| ddf63ac3 | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: add id-to-string conversion for new TA commands
Add missing user authentication commands id-to-string conversion.
Add new import/destroy commands id-to-string conversion.
Reviewed-by: R
ta: pkcs11: add id-to-string conversion for new TA commands
Add missing user authentication commands id-to-string conversion.
Add new import/destroy commands id-to-string conversion.
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| c4524bfd | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: define TA commands for object creation/destruction
Add commands PKCS11_CMD_IMPORT_OBJECT and PKCS11_CMD_DESTROY_OBJECT
in enum pkcs11_ta_cmd.
Reviewed-by: Ricardo Salveti <ricardo@found
ta: pkcs11: define TA commands for object creation/destruction
Add commands PKCS11_CMD_IMPORT_OBJECT and PKCS11_CMD_DESTROY_OBJECT
in enum pkcs11_ta_cmd.
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 30137c73 | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: add vendor mechanism used for object import
Add PKCS11_PROCESSING_IMPORT and PKCS11_CKM_UNDEFINED_ID in
enum pkcs11_mechanism_id.
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Rev
ta: pkcs11: add vendor mechanism used for object import
Add PKCS11_PROCESSING_IMPORT and PKCS11_CKM_UNDEFINED_ID in
enum pkcs11_mechanism_id.
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 91e3f627 | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: add attributes/class/key type IDs in TA API
Add attributes/class/key type IDs in TA API.
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski
ta: pkcs11: add attributes/class/key type IDs in TA API
Add attributes/class/key type IDs in TA API.
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 457af86f | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: add object attribute ABI in TA header file
Define the ABI used to exchange attributes and lists of attributes
between the PKCS11 TA and its client.
Reviewed-by: Ricardo Salveti <ricardo
ta: pkcs11: add object attribute ABI in TA header file
Define the ABI used to exchange attributes and lists of attributes
between the PKCS11 TA and its client.
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 7b69686a | 15-May-2020 |
Markus S. Wamser <github-dev@mail2013.wamser.eu> |
ta: simple typo fixes in comments in ta/pkcs11 tree
* changed "a input" to "an input" in pcks11_ta.h
* changed "the the" to "if the" in handle.c
Signed-off-by: Markus S. Wamser <github-dev@mail2013
ta: simple typo fixes in comments in ta/pkcs11 tree
* changed "a input" to "an input" in pcks11_ta.h
* changed "the the" to "if the" in handle.c
Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| eb8fd7b9 | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pksc11: update for trace and command exit
Use character flag '#' instead of plain "0x" prefix.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome
ta: pksc11: update for trace and command exit
Use character flag '#' instead of plain "0x" prefix.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 0ee58d15 | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: rename PKCS11_UNAVAILABLE_INFORMATION
Rename PKCS11_UNAVAILABLE_INFORMATION to PKCS11_CK_UNAVAILABLE_INFORMATION
as it relates to Cryptoki CK_UNAVAILABLE_INFORMATION identifier.
Reviewe
ta: pkcs11: rename PKCS11_UNAVAILABLE_INFORMATION
Rename PKCS11_UNAVAILABLE_INFORMATION to PKCS11_CK_UNAVAILABLE_INFORMATION
as it relates to Cryptoki CK_UNAVAILABLE_INFORMATION identifier.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[jw: fixup PKCS11_UNDEFINED_ID]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| c4108388 | 22-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: token_capabilities.h: add missing includes
Adds missing includes in token_capabilities.h.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jer
ta: pkcs11: token_capabilities.h: add missing includes
Adds missing includes in token_capabilities.h.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 39b43b78 | 04-May-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: replace complicated params pointer calculation
Replaces params pointer calculations on the form
ctrl = ¶ms[0];
out = ¶ms[2];
with a plain
ctrl = params;
out = params + 2;
in all
ta: pkcs11: replace complicated params pointer calculation
Replaces params pointer calculations on the form
ctrl = ¶ms[0];
out = ¶ms[2];
with a plain
ctrl = params;
out = params + 2;
in all entry function still using this form.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 4daf39b3 | 23-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: use enum pkcs11_rc instead of uint32_t
Uses enum pkcs11_rc instead of uint32_t where appropriate, that is, as
function return type and local return value type.
Reviewed-by: Rouven Czerw
ta: pkcs11: use enum pkcs11_rc instead of uint32_t
Uses enum pkcs11_rc instead of uint32_t where appropriate, that is, as
function return type and local return value type.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f40f331f | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: use serialargs_get_session_from_handle()
Change command processing entry functions to use helper function
serialargs_get_session_from_handle() to get session from the
session handle seri
ta: pkcs11: use serialargs_get_session_from_handle()
Change command processing entry functions to use helper function
serialargs_get_session_from_handle() to get session from the
session handle serialized input argument instead of the 2 step
serialargs_get()/pkcs11_handle2session().
No functional change as current functions always first checked
session validity prior other arguments validity, assuming client
arguments were well serialized.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 3158faf6 | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: helper function to get session from serial arguments
Add helper function serialargs_get_session_from_handle() to get
session instance from a 32bit session handle value in the
client seri
ta: pkcs11: helper function to get session from serial arguments
Add helper function serialargs_get_session_from_handle() to get
session instance from a 32bit session handle value in the
client serialized arguments.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 02b4d42a | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: set default token serial number based on token ID
With this change, token serial number is string "0...0000000<N>" over
16 characters, led with '0' and ending with token ID decimal value
ta: pkcs11: set default token serial number based on token ID
With this change, token serial number is string "0...0000000<N>" over
16 characters, led with '0' and ending with token ID decimal value.
It is common for the client application to decide the slot to use
based on the token serial number. Therefore change the default value
to be based on the token ID to avoid having the same serial numbers
on every token.
Co-developed-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[jf: cast sizeof() to int in snprintf() with field with specifier '*']
Signed-off-by: Jerome Forissier <jerome@forissier.org>
show more ...
|
| d628ebd9 | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: set slot information to gpd.tee.deviceID if available
Use gpd.tee.deviceID to provide a device specific UUID as part of the
slot information (field with enough size for UUID).
Co-develo
ta: pkcs11: set slot information to gpd.tee.deviceID if available
Use gpd.tee.deviceID to provide a device specific UUID as part of the
slot information (field with enough size for UUID).
Co-developed-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| 29b0949a | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: remove unused variable token in entry_ck_slot_info()
Remove unused variable token in entry_ck_slot_info().
No functional change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro
ta: pkcs11: remove unused variable token in entry_ck_slot_info()
Remove unused variable token in entry_ck_slot_info().
No functional change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| aa442cde | 15-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: remove unused PIN encryption key functions
PINs are hashed with a salt instead of being encrypted with a secret
key. So remove the now unused management of these secret keys.
Acked-by:
ta: pkcs11: remove unused PIN encryption key functions
PINs are hashed with a salt instead of being encrypted with a secret
key. So remove the now unused management of these secret keys.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f7cc36c0 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT
Implements login/logout support.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carrier
ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT
Implements login/logout support.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 1dbb91e7 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_SET_PIN
PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.
Acked-by: Rouven Czerwinski <r.czerwinski@p
ta: pkcs11: implement command PKCS11_CMD_SET_PIN
PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| e8dbd92c | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_INIT_PIN
PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
b
ta: pkcs11: implement command PKCS11_CMD_INIT_PIN
PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
be logged to current session in order to call this function
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f485be04 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN
PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already
ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN
PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already done and destroy objects that can be. As objects are not yet
supported in the TA, this later feature is not implemented.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| e86828f4 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helper to update token persistent database
update_persistent_db() updates the persistent database or panics on
failure.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-deve
ta: pkcs11: helper to update token persistent database
update_persistent_db() updates the persistent database or panics on
failure.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 40bbca26 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: update PIN fields in struct token_persistent_main
Replaces the fields use to keep track of encrypted PINs with fields to
keep track of hashed PINs instead.
Acked-by: Rouven Czerwinski <
ta: pkcs11: update PIN fields in struct token_persistent_main
Replaces the fields use to keep track of encrypted PINs with fields to
keep track of hashed PINs instead.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| bef8bc68 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helpers for PIN hashing
Adds helpers to hash PIN and to verify the hash of a PIN. The PIN is
hashed together with user type and a generated salt. A used salt never
takes the value 0 so t
ta: pkcs11: helpers for PIN hashing
Adds helpers to hash PIN and to verify the hash of a PIN. The PIN is
hashed together with user type and a generated salt. A used salt never
takes the value 0 so that can be used to tell if a PIN is set.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 8e03579e | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion
Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
ca
ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion
Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
caller in PKCS#11 return code format.
The function returns PKCS11_CKR_GENERAL_ERROR for TEE_Result values that
do not strictly match a PKCS#11 return code.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|