libmbedtls/core/sm2-dsa.c /optee_os/lib/libmbedtls/core/sm2-dsa.h /optee_os/lib/libmbedtls/core/sm2-kep.c /optee_os/lib/libmbedtls/core/sm2-pke.c /optee_os/lib/libmbedtls/core/sm2-pke.h /optee_os/lib/libmbedtls/core/sub.mk /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/library/ecp.c /optee_os/lib/libmbedtls/mbedtls/library/ecp_curves.c /optee_os/lib/libutee/include/pta_system.h /optee_os/lib/libutee/include/tee_internal_api_extensions.h /optee_os/lib/libutee/tee_system_pta.c /optee_os/lib/libutee/tee_tcpudp_socket.c /optee_os/ta/avb/entry.c include/pkcs11_ta.h src/attributes.c src/attributes.h src/entry.c src/object.c src/object.h src/pkcs11_attributes.c src/pkcs11_attributes.h src/pkcs11_helpers.c
3bf0e097	22-Jan-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta/pkcs11: Use LIST_FOREACH_SAFE when removing objects from list When traversing object list to remove objects, use LIST_FOREACH_SAFE to avoid segmentation fault. Signed-off-by: Ruchika Gupta <ruch ta/pkcs11: Use LIST_FOREACH_SAFE when removing objects from list When traversing object list to remove objects, use LIST_FOREACH_SAFE to avoid segmentation fault. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... src/pkcs11_token.c
db0f45f3	20-Jan-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: add debug string for PKCS11_CKA_KEY_GEN_MECHANISM Add missing attribute debug string for PKCS11_CKA_KEY_GEN_MECHANISM. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: ta: pkcs11: add debug string for PKCS11_CKA_KEY_GEN_MECHANISM Add missing attribute debug string for PKCS11_CKA_KEY_GEN_MECHANISM. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_helpers.c
46900d03	02-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Fix serialization handling for non-indirect attributes Both sides of serialization and de-serialization must match the logic. Only TEMPLATE based arguments has indirect attributes so de ta: pkcs11: Fix serialization handling for non-indirect attributes Both sides of serialization and de-serialization must match the logic. Only TEMPLATE based arguments has indirect attributes so detect them and handle them specifically. Otherwise use standard attribute handling code for other attributes. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_helpers.c src/pkcs11_helpers.h src/sanitize_object.c
f3178382	31-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: get_attribute: fix return value when querying value size When C_GetAttributeValue() is issued with attribute with pValue == NULL: - Size of the attribute value should be returned - Retur ta: pkcs11: get_attribute: fix return value when querying value size When C_GetAttributeValue() is issued with attribute with pValue == NULL: - Size of the attribute value should be returned - Return value should be CKR_OK If pValue != NULL and value does not fit then CKR_BUFFER_TOO_SMALL should be returned. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/object.c
d17c25d2	29-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: get_attribute: fix returning values into larger buffer It is completely fine for callee to allocate more memory than what is needed. Now attributes value is wholly copied and copied dat ta: pkcs11: get_attribute: fix returning values into larger buffer It is completely fine for callee to allocate more memory than what is needed. Now attributes value is wholly copied and copied data amount is returned. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/attributes.c src/attributes.h
18cbc7a2	16-Sep-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: fix get attribute data alignment problem In OP-TEE there is no behind the scenes handler that would fix data alignment problems. Use aligned variables when accessing struct variables. ta: pkcs11: fix get attribute data alignment problem In OP-TEE there is no behind the scenes handler that would fix data alignment problems. Use aligned variables when accessing struct variables. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/CHANGELOG.md /optee_os/core/arch/arm/include/kernel/boot.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link_dummies_init.c /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/include/kernel/rpc_io_i2c.h /optee_os/core/include/optee_rpc_cmd.h /optee_os/core/pta/sub.mk /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/isoc/include/sys/queue.h /optee_os/lib/libutils/isoc/sub.mk /optee_os/mk/config.mk /optee_os/ta/arch/arm/link.mk /optee_os/ta/mk/build-user-ta.mk src/object.c
fa1ac767	15-Jan-2021	Robin van der Gracht <robin@protonic.nl>	ta: pkcs11: Don't load objects that don't match the search during find Don't load all persistent object attributes in find_objects_init(). Instead, temporary load object attributes and release them ta: pkcs11: Don't load objects that don't match the search during find Don't load all persistent object attributes in find_objects_init(). Instead, temporary load object attributes and release them if not matching the current search. Move object attribute loading from token_obj_matches_ref() to load_persistent_object_attributes() and introduce counterpart release_persistent_object_attributes(). Changes attributes_match_reference() to always return true when reference is empty (match all case). Remove token_obj_matches_ref() since attributes_match_reference() can be called straight from load_persistent_object_attributes(). Signed-off-by: Robin van der Gracht <robin@protonic.nl> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/core/arch/arm/plat-imx/drivers/imx_snvs.c /optee_os/core/drivers/imx_wdog.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/ta/arch/arm/link.mk src/attributes.c src/object.c src/persistent_token.c src/pkcs11_token.h
89735787	12-Jan-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Deal with the private objects in C_Logout The logic to deal with the private objects was missing in the C_Logout() implementation. PKCS#11 specification states that : When C_Logout succe ta: pkcs11: Deal with the private objects in C_Logout The logic to deal with the private objects was missing in the C_Logout() implementation. PKCS#11 specification states that : When C_Logout successfully executes, any of the application’s handles to private objects should become invalid (even if a user is later logged back into the token, those handles remain invalid). In addition, all private session objects from sessions belonging to the application should also be destroyed. In addition, also release any ongoing cryptographic or object-finding operations that may be associated with the session while logging out. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... src/pkcs11_attributes.c src/pkcs11_attributes.h src/pkcs11_token.c
355d722a	12-Jan-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Reduce the minimum pin length required SoftHSM Unit test suite passes a 4 byte pin while initializing pin. Since current implementation restricts the minimum pin length to 10, C_InitPin( ta: pkcs11: Reduce the minimum pin length required SoftHSM Unit test suite passes a 4 byte pin while initializing pin. Since current implementation restricts the minimum pin length to 10, C_InitPin() fails resulting in the testcases to be aborted. Reduce the minimum pin length requirement inorder to run the SoftHSM test suite. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... src/pkcs11_token.h
5db0fef4	12-Jan-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Access check for private objects Private objects of a session/token are accessible only in a R/O or R/W user session i.e if a user is logged in. R/O or R/W public session or a R/W SO ses ta: pkcs11: Access check for private objects Private objects of a session/token are accessible only in a R/O or R/W user session i.e if a user is logged in. R/O or R/W public session or a R/W SO session cannot access these private objects. Check for SO session was missing in the logic when checking for access of private objects. This has now been added. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/tee/tee_svc_storage.c src/pkcs11_attributes.c
783c1515	13-Jan-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for getting object size and attribute value Implement commands - PKCS11_CMD_GET_OBJECT_SIZE - PKCS11_CMD_GET_ATTRIBUTE_VALUE Co-developed-by: Etienne Carriere <etienne.carri ta: pkcs11: Add support for getting object size and attribute value Implement commands - PKCS11_CMD_GET_OBJECT_SIZE - PKCS11_CMD_GET_ATTRIBUTE_VALUE Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Co-developed-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... include/pkcs11_ta.h src/entry.c src/object.c src/object.h src/pkcs11_attributes.c src/pkcs11_attributes.h src/pkcs11_helpers.c
dc99b202	22-Dec-2020	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for finding objects Implement commands - PKCS11_CMD_FIND_OBJECTS_INIT - PKCS11_CMD_FIND_OBJECTS - PKCS11_CMD_FIND_OBJECTS_FINAL Co-developed-by: Etienne Carriere <etienne.ca ta: pkcs11: Add support for finding objects Implement commands - PKCS11_CMD_FIND_OBJECTS_INIT - PKCS11_CMD_FIND_OBJECTS - PKCS11_CMD_FIND_OBJECTS_FINAL Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Co-developed-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/attributes.c src/attributes.h src/entry.c src/object.c src/object.h src/pkcs11_helpers.c src/pkcs11_token.c src/pkcs11_token.h
c2f85e81	22-Dec-2020	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: define TA commands for finding objects Adds commands - PKCS11_CMD_FIND_OBJECTS_INIT - PKCS11_CMD_FIND_OBJECTS - PKCS11_CMD_FIND_OBJECTS_FINAL in enum pkcs11_ta_cmd. Co-developed-by: Eti ta: pkcs11: define TA commands for finding objects Adds commands - PKCS11_CMD_FIND_OBJECTS_INIT - PKCS11_CMD_FIND_OBJECTS - PKCS11_CMD_FIND_OBJECTS_FINAL in enum pkcs11_ta_cmd. Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Co-developed-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/lib/libutee/arch/arm/user_ta_entry.c include/pkcs11_ta.h
7f12c782	06-Jan-2021	Robin van der Gracht <robin@protonic.nl>	ta: pkcs11: Remove persistent objects on token re-initialization When re-initializing a token the previously created objects need to be removed. Signed-off-by: Robin van der Gracht <robin@protonic. ta: pkcs11: Remove persistent objects on token re-initialization When re-initializing a token the previously created objects need to be removed. Signed-off-by: Robin van der Gracht <robin@protonic.nl> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... src/object.c src/object.h src/pkcs11_token.c
1a27b197	21-Oct-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add TEE Identity based authentication support In C_InitToken() if PIN is NULL_PTR then it will activate TEE Identity based authentication support for token. Once activated: - When ever ta: pkcs11: Add TEE Identity based authentication support In C_InitToken() if PIN is NULL_PTR then it will activate TEE Identity based authentication support for token. Once activated: - When ever PIN is required client's TEE Identity will be used for authentication - PIN failure counters are disabled - If new PIN is given as input it is in form of PIN ACL string - It can be disabled with C_InitToken with non-zero PIN Internally protected authentication path will be used for mode determination. Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/mk/config.mk include/pkcs11_ta.h src/persistent_token.c src/pkcs11_token.c src/pkcs11_token.h
1e497011	21-Oct-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: set_pin: use token shortcut like in other pin functions Use common shortcut variable 'token' as in check_so_pin and check_user_pin. Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org> Re ta: pkcs11: set_pin: use token shortcut like in other pin functions Use common shortcut variable 'token' as in check_so_pin and check_user_pin. Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_token.c
12253e9e	21-Oct-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: entry_ck_token_initialize: reset SO flags on init If successful token init has been performed and new PIN is set then reset all pin change flags. Call update_persistent_db() only once a ta: pkcs11: entry_ck_token_initialize: reset SO flags on init If successful token init has been performed and new PIN is set then reset all pin change flags. Call update_persistent_db() only once as a last step during the execution. Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_token.c
974adb9f	14-Dec-2020	Robin van der Gracht <robin@protonic.nl>	pkcs11: persistent_token: Don't read token object UUIDs if we have none Do not call TEE_ReadObjectData() when there is no object data to read because the function panics when reading 0 bytes. Revie pkcs11: persistent_token: Don't read token object UUIDs if we have none Do not call TEE_ReadObjectData() when there is no object data to read because the function panics when reading 0 bytes. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Robin van der Gracht <robin@protonic.nl> show more ... src/persistent_token.c
a3c511df	07-Jan-2021	Robin van der Gracht <robin@protonic.nl>	ta: pkcs11: Change sizeof argument for consistency The bytes subtracted here were added a few lines ago. Since db_objs was used there we should also do this here for readability. Reviewed-by: Etie ta: pkcs11: Change sizeof argument for consistency The bytes subtracted here were added a few lines ago. Since db_objs was used there we should also do this here for readability. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Robin van der Gracht <robin@protonic.nl> show more ... /optee_os/.shippable.yml /optee_os/core/arch/arm/include/kernel/ldelf_loader.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/tee/arch_svc.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/ldelf_loader.c /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/crypto_conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_snvs.c /optee_os/core/arch/arm/plat-imx/link.mk /optee_os/core/arch/arm/plat-rzn1/link.mk /optee_os/core/arch/arm/plat-vexpress/platform_config.h /optee_os/core/arch/arm/tee/arch_svc.c /optee_os/core/drivers/crypto/se050/adaptors/apis/apdu.c /optee_os/core/drivers/crypto/se050/adaptors/include/se050_apdu_apis.h /optee_os/core/drivers/crypto/se050/adaptors/include/se050_utils.h /optee_os/core/drivers/crypto/se050/adaptors/utils/utils.c /optee_os/core/drivers/crypto/se050/core/ecc.c /optee_os/core/drivers/crypto/se050/core/sub.mk /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/include/kernel/handle.h /optee_os/core/include/kernel/ldelf_syscalls.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/kernel/handle.c /optee_os/core/kernel/ldelf_syscalls.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/pta/system.c /optee_os/core/pta/tests/misc.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/ldelf/include/ldelf.h /optee_os/ldelf/include/ldelf_syscalls.h /optee_os/ldelf/start_a32.S /optee_os/ldelf/start_a64.S /optee_os/ldelf/sub.mk /optee_os/ldelf/sys.c /optee_os/ldelf/sys.h /optee_os/ldelf/syscalls_a32.S /optee_os/ldelf/syscalls_a64.S /optee_os/ldelf/syscalls_asm.S /optee_os/ldelf/ta_elf.c /optee_os/lib/libutee/trace_ext.c /optee_os/lib/libutils/isoc/bget.c /optee_os/lib/libutils/isoc/bget.h /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/config.mk src/persistent_token.c /optee_os/ta/ta.mk
fab91492	29-Dec-2020	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add more checks before destroying object in a session Few checks were missing in the implementaion of C_DestroyObject() as per PKCS#11 Specification. These have been added now. These che ta: pkcs11: Add more checks before destroying object in a session Few checks were missing in the implementaion of C_DestroyObject() as per PKCS#11 Specification. These have been added now. These checks are - only session objects can be destroyed during a read only session - only public objects can be destroyed unless the normal user is logged in - Certain objects may not be destroyed. Calling C_DestroyObject on such objects will result in the CKR_ACTION_PROHIBITED error code. An application can consult the object's CKA_DESTROYABLE attribute to determine if an object may be destroyed or not. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... src/object.c
08774c86	31-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Fix return value when trying to open parallel session It is mandatory to have CKF_SERIAL_SESSION set when invoking C_OpenSession(). When omitted CKR_SESSION_PARALLEL_NOT_SUPPORTED must b ta: pkcs11: Fix return value when trying to open parallel session It is mandatory to have CKF_SERIAL_SESSION set when invoking C_OpenSession(). When omitted CKR_SESSION_PARALLEL_NOT_SUPPORTED must be returned. Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.6 Session management functions C_OpenSession Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/core/drivers/crypto/se050/core/rsa.c include/pkcs11_ta.h src/pkcs11_helpers.c src/pkcs11_token.c
b68aca61	24-Dec-2020	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Check for CKA_PRIVATE when creating objects PKCS#11 Specification[1] states that Private session/token objects cannot be created in Public sessions. So, add a check for access type when ta: pkcs11: Check for CKA_PRIVATE when creating objects PKCS#11 Specification[1] states that Private session/token objects cannot be created in Public sessions. So, add a check for access type when creating objects. [1] PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40 (Table 3 - ACCESS TO DIFFERENT TYPES OBJECTS BY DIFFERENT TYPES OF SESSIONS) Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/object.c
1 2 3 4 567 8 9 10 11