| 7b69686a | 15-May-2020 |
Markus S. Wamser <github-dev@mail2013.wamser.eu> |
ta: simple typo fixes in comments in ta/pkcs11 tree
* changed "a input" to "an input" in pcks11_ta.h
* changed "the the" to "if the" in handle.c
Signed-off-by: Markus S. Wamser <github-dev@mail2013
ta: simple typo fixes in comments in ta/pkcs11 tree
* changed "a input" to "an input" in pcks11_ta.h
* changed "the the" to "if the" in handle.c
Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| eb8fd7b9 | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pksc11: update for trace and command exit
Use character flag '#' instead of plain "0x" prefix.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome
ta: pksc11: update for trace and command exit
Use character flag '#' instead of plain "0x" prefix.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 0ee58d15 | 21-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: rename PKCS11_UNAVAILABLE_INFORMATION
Rename PKCS11_UNAVAILABLE_INFORMATION to PKCS11_CK_UNAVAILABLE_INFORMATION
as it relates to Cryptoki CK_UNAVAILABLE_INFORMATION identifier.
Reviewe
ta: pkcs11: rename PKCS11_UNAVAILABLE_INFORMATION
Rename PKCS11_UNAVAILABLE_INFORMATION to PKCS11_CK_UNAVAILABLE_INFORMATION
as it relates to Cryptoki CK_UNAVAILABLE_INFORMATION identifier.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[jw: fixup PKCS11_UNDEFINED_ID]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| c4108388 | 22-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: token_capabilities.h: add missing includes
Adds missing includes in token_capabilities.h.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jer
ta: pkcs11: token_capabilities.h: add missing includes
Adds missing includes in token_capabilities.h.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 39b43b78 | 04-May-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: replace complicated params pointer calculation
Replaces params pointer calculations on the form
ctrl = ¶ms[0];
out = ¶ms[2];
with a plain
ctrl = params;
out = params + 2;
in all
ta: pkcs11: replace complicated params pointer calculation
Replaces params pointer calculations on the form
ctrl = ¶ms[0];
out = ¶ms[2];
with a plain
ctrl = params;
out = params + 2;
in all entry function still using this form.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 4daf39b3 | 23-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: use enum pkcs11_rc instead of uint32_t
Uses enum pkcs11_rc instead of uint32_t where appropriate, that is, as
function return type and local return value type.
Reviewed-by: Rouven Czerw
ta: pkcs11: use enum pkcs11_rc instead of uint32_t
Uses enum pkcs11_rc instead of uint32_t where appropriate, that is, as
function return type and local return value type.
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f40f331f | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: use serialargs_get_session_from_handle()
Change command processing entry functions to use helper function
serialargs_get_session_from_handle() to get session from the
session handle seri
ta: pkcs11: use serialargs_get_session_from_handle()
Change command processing entry functions to use helper function
serialargs_get_session_from_handle() to get session from the
session handle serialized input argument instead of the 2 step
serialargs_get()/pkcs11_handle2session().
No functional change as current functions always first checked
session validity prior other arguments validity, assuming client
arguments were well serialized.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 3158faf6 | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: helper function to get session from serial arguments
Add helper function serialargs_get_session_from_handle() to get
session instance from a 32bit session handle value in the
client seri
ta: pkcs11: helper function to get session from serial arguments
Add helper function serialargs_get_session_from_handle() to get
session instance from a 32bit session handle value in the
client serialized arguments.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 02b4d42a | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: set default token serial number based on token ID
With this change, token serial number is string "0...0000000<N>" over
16 characters, led with '0' and ending with token ID decimal value
ta: pkcs11: set default token serial number based on token ID
With this change, token serial number is string "0...0000000<N>" over
16 characters, led with '0' and ending with token ID decimal value.
It is common for the client application to decide the slot to use
based on the token serial number. Therefore change the default value
to be based on the token ID to avoid having the same serial numbers
on every token.
Co-developed-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[jf: cast sizeof() to int in snprintf() with field with specifier '*']
Signed-off-by: Jerome Forissier <jerome@forissier.org>
show more ...
|
| d628ebd9 | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: set slot information to gpd.tee.deviceID if available
Use gpd.tee.deviceID to provide a device specific UUID as part of the
slot information (field with enough size for UUID).
Co-develo
ta: pkcs11: set slot information to gpd.tee.deviceID if available
Use gpd.tee.deviceID to provide a device specific UUID as part of the
slot information (field with enough size for UUID).
Co-developed-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| 29b0949a | 22-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: remove unused variable token in entry_ck_slot_info()
Remove unused variable token in entry_ck_slot_info().
No functional change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro
ta: pkcs11: remove unused variable token in entry_ck_slot_info()
Remove unused variable token in entry_ck_slot_info().
No functional change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| aa442cde | 15-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: remove unused PIN encryption key functions
PINs are hashed with a salt instead of being encrypted with a secret
key. So remove the now unused management of these secret keys.
Acked-by:
ta: pkcs11: remove unused PIN encryption key functions
PINs are hashed with a salt instead of being encrypted with a secret
key. So remove the now unused management of these secret keys.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f7cc36c0 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT
Implements login/logout support.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carrier
ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT
Implements login/logout support.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 1dbb91e7 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_SET_PIN
PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.
Acked-by: Rouven Czerwinski <r.czerwinski@p
ta: pkcs11: implement command PKCS11_CMD_SET_PIN
PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| e8dbd92c | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_INIT_PIN
PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
b
ta: pkcs11: implement command PKCS11_CMD_INIT_PIN
PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
be logged to current session in order to call this function
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f485be04 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN
PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already
ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN
PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already done and destroy objects that can be. As objects are not yet
supported in the TA, this later feature is not implemented.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| e86828f4 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helper to update token persistent database
update_persistent_db() updates the persistent database or panics on
failure.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-deve
ta: pkcs11: helper to update token persistent database
update_persistent_db() updates the persistent database or panics on
failure.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 40bbca26 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: update PIN fields in struct token_persistent_main
Replaces the fields use to keep track of encrypted PINs with fields to
keep track of hashed PINs instead.
Acked-by: Rouven Czerwinski <
ta: pkcs11: update PIN fields in struct token_persistent_main
Replaces the fields use to keep track of encrypted PINs with fields to
keep track of hashed PINs instead.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| bef8bc68 | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helpers for PIN hashing
Adds helpers to hash PIN and to verify the hash of a PIN. The PIN is
hashed together with user type and a generated salt. A used salt never
takes the value 0 so t
ta: pkcs11: helpers for PIN hashing
Adds helpers to hash PIN and to verify the hash of a PIN. The PIN is
hashed together with user type and a generated salt. A used salt never
takes the value 0 so that can be used to tell if a PIN is set.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 8e03579e | 09-Apr-2020 |
Jens Wiklander <jens.wiklander@linaro.org> |
ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion
Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
ca
ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion
Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
caller in PKCS#11 return code format.
The function returns PKCS11_CKR_GENERAL_ERROR for TEE_Result values that
do not strictly match a PKCS#11 return code.
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 70224f58 | 05-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: drop derive from AES_ECB
Drop key derivation as a capability of mechanisms AES_ECB as not part
of the PKCS#11 specification.
Reported-by: Ricardo Salveti <ricardo@foundries.io>
Signed-o
ta: pkcs11: drop derive from AES_ECB
Drop key derivation as a capability of mechanisms AES_ECB as not part
of the PKCS#11 specification.
Reported-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 6459f267 | 08-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: fix MECHANISM_IDS to return OK when no output buffer
Fix PKCS11 TA command PKCS11_CMD_MECHANISM_IDS to handle case
where client provides a NULL buffer reference when querying the
list of
ta: pkcs11: fix MECHANISM_IDS to return OK when no output buffer
Fix PKCS11 TA command PKCS11_CMD_MECHANISM_IDS to handle case
where client provides a NULL buffer reference when querying the
list of supported mechanism IDs. In such case TA should return OK,
not PKCS11_CKR_BUFFER_TOO_SMALL.
This change is needed since commit [1] that makes an OP-TEE TA able
to receive memref parameters with a NULL buffer reference.
Link: [1] 20b567068a37 ("libutee: flag NULL pointer using invalid shm id")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
show more ...
|
| 226699cb | 02-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: remove inline comment about persistent object database
Remove inline comment that is not relevant since PKCS11 object
database is not implemented yet.
Signed-off-by: Etienne Carriere <e
ta: pkcs11: remove inline comment about persistent object database
Remove inline comment that is not relevant since PKCS11 object
database is not implemented yet.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| ee49d9f2 | 02-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: fixup header file inclusion ordering
Fix order of included header files where applicable.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r
ta: pkcs11: fixup header file inclusion ordering
Fix order of included header files where applicable.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| fce35058 | 02-Apr-2020 |
Etienne Carriere <etienne.carriere@linaro.org> |
ta: pkcs11: fixup user id in init_pin_key()
Minor simplification of init_pin_keys() prototype. Change argument
unsigned int uid to enum pkcs11_user_type type since it's what is
provided by the calle
ta: pkcs11: fixup user id in init_pin_key()
Minor simplification of init_pin_keys() prototype. Change argument
unsigned int uid to enum pkcs11_user_type type since it's what is
provided by the called and expected by the function.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|