History log of /optee_os/ta/pkcs11/ (Results 51 – 75 of 257)
Revision Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
cc062b4623-Feb-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

ta: pkcs11: support for ECDH1_DERIVE

Add support for ECDH1_DERIVE operation.

Only the key derivation function CKD_NULL is supported: the raw shared
secret value is therefore generated without apply

ta: pkcs11: support for ECDH1_DERIVE

Add support for ECDH1_DERIVE operation.

Only the key derivation function CKD_NULL is supported: the raw shared
secret value is therefore generated without applying any key
derivation function.

Tested with pkcs11_tool -m ECDH1-DERIVE

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Co-developed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


/optee_os/.azure-pipelines.yml
/optee_os/CHANGELOG.md
/optee_os/MAINTAINERS
/optee_os/Makefile
/optee_os/core/arch/arm/arm.mk
/optee_os/core/arch/arm/dts/at91-sama5d27_som1_ek.dts
/optee_os/core/arch/arm/dts/at91-sama5d2_xplained.dts
/optee_os/core/arch/arm/dts/sama5d2.dtsi
/optee_os/core/arch/arm/include/arm.h
/optee_os/core/arch/arm/include/arm32.h
/optee_os/core/arch/arm/include/arm32_macros.S
/optee_os/core/arch/arm/include/arm64.h
/optee_os/core/arch/arm/include/arm64_macros.S
/optee_os/core/arch/arm/include/ffa.h
/optee_os/core/arch/arm/include/kernel/misc.h
/optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h
/optee_os/core/arch/arm/include/kernel/thread_arch.h
/optee_os/core/arch/arm/include/kernel/thread_private_arch.h
/optee_os/core/arch/arm/include/kernel/thread_spmc.h
/optee_os/core/arch/arm/include/mm/core_mmu_arch.h
/optee_os/core/arch/arm/kernel/abort.c
/optee_os/core/arch/arm/kernel/asm-defines.c
/optee_os/core/arch/arm/kernel/boot.c
/optee_os/core/arch/arm/kernel/delay.c
/optee_os/core/arch/arm/kernel/entry_a32.S
/optee_os/core/arch/arm/kernel/entry_a64.S
/optee_os/core/arch/arm/kernel/kern.ld.S
/optee_os/core/arch/arm/kernel/link.mk
/optee_os/core/arch/arm/kernel/link_dummies_paged.c
/optee_os/core/arch/arm/kernel/link_dummy.ld
/optee_os/core/arch/arm/kernel/misc_a32.S
/optee_os/core/arch/arm/kernel/secure_partition.c
/optee_os/core/arch/arm/kernel/spmc_sp_handler.c
/optee_os/core/arch/arm/kernel/stmm_sp.c
/optee_os/core/arch/arm/kernel/sub.mk
/optee_os/core/arch/arm/kernel/thread.c
/optee_os/core/arch/arm/kernel/thread_a32.S
/optee_os/core/arch/arm/kernel/thread_a64.S
/optee_os/core/arch/arm/kernel/thread_optee_smc.c
/optee_os/core/arch/arm/kernel/thread_optee_smc_a32.S
/optee_os/core/arch/arm/kernel/thread_optee_smc_a64.S
/optee_os/core/arch/arm/kernel/thread_spmc.c
/optee_os/core/arch/arm/kernel/thread_spmc_a32.S
/optee_os/core/arch/arm/kernel/thread_spmc_a64.S
/optee_os/core/arch/arm/mm/core_mmu.c
/optee_os/core/arch/arm/mm/core_mmu_lpae.c
/optee_os/core/arch/arm/mm/core_mmu_v7.c
/optee_os/core/arch/arm/mm/mobj_dyn_shm.c
/optee_os/core/arch/arm/mm/mobj_ffa.c
/optee_os/core/arch/arm/mm/sub.mk
/optee_os/core/arch/arm/plat-aspeed/conf.mk
/optee_os/core/arch/arm/plat-aspeed/core_pos_a32.S
/optee_os/core/arch/arm/plat-aspeed/platform_ast2600.c
/optee_os/core/arch/arm/plat-aspeed/platform_config.h
/optee_os/core/arch/arm/plat-aspeed/sub.mk
/optee_os/core/arch/arm/plat-imx/conf.mk
/optee_os/core/arch/arm/plat-imx/crypto_conf.mk
/optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c
/optee_os/core/arch/arm/plat-imx/imx-common.c
/optee_os/core/arch/arm/plat-imx/imx-regs.h
/optee_os/core/arch/arm/plat-imx/imx.h
/optee_os/core/arch/arm/plat-imx/main.c
/optee_os/core/arch/arm/plat-imx/registers/imx7ulp.h
/optee_os/core/arch/arm/plat-imx/registers/imx8ulp-crm.h
/optee_os/core/arch/arm/plat-imx/registers/imx8ulp.h
/optee_os/core/arch/arm/plat-ls/conf.mk
/optee_os/core/arch/arm/plat-ls/crypto_conf.mk
/optee_os/core/arch/arm/plat-ls/main.c
/optee_os/core/arch/arm/plat-ls/platform_config.h
/optee_os/core/arch/arm/plat-rockchip/main.c
/optee_os/core/arch/arm/plat-rzn1/main.c
/optee_os/core/arch/arm/plat-sam/conf.mk
/optee_os/core/arch/arm/plat-sam/freq.c
/optee_os/core/arch/arm/plat-sam/main.c
/optee_os/core/arch/arm/plat-sam/matrix.c
/optee_os/core/arch/arm/plat-sam/nsec-service/sm_platform_handler.c
/optee_os/core/arch/arm/plat-sam/nsec-service/smc_ids.h
/optee_os/core/arch/arm/plat-sam/nsec-service/sub.mk
/optee_os/core/arch/arm/plat-sam/pm/psci.c
/optee_os/core/arch/arm/plat-sam/sam_sfr.h
/optee_os/core/arch/arm/plat-sam/sub.mk
/optee_os/core/arch/arm/plat-stm/main.c
/optee_os/core/arch/arm/plat-stm32mp1/conf.mk
/optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c
/optee_os/core/arch/arm/plat-stm32mp1/drivers/sub.mk
/optee_os/core/arch/arm/plat-stm32mp1/link_dummies_paged.c
/optee_os/core/arch/arm/plat-stm32mp1/main.c
/optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c
/optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c
/optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h
/optee_os/core/arch/arm/plat-stm32mp1/sub.mk
/optee_os/core/arch/arm/plat-sunxi/main.c
/optee_os/core/arch/arm/plat-ti/main.c
/optee_os/core/arch/arm/plat-totalcompute/sub.mk
/optee_os/core/arch/arm/plat-vexpress/main.c
/optee_os/core/arch/arm/plat-vexpress/sub.mk
/optee_os/core/arch/arm/plat-zynq7k/main.c
/optee_os/core/arch/arm/plat-zynqmp/conf.mk
/optee_os/core/arch/arm/plat-zynqmp/main.c
/optee_os/core/arch/arm/plat-zynqmp/platform_config.h
/optee_os/core/arch/arm/sm/pm_a32.S
/optee_os/core/arch/arm/sm/sm.c
/optee_os/core/crypto/signed_hdr.c
/optee_os/core/drivers/atmel_rstc.c
/optee_os/core/drivers/atmel_saic.c
/optee_os/core/drivers/atmel_shdwc.c
/optee_os/core/drivers/atmel_trng.c
/optee_os/core/drivers/atmel_wdt.c
/optee_os/core/drivers/clk/clk-stm32mp15.c
/optee_os/core/drivers/clk/sam/at91_clk.h
/optee_os/core/drivers/clk/sam/at91_generated.c
/optee_os/core/drivers/clk/sam/at91_peripheral.c
/optee_os/core/drivers/clk/sam/at91_pmc.c
/optee_os/core/drivers/clk/sam/at91_programmable.c
/optee_os/core/drivers/clk/sam/sama5d2_clk.c
/optee_os/core/drivers/clk/sub.mk
/optee_os/core/drivers/crypto/aspeed/crypto_ast2600.c
/optee_os/core/drivers/crypto/aspeed/hace_ast2600.c
/optee_os/core/drivers/crypto/aspeed/hace_ast2600.h
/optee_os/core/drivers/crypto/aspeed/sub.mk
/optee_os/core/drivers/crypto/caam/hal/common/hal_jr.c
/optee_os/core/drivers/crypto/caam/hal/imx_8ulp/hal_clk.c
/optee_os/core/drivers/crypto/caam/hal/imx_8ulp/hal_ctrl.c
/optee_os/core/drivers/crypto/caam/hal/imx_8ulp/hal_jr.c
/optee_os/core/drivers/crypto/caam/hal/imx_8ulp/registers/ctrl_regs.h
/optee_os/core/drivers/crypto/caam/hal/imx_8ulp/sub.mk
/optee_os/core/drivers/crypto/caam/hal/sub.mk
/optee_os/core/drivers/crypto/caam/include/caam_common.h
/optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h
/optee_os/core/drivers/crypto/caam/include/caam_desc_helper.h
/optee_os/core/drivers/crypto/caam/utils/utils_mem.c
/optee_os/core/drivers/crypto/crypto_api/acipher/rsa.c
/optee_os/core/drivers/crypto/crypto_api/acipher/rsassa.c
/optee_os/core/drivers/crypto/se050/adaptors/sub.mk
/optee_os/core/drivers/crypto/se050/core/ecc.c
/optee_os/core/drivers/crypto/se050/core/rsa.c
/optee_os/core/drivers/crypto/se050/core/sub.mk
/optee_os/core/drivers/crypto/se050/crypto.mk
/optee_os/core/drivers/crypto/se050/glue/i2c.c
/optee_os/core/drivers/crypto/se050/glue/i2c_imx.c
/optee_os/core/drivers/crypto/se050/glue/include/i2c_native.h
/optee_os/core/drivers/crypto/se050/session.c
/optee_os/core/drivers/crypto/se050/sub.mk
/optee_os/core/drivers/crypto/sub.mk
/optee_os/core/drivers/gic.c
/optee_os/core/drivers/imx_lpuart.c
/optee_os/core/drivers/imx_uart.c
/optee_os/core/drivers/imx_wdog.c
/optee_os/core/drivers/pl011.c
/optee_os/core/drivers/pm/sam/at91_pm.c
/optee_os/core/drivers/pm/sam/at91_pm.h
/optee_os/core/drivers/pm/sam/pm-defines.c
/optee_os/core/drivers/pm/sam/pm_resume.S
/optee_os/core/drivers/pm/sam/pm_suspend.S
/optee_os/core/drivers/pm/sam/sub.mk
/optee_os/core/drivers/pm/sub.mk
/optee_os/core/drivers/rstctrl/rstctrl.c
/optee_os/core/drivers/rstctrl/sub.mk
/optee_os/core/drivers/serial8250_uart.c
/optee_os/core/drivers/stm32_gpio.c
/optee_os/core/drivers/stm32_i2c.c
/optee_os/core/drivers/stm32_rng.c
/optee_os/core/drivers/stm32_uart.c
/optee_os/core/drivers/sub.mk
/optee_os/core/drivers/wdt/sub.mk
/optee_os/core/drivers/wdt/watchdog.c
/optee_os/core/drivers/wdt/watchdog_sm.c
/optee_os/core/include/drivers/atmel_saic.h
/optee_os/core/include/drivers/clk_dt.h
/optee_os/core/include/drivers/gic.h
/optee_os/core/include/drivers/pm/sam/atmel_pm.h
/optee_os/core/include/drivers/rstctrl.h
/optee_os/core/include/drivers/stm32_i2c.h
/optee_os/core/include/drivers/stm32_uart.h
/optee_os/core/include/drivers/stm32mp1_rcc.h
/optee_os/core/include/drivers/wdt.h
/optee_os/core/include/io.h
/optee_os/core/include/kernel/abort.h
/optee_os/core/include/kernel/asan.h
/optee_os/core/include/kernel/boot.h
/optee_os/core/include/kernel/dt.h
/optee_os/core/include/kernel/dt_driver.h
/optee_os/core/include/kernel/linker.h
/optee_os/core/include/kernel/pm.h
/optee_os/core/include/kernel/spinlock.h
/optee_os/core/include/kernel/thread.h
/optee_os/core/include/kernel/thread_private.h
/optee_os/core/include/kernel/user_mode_ctx_struct.h
/optee_os/core/include/mm/core_mmu.h
/optee_os/core/include/mm/mobj.h
/optee_os/core/include/mm/pgt_cache.h
/optee_os/core/include/mm/tee_pager.h
/optee_os/core/include/tee/entry_std.h
/optee_os/core/kernel/dt.c
/optee_os/core/kernel/dt_driver.c
/optee_os/core/kernel/msg_param.c
/optee_os/core/kernel/notif.c
/optee_os/core/kernel/pseudo_ta.c
/optee_os/core/kernel/ree_fs_ta.c
/optee_os/core/kernel/spin_lock_debug.c
/optee_os/core/kernel/sub.mk
/optee_os/core/kernel/tee_ta_manager.c
/optee_os/core/kernel/thread.c
/optee_os/core/kernel/user_ta.c
/optee_os/core/mm/core_mmu.c
/optee_os/core/mm/mobj.c
/optee_os/core/mm/sub.mk
/optee_os/core/mm/tee_mm.c
/optee_os/core/mm/vm.c
/optee_os/core/pta/benchmark.c
/optee_os/core/pta/gprof.c
/optee_os/core/tee/entry_std.c
/optee_os/core/tee/tadb.c
/optee_os/core/tee/tee_ree_fs.c
/optee_os/core/tee/tee_rpmb_fs.c
/optee_os/core/tee/tee_supp_plugin_rpc.c
/optee_os/core/tee/tee_svc.c
/optee_os/core/tee/tee_svc_cryp.c
/optee_os/ldelf/pauth.c
/optee_os/ldelf/pauth.h
/optee_os/ldelf/sub.mk
/optee_os/lib/libunw/include/unw/unwind.h
/optee_os/lib/libunw/unwind_arm64.c
/optee_os/lib/libutee/tee_api_operations.c
/optee_os/lib/libutils/ext/include/compiler.h
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/lib/libutils/isoc/include/assert.h
/optee_os/mk/compile.mk
/optee_os/mk/config.mk
/optee_os/mk/subdir.mk
/optee_os/scripts/sign_encrypt.py
/optee_os/scripts/sign_helper_kms.py
include/pkcs11_ta.h
src/pkcs11_attributes.c
src/processing.c
src/processing.h
src/processing_asymm.c
src/processing_ec.c
src/token_capabilities.c
/optee_os/ta/ta.mk
7694887615-Dec-2021 Mengchi Cheng <mengcc@amazon.com>

ta: pkcs11: Clean up temporary_object_list on object creation failure

Calls LIST_REMOVE() only from cleanup_volatile_obj_ref() this is always
called to finalize object release. Allocated objects are

ta: pkcs11: Clean up temporary_object_list on object creation failure

Calls LIST_REMOVE() only from cleanup_volatile_obj_ref() this is always
called to finalize object release. Allocated objects are always inserted
into a list after being created and therefore need to be removed for its
owner list before the memory is released.

This changes fixes an issue when handle_get() failed in create_object()
and does not remove the reference from temporary_object_list.

Signed-off-by: Mengchi Cheng <mengcc@amazon.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


/optee_os/.github/workflows/stales.yml
/optee_os/core/arch/arm/arm.mk
/optee_os/core/arch/arm/crypto/aes_modes_armv8a_ce_a64.S
/optee_os/core/arch/arm/crypto/ghash-ce-core_a64.S
/optee_os/core/arch/arm/crypto/sha1_armv8a_ce_a64.S
/optee_os/core/arch/arm/crypto/sha256_armv8a_ce_a64.S
/optee_os/core/arch/arm/include/arm.h
/optee_os/core/arch/arm/include/arm64.h
/optee_os/core/arch/arm/include/ffa.h
/optee_os/core/arch/arm/include/kernel/secure_partition.h
/optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h
/optee_os/core/arch/arm/include/kernel/thread.h
/optee_os/core/arch/arm/include/kernel/thread_spmc.h
/optee_os/core/arch/arm/include/sm/optee_smc.h
/optee_os/core/arch/arm/kernel/boot.c
/optee_os/core/arch/arm/kernel/cache_helpers_a64.S
/optee_os/core/arch/arm/kernel/entry_a64.S
/optee_os/core/arch/arm/kernel/kern.ld.S
/optee_os/core/arch/arm/kernel/ldelf_loader.c
/optee_os/core/arch/arm/kernel/link.mk
/optee_os/core/arch/arm/kernel/misc_a64.S
/optee_os/core/arch/arm/kernel/secure_partition.c
/optee_os/core/arch/arm/kernel/spin_lock_a64.S
/optee_os/core/arch/arm/kernel/spmc_sp_handler.c
/optee_os/core/arch/arm/kernel/stmm_sp.c
/optee_os/core/arch/arm/kernel/thread_a64.S
/optee_os/core/arch/arm/kernel/thread_optee_smc_a64.S
/optee_os/core/arch/arm/kernel/thread_spmc.c
/optee_os/core/arch/arm/kernel/thread_spmc_a64.S
/optee_os/core/arch/arm/kernel/tlb_helpers_a64.S
/optee_os/core/arch/arm/kernel/trace_ext.c
/optee_os/core/arch/arm/kernel/vfp_a64.S
/optee_os/core/arch/arm/mm/core_mmu_lpae.c
/optee_os/core/arch/arm/mm/mobj_ffa.c
/optee_os/core/arch/arm/mm/sp_mem.c
/optee_os/core/arch/arm/mm/sub.mk
/optee_os/core/arch/arm/plat-imx/conf.mk
/optee_os/core/arch/arm/plat-imx/registers/imx8q.h
/optee_os/core/arch/arm/plat-sam/conf.mk
/optee_os/core/arch/arm/plat-sam/main.c
/optee_os/core/arch/arm/plat-sam/pm/psci.c
/optee_os/core/arch/arm/plat-sam/pm/sub.mk
/optee_os/core/arch/arm/plat-sam/sub.mk
/optee_os/core/arch/arm/plat-vexpress/conf.mk
/optee_os/core/arch/arm/plat-vexpress/main.c
/optee_os/core/arch/arm/tee/arch_svc_a64.S
/optee_os/core/arch/arm/tee/entry_fast.c
/optee_os/core/drivers/atmel_rstc.c
/optee_os/core/drivers/atmel_shdwc.c
/optee_os/core/drivers/atmel_shdwc_a32.S
/optee_os/core/drivers/atmel_trng.c
/optee_os/core/drivers/clk/clk_dt.c
/optee_os/core/drivers/clk/sam/at91_clk.h
/optee_os/core/drivers/clk/sam/sama5d2_clk.c
/optee_os/core/drivers/crypto/caam/acipher/caam_dh.c
/optee_os/core/drivers/crypto/caam/acipher/caam_ecc.c
/optee_os/core/drivers/crypto/caam/acipher/caam_math.c
/optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c
/optee_os/core/drivers/crypto/caam/caam_ctrl.c
/optee_os/core/drivers/crypto/caam/caam_rng.c
/optee_os/core/drivers/crypto/caam/hal/common/hal_cfg.c
/optee_os/core/drivers/crypto/caam/hal/common/hal_rng.c
/optee_os/core/drivers/crypto/caam/hal/imx_8q/hal_cfg.c
/optee_os/core/drivers/crypto/caam/hal/imx_8q/hal_clk.c
/optee_os/core/drivers/crypto/caam/hal/imx_8q/hal_ctrl.c
/optee_os/core/drivers/crypto/caam/hal/imx_8q/hal_jr.c
/optee_os/core/drivers/crypto/caam/hal/imx_8q/hal_rng.c
/optee_os/core/drivers/crypto/caam/hal/imx_8q/registers/ctrl_regs.h
/optee_os/core/drivers/crypto/caam/hal/imx_8q/sub.mk
/optee_os/core/drivers/crypto/caam/hal/sub.mk
/optee_os/core/drivers/crypto/caam/hash/caam_hash.c
/optee_os/core/drivers/crypto/caam/hash/caam_hash_mac.c
/optee_os/core/drivers/crypto/caam/include/caam_acipher.h
/optee_os/core/drivers/crypto/caam/include/caam_hal_rng.h
/optee_os/core/drivers/crypto/caam/include/caam_hash.h
/optee_os/core/drivers/crypto/caam/include/caam_status.h
/optee_os/core/drivers/crypto/se050/adaptors/include/se050_sss_apis.h
/optee_os/core/drivers/crypto/se050/adaptors/include/se050_utils.h
/optee_os/core/drivers/crypto/se050/adaptors/utils/info.c
/optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c
/optee_os/core/drivers/crypto/se050/core/ecc.c
/optee_os/core/drivers/crypto/se050/core/rsa.c
/optee_os/core/drivers/crypto/se050/crypto.mk
/optee_os/core/drivers/crypto/se050/session.c
/optee_os/core/drivers/imx_sc_api.c
/optee_os/core/drivers/imx_wdog.c
/optee_os/core/drivers/sub.mk
/optee_os/core/include/drivers/atmel_rstc.h
/optee_os/core/include/drivers/atmel_shdwc.h
/optee_os/core/include/drivers/clk_dt.h
/optee_os/core/include/drivers/gic.h
/optee_os/core/include/drivers/imx_sc_api.h
/optee_os/core/include/drivers/sam/at91_ddr.h
/optee_os/core/include/kernel/dt_driver.h
/optee_os/core/include/kernel/notif.h
/optee_os/core/include/mm/sp_mem.h
/optee_os/core/include/mm/tee_mmu_types.h
/optee_os/core/include/mm/vm.h
/optee_os/core/include/optee_msg.h
/optee_os/core/include/optee_rpc_cmd.h
/optee_os/core/kernel/dt_driver.c
/optee_os/core/kernel/ldelf_syscalls.c
/optee_os/core/kernel/notif.c
/optee_os/core/kernel/pm.c
/optee_os/core/kernel/sub.mk
/optee_os/core/kernel/wait_queue.c
/optee_os/core/lib/libtomcrypt/mpi_desc.c
/optee_os/core/mm/vm.c
/optee_os/core/tee/entry_std.c
/optee_os/core/tee/tee_cryp_utl.c
/optee_os/core/tee/tee_svc.c
/optee_os/ldelf/include/ldelf.h
/optee_os/ldelf/ldelf.ld.S
/optee_os/ldelf/link.mk
/optee_os/ldelf/start_a64.S
/optee_os/ldelf/syscalls_a64.S
/optee_os/ldelf/ta_elf.c
/optee_os/ldelf/ta_elf.h
/optee_os/ldelf/tlsdesc_rel_a64.S
/optee_os/lib/libutee/arch/arm/utee_syscalls_a64.S
/optee_os/lib/libutee/include/elf_common.h
/optee_os/lib/libutils/ext/arch/arm/atomic_a64.S
/optee_os/lib/libutils/ext/arch/arm/mcount_a64.S
/optee_os/lib/libutils/ext/include/arm64_bti.S
/optee_os/lib/libutils/ext/include/asm.S
/optee_os/lib/libutils/ext/include/trace.h
/optee_os/lib/libutils/ext/mempool.c
/optee_os/lib/libutils/ext/trace.c
/optee_os/lib/libutils/isoc/arch/arm/setjmp_a64.S
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/lib/libutils/isoc/include/malloc.h
/optee_os/lib/libutils/isoc/include/stdio.h
/optee_os/lib/libutils/isoc/qsort.c
/optee_os/lib/libutils/isoc/sprintf.c
/optee_os/mk/config.mk
/optee_os/mk/lib.mk
/optee_os/scripts/checkpatch_inc.sh
/optee_os/scripts/sign_encrypt.py
/optee_os/ta/arch/arm/link.mk
/optee_os/ta/arch/arm/link_shlib.mk
/optee_os/ta/arch/arm/ta.ld.S
src/object.c
/optee_os/ta/ta.mk
dbc2184e08-Dec-2021 Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Fix memory leak

When sanitizing indirect templates, obj2 was getting allocated
twice leading to memory leak.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne

ta: pkcs11: Fix memory leak

When sanitizing indirect templates, obj2 was getting allocated
twice leading to memory leak.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/5022

show more ...


src/sanitize_object.c
5818fdfd07-Dec-2021 Sahil Malhotra <sahil.malhotra@nxp.com>

ta: pkcs11: increase default heap size to 32kB

In some test cases, 16kB memory configured is not enough, specifically
while generating RSA keys, so increasing the default heap size to 32kB.

Signed-

ta: pkcs11: increase default heap size to 32kB

In some test cases, 16kB memory configured is not enough, specifically
while generating RSA keys, so increasing the default heap size to 32kB.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


/optee_os/core/arch/arm/dts/sama5d2.dtsi
/optee_os/core/arch/arm/mm/core_mmu.c
/optee_os/core/arch/arm/mm/core_mmu_lpae.c
/optee_os/core/arch/arm/plat-sam/conf.mk
/optee_os/core/arch/arm/plat-sam/platform_config.h
/optee_os/core/drivers/atmel_trng.c
/optee_os/core/drivers/crypto/se050/adaptors/utils/utils.c
/optee_os/core/drivers/crypto/stm32/stm32_cryp.c
/optee_os/core/drivers/sub.mk
/optee_os/core/include/kernel/dt.h
/optee_os/core/include/tee/tee_svc_storage.h
/optee_os/core/pta/tests/invoke.c
/optee_os/core/pta/tests/sub.mk
/optee_os/core/tee/sub.mk
/optee_os/core/tee/tee_fs_rpc.c
/optee_os/core/tee/tee_rpmb_fs.c
/optee_os/core/tee/tee_svc_storage.c
/optee_os/mk/config.mk
/optee_os/scripts/dump_ta_header.py
sub.mk
28eb53ac25-Nov-2021 Jorge Ramirez-Ortiz <jorge@foundries.io>

ta: pkcs11: remove unnecessary code

Remove unnecessary assignment.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>


/optee_os/.azure-pipelines.yml
/optee_os/.gitignore
/optee_os/core/arch/arm/dts/stm32mp157c-dk2.dts
/optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts
/optee_os/core/arch/arm/dts/stm32mp157c-ev1.dts
/optee_os/core/arch/arm/include/kernel/boot.h
/optee_os/core/arch/arm/kernel/boot.c
/optee_os/core/arch/arm/kernel/tee_time.c
/optee_os/core/arch/arm/mm/core_mmu.c
/optee_os/core/arch/arm/mm/mobj_dyn_shm.c
/optee_os/core/arch/arm/mm/tee_mm.c
/optee_os/core/arch/arm/plat-imx/conf.mk
/optee_os/core/arch/arm/plat-mediatek/conf.mk
/optee_os/core/arch/arm/plat-mediatek/main.c
/optee_os/core/arch/arm/plat-rzn1/conf.mk
/optee_os/core/arch/arm/plat-rzn1/main.c
/optee_os/core/arch/arm/plat-rzn1/sm_platform_handler.c
/optee_os/core/arch/arm/plat-sam/conf.mk
/optee_os/core/arch/arm/plat-sam/sam_sfr.h
/optee_os/core/crypto/sub.mk
/optee_os/core/drivers/clk/clk_dt.c
/optee_os/core/drivers/clk/sam/at91_audio_pll.c
/optee_os/core/drivers/clk/sam/at91_clk.h
/optee_os/core/drivers/clk/sam/at91_generated.c
/optee_os/core/drivers/clk/sam/at91_h32mx.c
/optee_os/core/drivers/clk/sam/at91_i2s_mux.c
/optee_os/core/drivers/clk/sam/at91_main.c
/optee_os/core/drivers/clk/sam/at91_master.c
/optee_os/core/drivers/clk/sam/at91_peripheral.c
/optee_os/core/drivers/clk/sam/at91_pll.c
/optee_os/core/drivers/clk/sam/at91_plldiv.c
/optee_os/core/drivers/clk/sam/at91_pmc.c
/optee_os/core/drivers/clk/sam/at91_pmc.h
/optee_os/core/drivers/clk/sam/at91_programmable.c
/optee_os/core/drivers/clk/sam/at91_sckc.c
/optee_os/core/drivers/clk/sam/at91_system.c
/optee_os/core/drivers/clk/sam/at91_usb.c
/optee_os/core/drivers/clk/sam/at91_utmi.c
/optee_os/core/drivers/clk/sam/sama5d2_clk.c
/optee_os/core/drivers/clk/sam/sub.mk
/optee_os/core/drivers/clk/sub.mk
/optee_os/core/drivers/crypto/caam/hal/common/hal_cfg.c
/optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c
/optee_os/core/drivers/crypto/se050/adaptors/apis/apdu.c
/optee_os/core/drivers/crypto/se050/adaptors/include/se050_utils.h
/optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c
/optee_os/core/drivers/crypto/se050/adaptors/utils/utils.c
/optee_os/core/drivers/crypto/se050/core/apdu.c
/optee_os/core/drivers/crypto/se050/core/ctr.c
/optee_os/core/drivers/crypto/se050/core/die_id.c
/optee_os/core/drivers/crypto/se050/core/ecc.c
/optee_os/core/drivers/crypto/se050/core/rsa.c
/optee_os/core/drivers/crypto/se050/core/scp03.c
/optee_os/core/drivers/crypto/se050/core/sub.mk
/optee_os/core/drivers/crypto/se050/crypto.mk
/optee_os/core/drivers/crypto/stm32/stm32_cryp.c
/optee_os/core/drivers/stm32_bsec.c
/optee_os/core/include/crypto/crypto.h
/optee_os/core/include/crypto/crypto_se.h
/optee_os/core/include/drivers/clk_dt.h
/optee_os/core/include/dt-bindings/clock/at91.h
/optee_os/core/include/initcall.h
/optee_os/core/include/kernel/dt.h
/optee_os/core/include/kernel/dt_driver.h
/optee_os/core/include/mm/tee_mm.h
/optee_os/core/kernel/console.c
/optee_os/core/kernel/dt_driver.c
/optee_os/core/kernel/huk_subkey.c
/optee_os/core/kernel/lockdep.c
/optee_os/core/kernel/wait_queue.c
/optee_os/core/lib/libtomcrypt/sha256_accel.c
/optee_os/core/lib/libtomcrypt/sub.mk
/optee_os/core/mm/fobj.c
/optee_os/core/mm/mobj.c
/optee_os/core/pta/apdu.c
/optee_os/core/pta/gprof.c
/optee_os/core/pta/scp03.c
/optee_os/core/pta/sub.mk
/optee_os/core/tee/entry_std.c
/optee_os/core/tee/socket.c
/optee_os/core/tee/tadb.c
/optee_os/core/tee/tee_fs_rpc.c
/optee_os/core/tee/tee_svc_cryp.c
/optee_os/lib/libmbedtls/sub.mk
/optee_os/lib/libutee/include/pta_apdu.h
/optee_os/lib/libutee/include/pta_scp03.h
/optee_os/lib/libutee/include/tee_api_defines_extensions.h
/optee_os/lib/libutee/tee_api_arith_mpi.c
/optee_os/lib/libutils/ext/include/util.h
/optee_os/mk/compile.mk
/optee_os/mk/config.mk
/optee_os/ta/avb/entry.c
/optee_os/ta/mk/build-user-ta.mk
src/object.c
a5ea52c208-Oct-2021 Elvira Khabirova <e.khabirova@omp.ru>

ta: pkcs11: fix a double-free

entry_processing_key() frees out_buf on error from
derive_key_by_symm_enc(). Before this change, that led to a double-free.

Fixes: 8c499324e457 ("ta: pkcs11: Add funct

ta: pkcs11: fix a double-free

entry_processing_key() frees out_buf on error from
derive_key_by_symm_enc(). Before this change, that led to a double-free.

Fixes: 8c499324e457 ("ta: pkcs11: Add function to set key data")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>

show more ...


src/processing_symm.c
b796403708-Oct-2021 Elvira Khabirova <e.khabirova@omp.ru>

ta: pkcs11: fix a memory leak

Before this change, entry_find_objects_init() leaked e.g. find_ctx.

Fixes: fa1ac7676f39 ("ta: pkcs11: Don't load objects that don't match the search during find")
Revi

ta: pkcs11: fix a memory leak

Before this change, entry_find_objects_init() leaked e.g. find_ctx.

Fixes: fa1ac7676f39 ("ta: pkcs11: Don't load objects that don't match the search during find")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>

show more ...


/optee_os/.azure-pipelines.yml
/optee_os/CHANGELOG.md
/optee_os/MAINTAINERS
/optee_os/core/arch/arm/arm.mk
/optee_os/core/arch/arm/crypto/aes_armv8a_ce.c
/optee_os/core/arch/arm/dts/at91-sama5d27_som1.dtsi
/optee_os/core/arch/arm/dts/at91-sama5d27_som1_ek.dts
/optee_os/core/arch/arm/dts/at91-sama5d2_xplained.dts
/optee_os/core/arch/arm/dts/sama5d2-pinfunc.h
/optee_os/core/arch/arm/dts/sama5d2.dtsi
/optee_os/core/arch/arm/dts/stm32mp157a-dk1.dts
/optee_os/core/arch/arm/dts/stm32mp157c-dk2.dts
/optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts
/optee_os/core/arch/arm/dts/stm32mp157c-ev1.dts
/optee_os/core/arch/arm/include/ffa.h
/optee_os/core/arch/arm/include/kernel/secure_partition.h
/optee_os/core/arch/arm/include/kernel/thread_spmc.h
/optee_os/core/arch/arm/include/mm/core_mmu.h
/optee_os/core/arch/arm/kernel/boot.c
/optee_os/core/arch/arm/kernel/link_dummies_paged.c
/optee_os/core/arch/arm/kernel/secure_partition.c
/optee_os/core/arch/arm/kernel/spmc_sp_handler.c
/optee_os/core/arch/arm/kernel/thread.c
/optee_os/core/arch/arm/kernel/thread_optee_smc.c
/optee_os/core/arch/arm/kernel/thread_spmc.c
/optee_os/core/arch/arm/kernel/virtualization.c
/optee_os/core/arch/arm/mm/core_mmu.c
/optee_os/core/arch/arm/mm/mobj_dyn_shm.c
/optee_os/core/arch/arm/mm/mobj_ffa.c
/optee_os/core/arch/arm/plat-ls/main.c
/optee_os/core/arch/arm/plat-marvell/armada3700/hal_sec_perf.c
/optee_os/core/arch/arm/plat-marvell/armada7k8k/hal_sec_perf.c
/optee_os/core/arch/arm/plat-sam/conf.mk
/optee_os/core/arch/arm/plat-stm32mp1/conf.mk
/optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_clk.c
/optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c
/optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.h
/optee_os/core/arch/arm/plat-stm32mp1/main.c
/optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c
/optee_os/core/arch/arm/plat-totalcompute/conf.mk
/optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
/optee_os/core/arch/arm/plat-totalcompute/main.c
/optee_os/core/arch/arm/plat-totalcompute/platform_config.h
/optee_os/core/arch/arm/plat-zynqmp/conf.mk
/optee_os/core/arch/arm/plat-zynqmp/main.c
/optee_os/core/arch/arm/plat-zynqmp/platform_config.h
/optee_os/core/arch/arm/tee/cache.c
/optee_os/core/arch/arm/tee/entry_fast.c
/optee_os/core/crypto/aes-gcm-sw.c
/optee_os/core/crypto/crypto.c
/optee_os/core/drivers/bnxt/bnxt_fw.c
/optee_os/core/drivers/clk/clk.c
/optee_os/core/drivers/clk/clk_dt.c
/optee_os/core/drivers/clk/fixed_clk.c
/optee_os/core/drivers/clk/sub.mk
/optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c
/optee_os/core/drivers/crypto/caam/caam_pwr.c
/optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c
/optee_os/core/drivers/crypto/crypto_api/acipher/dsa.c
/optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c
/optee_os/core/drivers/crypto/crypto_api/acipher/rsa.c
/optee_os/core/drivers/crypto/crypto_api/authenc/authenc.c
/optee_os/core/drivers/crypto/crypto_api/authenc/sub.mk
/optee_os/core/drivers/crypto/crypto_api/include/drvcrypt.h
/optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_authenc.h
/optee_os/core/drivers/crypto/crypto_api/sub.mk
/optee_os/core/drivers/crypto/stm32/authenc.c
/optee_os/core/drivers/crypto/stm32/cipher.c
/optee_os/core/drivers/crypto/stm32/common.h
/optee_os/core/drivers/crypto/stm32/crypto.mk
/optee_os/core/drivers/crypto/stm32/stm32_cryp.c
/optee_os/core/drivers/crypto/stm32/stm32_cryp.h
/optee_os/core/drivers/crypto/stm32/sub.mk
/optee_os/core/drivers/crypto/sub.mk
/optee_os/core/drivers/gic.c
/optee_os/core/drivers/imx_lpuart.c
/optee_os/core/drivers/imx_mu.c
/optee_os/core/drivers/imx_ocotp.c
/optee_os/core/drivers/imx_uart.c
/optee_os/core/drivers/pl011.c
/optee_os/core/drivers/scmi-msg/clock.c
/optee_os/core/drivers/serial8250_uart.c
/optee_os/core/drivers/stm32_etzpc.c
/optee_os/core/drivers/stm32_i2c.c
/optee_os/core/drivers/stm32_rng.c
/optee_os/core/drivers/stm32_uart.c
/optee_os/core/drivers/sub.mk
/optee_os/core/drivers/zynqmp_csu_aes.c
/optee_os/core/drivers/zynqmp_csu_puf.c
/optee_os/core/drivers/zynqmp_csudma.c
/optee_os/core/drivers/zynqmp_huk.c
/optee_os/core/drivers/zynqmp_pm.c
/optee_os/core/include/crypto/crypto_impl.h
/optee_os/core/include/crypto/internal_aes-gcm.h
/optee_os/core/include/drivers/clk.h
/optee_os/core/include/drivers/clk_dt.h
/optee_os/core/include/drivers/imx_mu.h
/optee_os/core/include/drivers/stm32_gpio.h
/optee_os/core/include/drivers/stm32_i2c.h
/optee_os/core/include/drivers/zynqmp_csu.h
/optee_os/core/include/drivers/zynqmp_csu_aes.h
/optee_os/core/include/drivers/zynqmp_csu_puf.h
/optee_os/core/include/drivers/zynqmp_csudma.h
/optee_os/core/include/drivers/zynqmp_efuse.h
/optee_os/core/include/drivers/zynqmp_pm.h
/optee_os/core/include/dt-bindings/clock/at91.h
/optee_os/core/include/dt-bindings/dma/at91.h
/optee_os/core/include/dt-bindings/iio/adc/at91-sama5d2_adc.h
/optee_os/core/include/dt-bindings/mfd/atmel-flexcom.h
/optee_os/core/include/dt-bindings/regulator/active-semi,8945a-regulator.h
/optee_os/core/include/initcall.h
/optee_os/core/include/kernel/dt.h
/optee_os/core/include/kernel/dt_driver.h
/optee_os/core/include/kernel/interrupt.h
/optee_os/core/include/kernel/pm.h
/optee_os/core/include/kernel/virtualization.h
/optee_os/core/kernel/console.c
/optee_os/core/kernel/dt.c
/optee_os/core/kernel/dt_driver.c
/optee_os/core/kernel/initcall.c
/optee_os/core/kernel/interrupt.c
/optee_os/core/kernel/pm.c
/optee_os/core/kernel/sub.mk
/optee_os/core/mm/fobj.c
/optee_os/core/pta/bcm/elog.c
/optee_os/core/pta/tests/fs_htree.c
/optee_os/core/tee/socket.c
/optee_os/core/tee/tadb.c
/optee_os/ldelf/ta_elf.c
/optee_os/lib/libmbedtls/core/rsa.c
/optee_os/lib/libutils/ext/include/util.h
/optee_os/mk/config.mk
/optee_os/scripts/pem_to_pub_c.py
/optee_os/scripts/sign_encrypt.py
/optee_os/ta/mk/ta_dev_kit.mk
src/object.c
/optee_os/ta/trusted_keys/entry.c
4137952d23-Jan-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add certificate object support

Adds support for:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key ce

ta: pkcs11: Add certificate object support

Adds support for:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


/optee_os/.azure-pipelines.yml
/optee_os/core/arch/arm/kernel/thread_optee_smc.c
/optee_os/core/arch/arm/mm/mobj_dyn_shm.c
/optee_os/core/arch/arm/plat-vexpress/conf.mk
/optee_os/mk/config.mk
include/pkcs11_ta.h
src/attributes.h
src/object.c
src/pkcs11_attributes.c
src/pkcs11_helpers.c
src/pkcs11_helpers.h
src/sanitize_object.c
0ef6b14425-Sep-2021 Victor Chong <victor.chong@linaro.org>

ta: pkcs11: Add support for AES CMAC mechanisms

Add support for CKM_AES_CMAC* mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linar

ta: pkcs11: Add support for AES CMAC mechanisms

Add support for CKM_AES_CMAC* mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...


/optee_os/core/arch/arm/include/kernel/tz_ssvce_def.h
/optee_os/core/arch/arm/plat-imx/conf.mk
/optee_os/core/arch/arm/plat-imx/config/imx6sll.h
/optee_os/core/arch/arm/plat-imx/crypto_conf.mk
/optee_os/core/arch/arm/plat-imx/imx-common.c
/optee_os/core/arch/arm/plat-imx/imx.h
/optee_os/core/arch/arm/plat-imx/imx_pl310.c
/optee_os/core/arch/arm/plat-imx/mmdc.c
/optee_os/core/arch/arm/plat-imx/registers/imx6.h
/optee_os/core/arch/arm/plat-imx/registers/imx7-crm.h
/optee_os/core/arch/arm/plat-imx/registers/imx7.h
/optee_os/core/arch/arm/plat-imx/registers/imx7ulp.h
/optee_os/core/arch/arm/plat-imx/registers/imx8m-crm.h
/optee_os/core/arch/arm/plat-imx/registers/imx8m.h
/optee_os/core/arch/arm/plat-ls/conf.mk
/optee_os/core/arch/arm/plat-poplar/conf.mk
/optee_os/core/arch/arm/plat-sam/conf.mk
/optee_os/core/arch/arm/plat-sam/main.c
/optee_os/core/arch/arm/plat-sam/matrix.c
/optee_os/core/arch/arm/plat-sam/matrix.h
/optee_os/core/arch/arm/plat-sam/platform_config.h
/optee_os/core/arch/arm/plat-sam/sam_pl310.c
/optee_os/core/arch/arm/plat-sam/sam_sfr.h
/optee_os/core/arch/arm/plat-sam/sama5d2.h
/optee_os/core/arch/arm/plat-sam/sub.mk
/optee_os/core/arch/arm/plat-stm32mp1/main.c
/optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c
/optee_os/core/drivers/crypto/caam/caam_jr.c
/optee_os/core/drivers/crypto/caam/caam_rng.c
/optee_os/core/drivers/crypto/caam/hal/common/hal_ctrl.c
/optee_os/core/drivers/crypto/caam/hal/common/hal_rng.c
/optee_os/core/drivers/crypto/caam/hal/common/registers/rng_regs.h
/optee_os/core/drivers/crypto/caam/hal/common/registers/version_regs.h
/optee_os/core/drivers/crypto/caam/hal/imx_6_7/hal_clk_mx6.c
/optee_os/core/drivers/crypto/caam/hal/imx_6_7/hal_clk_mx7.c
/optee_os/core/drivers/crypto/caam/hal/imx_6_7/hal_clk_mx7ulp.c
/optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c
/optee_os/core/drivers/crypto/crypto_api/acipher/dsa.c
/optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c
/optee_os/core/drivers/imx_ocotp.c
/optee_os/core/drivers/stm32_bsec.c
/optee_os/core/drivers/stm32_etzpc.c
/optee_os/core/drivers/sub.mk
/optee_os/core/include/drivers/imx_ocotp.h
/optee_os/core/include/kernel/dt.h
/optee_os/core/kernel/dt.c
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/lib/libutils/isoc/include/malloc.h
/optee_os/mk/config.mk
/optee_os/ta/mk/ta_dev_kit.mk
include/pkcs11_ta.h
src/pkcs11_attributes.c
src/processing_symm.c
src/token_capabilities.c
70b6683b03-Jun-2021 Victor Chong <victor.chong@linaro.org>

ta: pkcs11: Add support for more HMAC mechanisms

Add support for *_GENERAL MD5 and SHA based HMAC mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <et

ta: pkcs11: Add support for more HMAC mechanisms

Add support for *_GENERAL MD5 and SHA based HMAC mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


include/pkcs11_ta.h
src/pkcs11_attributes.c
src/processing_symm.c
src/token_capabilities.c
42765f8212-Jul-2021 Victor Chong <victor.chong@linaro.org>

ta: pkcs11: Fix sign size comparison

The current check does not take into account input signature sizes that
are larger than the hash size, which are invalid and should return an
error. The input si

ta: pkcs11: Fix sign size comparison

The current check does not take into account input signature sizes that
are larger than the hash size, which are invalid and should return an
error. The input signature size can be less than the hash size, but not
for the mechanisms the function is currently used for. Change the check
to match exactly the hash size.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


src/processing_symm.c
6f6d5e7502-Jun-2021 Victor Chong <victor.chong@linaro.org>

ta: pkcs11: Fix typo

Fix typo in comment.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta

ta: pkcs11: Fix typo

Fix typo in comment.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


/optee_os/core/arch/arm/include/arm64.h
/optee_os/core/arch/arm/include/kernel/tz_ssvce_def.h
/optee_os/core/arch/arm/include/mm/core_mmu.h
/optee_os/core/arch/arm/include/mm/tee_pager.h
/optee_os/core/arch/arm/kernel/asm-defines.c
/optee_os/core/arch/arm/kernel/boot.c
/optee_os/core/arch/arm/kernel/entry_a32.S
/optee_os/core/arch/arm/kernel/idle.c
/optee_os/core/arch/arm/kernel/kern.ld.S
/optee_os/core/arch/arm/kernel/sub.mk
/optee_os/core/arch/arm/kernel/tee_l2cc_mutex.c
/optee_os/core/arch/arm/kernel/thread_a32.S
/optee_os/core/arch/arm/kernel/thread_a64.S
/optee_os/core/arch/arm/kernel/thread_optee_smc.c
/optee_os/core/arch/arm/kernel/virtualization.c
/optee_os/core/arch/arm/mm/core_mmu.c
/optee_os/core/arch/arm/mm/core_mmu_lpae.c
/optee_os/core/arch/arm/mm/core_mmu_v7.c
/optee_os/core/arch/arm/mm/tee_pager.c
/optee_os/core/arch/arm/plat-bcm/bcm_elog.c
/optee_os/core/arch/arm/plat-bcm/main.c
/optee_os/core/arch/arm/plat-hikey/main.c
/optee_os/core/arch/arm/plat-hikey/spi_test.c
/optee_os/core/arch/arm/plat-hisilicon/psci.c
/optee_os/core/arch/arm/plat-imx/drivers/imx_caam.c
/optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c
/optee_os/core/arch/arm/plat-imx/drivers/imx_scu.c
/optee_os/core/arch/arm/plat-imx/drivers/tzc380.c
/optee_os/core/arch/arm/plat-imx/imx-common.c
/optee_os/core/arch/arm/plat-imx/imx_pl310.c
/optee_os/core/arch/arm/plat-imx/imx_src.c
/optee_os/core/arch/arm/plat-imx/main.c
/optee_os/core/arch/arm/plat-imx/mmdc.c
/optee_os/core/arch/arm/plat-imx/pm/cpuidle-imx7d.c
/optee_os/core/arch/arm/plat-imx/pm/gpcv2.c
/optee_os/core/arch/arm/plat-imx/pm/imx7_suspend.c
/optee_os/core/arch/arm/plat-imx/pm/pm-imx7.c
/optee_os/core/arch/arm/plat-imx/pm/psci.c
/optee_os/core/arch/arm/plat-k3/main.c
/optee_os/core/arch/arm/plat-ls/main.c
/optee_os/core/arch/arm/plat-marvell/armada3700/hal_sec_perf.c
/optee_os/core/arch/arm/plat-marvell/armada7k8k/hal_sec_perf.c
/optee_os/core/arch/arm/plat-marvell/main.c
/optee_os/core/arch/arm/plat-mediatek/main.c
/optee_os/core/arch/arm/plat-rockchip/main.c
/optee_os/core/arch/arm/plat-rockchip/platform_px30.c
/optee_os/core/arch/arm/plat-rockchip/platform_rk322x.c
/optee_os/core/arch/arm/plat-rockchip/platform_rk3399.c
/optee_os/core/arch/arm/plat-rockchip/psci_rk322x.c
/optee_os/core/arch/arm/plat-rzn1/main.c
/optee_os/core/arch/arm/plat-rzn1/psci.c
/optee_os/core/arch/arm/plat-rzn1/sm_platform_handler.c
/optee_os/core/arch/arm/plat-sam/main.c
/optee_os/core/arch/arm/plat-sprd/main.c
/optee_os/core/arch/arm/plat-stm/main.c
/optee_os/core/arch/arm/plat-stm/rng_support.c
/optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c
/optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c
/optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.c
/optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_syscfg.c
/optee_os/core/arch/arm/plat-stm32mp1/main.c
/optee_os/core/arch/arm/plat-stm32mp1/plat_tzc400.c
/optee_os/core/arch/arm/plat-stm32mp1/rng_seed.c
/optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c
/optee_os/core/arch/arm/plat-sunxi/main.c
/optee_os/core/arch/arm/plat-sunxi/psci.c
/optee_os/core/arch/arm/plat-synquacer/main.c
/optee_os/core/arch/arm/plat-synquacer/rng_pta.c
/optee_os/core/arch/arm/plat-ti/main.c
/optee_os/core/arch/arm/plat-ti/ti_pl310.c
/optee_os/core/arch/arm/plat-uniphier/main.c
/optee_os/core/arch/arm/plat-vexpress/main.c
/optee_os/core/arch/arm/plat-zynq7k/main.c
/optee_os/core/arch/arm/plat-zynqmp/main.c
/optee_os/core/arch/arm/sm/pm.c
/optee_os/core/drivers/amlogic_uart.c
/optee_os/core/drivers/atmel_uart.c
/optee_os/core/drivers/bcm_gpio.c
/optee_os/core/drivers/bcm_hwrng.c
/optee_os/core/drivers/bcm_sotp.c
/optee_os/core/drivers/bnxt/bnxt.c
/optee_os/core/drivers/bnxt/bnxt_fw.c
/optee_os/core/drivers/bnxt/bnxt_images.c
/optee_os/core/drivers/cdns_uart.c
/optee_os/core/drivers/crypto/caam/hal/imx_6_7/hal_clk_mx6.c
/optee_os/core/drivers/crypto/caam/hal/imx_6_7/hal_clk_mx7.c
/optee_os/core/drivers/crypto/caam/hal/imx_6_7/hal_clk_mx7ulp.c
/optee_os/core/drivers/dra7_rng.c
/optee_os/core/drivers/hi16xx_rng.c
/optee_os/core/drivers/hi16xx_uart.c
/optee_os/core/drivers/imx/dcp/dcp.c
/optee_os/core/drivers/imx_lpuart.c
/optee_os/core/drivers/imx_snvs.c
/optee_os/core/drivers/imx_uart.c
/optee_os/core/drivers/imx_wdog.c
/optee_os/core/drivers/mvebu_uart.c
/optee_os/core/drivers/ns16550.c
/optee_os/core/drivers/pl011.c
/optee_os/core/drivers/scif.c
/optee_os/core/drivers/scmi-msg/clock.c
/optee_os/core/drivers/scmi-msg/smt.c
/optee_os/core/drivers/serial8250_uart.c
/optee_os/core/drivers/sp805_wdt.c
/optee_os/core/drivers/sprd_uart.c
/optee_os/core/drivers/stih_asc.c
/optee_os/core/drivers/stm32_bsec.c
/optee_os/core/drivers/stm32_etzpc.c
/optee_os/core/drivers/stm32_i2c.c
/optee_os/core/drivers/stm32_rng.c
/optee_os/core/drivers/stm32_uart.c
/optee_os/core/drivers/tzc380.c
/optee_os/core/include/drivers/sp805_wdt.h
/optee_os/core/include/kernel/panic.h
/optee_os/core/include/mm/core_memprot.h
/optee_os/core/include/mm/vm.h
/optee_os/core/kernel/panic.c
/optee_os/core/kernel/ree_fs_ta.c
/optee_os/core/lib/libtomcrypt/src/math/fp/ltc_ecc_fp_mulmod.c
/optee_os/core/mm/fobj.c
/optee_os/core/mm/mobj.c
/optee_os/core/mm/vm.c
/optee_os/core/pta/bcm/elog.c
/optee_os/core/pta/tests/invoke.c
/optee_os/core/pta/tests/sub.mk
/optee_os/ldelf/ldelf.mk
/optee_os/lib/libutee/tee_api.c
/optee_os/lib/libutee/tee_api_operations.c
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/lib/libutils/isoc/include/malloc.h
/optee_os/mk/config.mk
/optee_os/ta/arch/arm/user_ta_header.c
/optee_os/ta/mk/build-user-ta.mk
/optee_os/ta/mk/ta_dev_kit.mk
src/processing_symm.c
/optee_os/ta/ta.mk
95636b3625-Aug-2021 Etienne Carriere <etienne.carriere@linaro.org>

ta: pkcs11: make heap size configurable

Add a configuration switch for the PKCS11 TA heap size defaulting
to 16kB as legacy.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-b

ta: pkcs11: make heap size configurable

Add a configuration switch for the PKCS11 TA heap size defaulting
to 16kB as legacy.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


src/user_ta_header_defines.h
sub.mk
edce837725-Aug-2021 Etienne Carriere <etienne.carriere@linaro.org>

ta: pkcs11: describe CFG_PKCS11_TA_TOKEN_COUNT

Add a default value and a description for PKCS11 TA config switch
CFG_PKCS11_TA_TOKEN_COUNT in ta/pkcs11/sub.mk.

Signed-off-by: Etienne Carriere <etie

ta: pkcs11: describe CFG_PKCS11_TA_TOKEN_COUNT

Add a default value and a description for PKCS11 TA config switch
CFG_PKCS11_TA_TOKEN_COUNT in ta/pkcs11/sub.mk.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


src/pkcs11_token.c
sub.mk
06bc8d1925-Aug-2021 Etienne Carriere <etienne.carriere@linaro.org>

ta: pkcs11: move default config to ta sub.mk

Move PKCS#11 TA default configuration settings from mk/config.mk
to ta/pkcs11/sub.mk.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Revi

ta: pkcs11: move default config to ta sub.mk

Move PKCS#11 TA default configuration settings from mk/config.mk
to ta/pkcs11/sub.mk.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...


/optee_os/mk/config.mk
sub.mk
9df6818624-Aug-2021 Etienne Carriere <etienne.carriere@linaro.org>

ta: pkcs11: fix error code in asymmetric signature update sequence

Correct return code in asymmetric update sequence when digest of
the input data is updated on a multi-stage operation. Prior this
c

ta: pkcs11: fix error code in asymmetric signature update sequence

Correct return code in asymmetric update sequence when digest of
the input data is updated on a multi-stage operation. Prior this
change, the implementation returned CKR_GENERAL_ERROR instead of
CKR_OK because the expected success return value was loaded for
that stage.

Fixes: fb279d8b608e ("ta: pkcs11: Add support for elliptic curve signing & verification")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...


src/processing_asymm.c
2364aa6929-Jul-2021 Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Add operation state in session

Add more operation states to take care of scenarios like failure
of an incremental (update) operation if a one-shot/final operation
has been started.

Sign

ta: pkcs11: Add operation state in session

Add more operation states to take care of scenarios like failure
of an incremental (update) operation if a one-shot/final operation
has been started.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


/optee_os/MAINTAINERS
/optee_os/core/arch/arm/include/mm/core_mmu.h
/optee_os/core/arch/arm/mm/core_mmu.c
/optee_os/core/lib/libtomcrypt/mpi_desc.c
/optee_os/core/pta/tests/invoke.c
/optee_os/lib/libmbedtls/mbedtls/BUGS.md
/optee_os/lib/libmbedtls/mbedtls/CONTRIBUTING.md
/optee_os/lib/libmbedtls/mbedtls/ChangeLog
/optee_os/lib/libmbedtls/mbedtls/README.md
/optee_os/lib/libmbedtls/mbedtls/SECURITY.md
/optee_os/lib/libmbedtls/mbedtls/SUPPORT.md
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/aes.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/aesni.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/arc4.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/aria.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/asn1.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/asn1write.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/base64.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bignum.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/blowfish.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bn_mul.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/camellia.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ccm.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/certs.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/chacha20.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/chachapoly.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/check_config.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/cipher.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/cipher_internal.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/cmac.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/compat-1.3.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ctr_drbg.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/debug.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/des.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/dhm.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdh.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdsa.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecjpake.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp_internal.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/entropy.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/entropy_poll.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/error.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/gcm.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/havege.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/hkdf.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/hmac_drbg.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md2.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md4.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md5.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md_internal.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/net.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/net_sockets.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/nist_kw.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/oid.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/padlock.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pem.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk_internal.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pkcs11.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pkcs12.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pkcs5.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform_time.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform_util.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/poly1305.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/psa_util.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ripemd160.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/rsa.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/rsa_internal.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/sha1.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/sha256.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/sha512.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_cache.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_ciphersuites.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_cookie.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_internal.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_ticket.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/threading.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/timing.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/version.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_crl.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_crt.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_csr.h
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/xtea.h
/optee_os/lib/libmbedtls/mbedtls/library/aes.c
/optee_os/lib/libmbedtls/mbedtls/library/aesni.c
/optee_os/lib/libmbedtls/mbedtls/library/arc4.c
/optee_os/lib/libmbedtls/mbedtls/library/aria.c
/optee_os/lib/libmbedtls/mbedtls/library/asn1parse.c
/optee_os/lib/libmbedtls/mbedtls/library/asn1write.c
/optee_os/lib/libmbedtls/mbedtls/library/base64.c
/optee_os/lib/libmbedtls/mbedtls/library/bignum.c
/optee_os/lib/libmbedtls/mbedtls/library/blowfish.c
/optee_os/lib/libmbedtls/mbedtls/library/camellia.c
/optee_os/lib/libmbedtls/mbedtls/library/ccm.c
/optee_os/lib/libmbedtls/mbedtls/library/certs.c
/optee_os/lib/libmbedtls/mbedtls/library/chacha20.c
/optee_os/lib/libmbedtls/mbedtls/library/chachapoly.c
/optee_os/lib/libmbedtls/mbedtls/library/check_crypto_config.h
/optee_os/lib/libmbedtls/mbedtls/library/cipher.c
/optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c
/optee_os/lib/libmbedtls/mbedtls/library/cmac.c
/optee_os/lib/libmbedtls/mbedtls/library/common.h
/optee_os/lib/libmbedtls/mbedtls/library/ctr_drbg.c
/optee_os/lib/libmbedtls/mbedtls/library/debug.c
/optee_os/lib/libmbedtls/mbedtls/library/des.c
/optee_os/lib/libmbedtls/mbedtls/library/dhm.c
/optee_os/lib/libmbedtls/mbedtls/library/ecdh.c
/optee_os/lib/libmbedtls/mbedtls/library/ecdsa.c
/optee_os/lib/libmbedtls/mbedtls/library/ecjpake.c
/optee_os/lib/libmbedtls/mbedtls/library/ecp.c
/optee_os/lib/libmbedtls/mbedtls/library/ecp_curves.c
/optee_os/lib/libmbedtls/mbedtls/library/ecp_invasive.h
/optee_os/lib/libmbedtls/mbedtls/library/entropy.c
/optee_os/lib/libmbedtls/mbedtls/library/entropy_poll.c
/optee_os/lib/libmbedtls/mbedtls/library/error.c
/optee_os/lib/libmbedtls/mbedtls/library/gcm.c
/optee_os/lib/libmbedtls/mbedtls/library/havege.c
/optee_os/lib/libmbedtls/mbedtls/library/hkdf.c
/optee_os/lib/libmbedtls/mbedtls/library/hmac_drbg.c
/optee_os/lib/libmbedtls/mbedtls/library/md.c
/optee_os/lib/libmbedtls/mbedtls/library/md2.c
/optee_os/lib/libmbedtls/mbedtls/library/md4.c
/optee_os/lib/libmbedtls/mbedtls/library/md5.c
/optee_os/lib/libmbedtls/mbedtls/library/memory_buffer_alloc.c
/optee_os/lib/libmbedtls/mbedtls/library/net_sockets.c
/optee_os/lib/libmbedtls/mbedtls/library/nist_kw.c
/optee_os/lib/libmbedtls/mbedtls/library/oid.c
/optee_os/lib/libmbedtls/mbedtls/library/padlock.c
/optee_os/lib/libmbedtls/mbedtls/library/pem.c
/optee_os/lib/libmbedtls/mbedtls/library/pk.c
/optee_os/lib/libmbedtls/mbedtls/library/pk_wrap.c
/optee_os/lib/libmbedtls/mbedtls/library/pkcs11.c
/optee_os/lib/libmbedtls/mbedtls/library/pkcs12.c
/optee_os/lib/libmbedtls/mbedtls/library/pkcs5.c
/optee_os/lib/libmbedtls/mbedtls/library/pkparse.c
/optee_os/lib/libmbedtls/mbedtls/library/pkwrite.c
/optee_os/lib/libmbedtls/mbedtls/library/platform.c
/optee_os/lib/libmbedtls/mbedtls/library/platform_util.c
/optee_os/lib/libmbedtls/mbedtls/library/poly1305.c
/optee_os/lib/libmbedtls/mbedtls/library/ripemd160.c
/optee_os/lib/libmbedtls/mbedtls/library/rsa.c
/optee_os/lib/libmbedtls/mbedtls/library/rsa_internal.c
/optee_os/lib/libmbedtls/mbedtls/library/sha1.c
/optee_os/lib/libmbedtls/mbedtls/library/sha256.c
/optee_os/lib/libmbedtls/mbedtls/library/sha512.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_cache.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_ciphersuites.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_cli.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_cookie.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_invasive.h
/optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_srv.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_ticket.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_keys.c
/optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_keys.h
/optee_os/lib/libmbedtls/mbedtls/library/threading.c
/optee_os/lib/libmbedtls/mbedtls/library/timing.c
/optee_os/lib/libmbedtls/mbedtls/library/version.c
/optee_os/lib/libmbedtls/mbedtls/library/version_features.c
/optee_os/lib/libmbedtls/mbedtls/library/x509.c
/optee_os/lib/libmbedtls/mbedtls/library/x509_create.c
/optee_os/lib/libmbedtls/mbedtls/library/x509_crl.c
/optee_os/lib/libmbedtls/mbedtls/library/x509_crt.c
/optee_os/lib/libmbedtls/mbedtls/library/x509_csr.c
/optee_os/lib/libmbedtls/mbedtls/library/x509write_crt.c
/optee_os/lib/libmbedtls/mbedtls/library/x509write_csr.c
/optee_os/lib/libmbedtls/mbedtls/library/xtea.c
/optee_os/lib/libmbedtls/sub.mk
src/pkcs11_attributes.c
src/pkcs11_token.c
src/pkcs11_token.h
src/processing.c
324b9e1418-Jul-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Enforce that helpers are up to date

During each build enforce that src/pkcs11-helpers.c is up to date.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etie

ta: pkcs11: Enforce that helpers are up to date

During each build enforce that src/pkcs11-helpers.c is up to date.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...


user_ta.mk
f3cc23fe18-Jul-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add missing PKCS11_CKR_ helpers

Adds used but missing PKCS11_CKR_ helpers:
- PKCS11_CKR_KEY_TYPE_INCONSISTENT
- PKCS11_CKR_KEY_NOT_WRAPPABLE
- PKCS11_CKR_KEY_UNEXTRACTABLE

Signed-off-by

ta: pkcs11: Add missing PKCS11_CKR_ helpers

Adds used but missing PKCS11_CKR_ helpers:
- PKCS11_CKR_KEY_TYPE_INCONSISTENT
- PKCS11_CKR_KEY_NOT_WRAPPABLE
- PKCS11_CKR_KEY_UNEXTRACTABLE

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...


src/pkcs11_helpers.c
73124d5118-Jul-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Sort PKCS11_CKR_ helper lines

Sort PKCS11_CKR_ helper lines to match their order in pkcs11_ta.h.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Ca

ta: pkcs11: Sort PKCS11_CKR_ helper lines

Sort PKCS11_CKR_ helper lines to match their order in pkcs11_ta.h.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...


src/pkcs11_helpers.c
5dfe80d618-Jul-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add script to verify that helpers are present

Extracts list of symbols from include/pkcs11_ta.h and verifies that they
are present in src/pkcs11_helpers.c or are not used.

Signed-off-by

ta: pkcs11: Add script to verify that helpers are present

Extracts list of symbols from include/pkcs11_ta.h and verifies that they
are present in src/pkcs11_helpers.c or are not used.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...


/optee_os/MAINTAINERS
/optee_os/scripts/checkpatch_inc.sh
scripts/verify-helpers.sh
9cf1afce09-Jan-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Fix RSA public key import

Different requirements are in place when importing RSA public key vs.
generaing a new RSA key pair.

Specified in:
PKCS #11 Cryptographic Token Interface Curren

ta: pkcs11: Fix RSA public key import

Different requirements are in place when importing RSA public key vs.
generaing a new RSA key pair.

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.2 RSA public key objects
and
2.1.4 PKCS #1 RSA key pair generation

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


src/pkcs11_attributes.c
f27310a506-Aug-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Correct return value for decryption with invalid ciphertext

When invalid input data is provided for TEE_AsymmetricDecrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation

ta: pkcs11: Correct return value for decryption with invalid ciphertext

When invalid input data is provided for TEE_AsymmetricDecrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Decrypt()/C_DecryptFinal() should return in this
case CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE.

As it is hard to determine which case it is return matching error similar
to encryption case.

Specified in:
PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.9 Decryption functions
C_Decrypt/C_DecryptFinal

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


src/processing_asymm.c
6a6299fb06-Aug-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Correct return value for encryption with invalid input

When invalid input data is provided for TEE_AsymmetricEncrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for

ta: pkcs11: Correct return value for encryption with invalid input

When invalid input data is provided for TEE_AsymmetricEncrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Encrypt()/C_EncryptFinal() should return in this
case CKR_DATA_LEN_RANGE.

Specified in:
PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.8 Encryption functions
C_Encrypt/C_EncryptFinal

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


src/processing_asymm.c
dc8c77fc06-Aug-2021 Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

ta: pkcs11: Add support for RSA OAEP encryption & decryption

Add support for performing PKCS #1 RSA OAEP encryption & decryption
operations for:

- MGF1 SHA-1
- MGF1 SHA-224
- MGF1 SHA-256
- MGF1 SH

ta: pkcs11: Add support for RSA OAEP encryption & decryption

Add support for performing PKCS #1 RSA OAEP encryption & decryption
operations for:

- MGF1 SHA-1
- MGF1 SHA-224
- MGF1 SHA-256
- MGF1 SHA-384
- MGF1 SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.8 PKCS #1 RSA OAEP

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


include/pkcs11_ta.h
src/pkcs11_attributes.c
src/pkcs11_helpers.c
src/processing.h
src/processing_asymm.c
src/processing_rsa.c
src/token_capabilities.c

1234567891011