pkcs11 - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
5dfe80d6	18-Jul-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add script to verify that helpers are present Extracts list of symbols from include/pkcs11_ta.h and verifies that they are present in src/pkcs11_helpers.c or are not used. Signed-off-by ta: pkcs11: Add script to verify that helpers are present Extracts list of symbols from include/pkcs11_ta.h and verifies that they are present in src/pkcs11_helpers.c or are not used. Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome@forissier.org> show more ... /optee_os/MAINTAINERS /optee_os/scripts/checkpatch_inc.sh scripts/verify-helpers.sh
9cf1afce	09-Jan-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Fix RSA public key import Different requirements are in place when importing RSA public key vs. generaing a new RSA key pair. Specified in: PKCS #11 Cryptographic Token Interface Curren ta: pkcs11: Fix RSA public key import Different requirements are in place when importing RSA public key vs. generaing a new RSA key pair. Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.2 RSA public key objects and 2.1.4 PKCS #1 RSA key pair generation Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... src/pkcs11_attributes.c
f27310a5	06-Aug-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Correct return value for decryption with invalid ciphertext When invalid input data is provided for TEE_AsymmetricDecrypt() it will fail with TEE_ERROR_BAD_PARAMETERS. PCSK#11 operation ta: pkcs11: Correct return value for decryption with invalid ciphertext When invalid input data is provided for TEE_AsymmetricDecrypt() it will fail with TEE_ERROR_BAD_PARAMETERS. PCSK#11 operation for C_Decrypt()/C_DecryptFinal() should return in this case CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE. As it is hard to determine which case it is return matching error similar to encryption case. Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.9 Decryption functions C_Decrypt/C_DecryptFinal Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... src/processing_asymm.c
6a6299fb	06-Aug-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Correct return value for encryption with invalid input When invalid input data is provided for TEE_AsymmetricEncrypt() it will fail with TEE_ERROR_BAD_PARAMETERS. PCSK#11 operation for ta: pkcs11: Correct return value for encryption with invalid input When invalid input data is provided for TEE_AsymmetricEncrypt() it will fail with TEE_ERROR_BAD_PARAMETERS. PCSK#11 operation for C_Encrypt()/C_EncryptFinal() should return in this case CKR_DATA_LEN_RANGE. Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.8 Encryption functions C_Encrypt/C_EncryptFinal Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... src/processing_asymm.c
dc8c77fc	06-Aug-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for RSA OAEP encryption & decryption Add support for performing PKCS #1 RSA OAEP encryption & decryption operations for: - MGF1 SHA-1 - MGF1 SHA-224 - MGF1 SHA-256 - MGF1 SH ta: pkcs11: Add support for RSA OAEP encryption & decryption Add support for performing PKCS #1 RSA OAEP encryption & decryption operations for: - MGF1 SHA-1 - MGF1 SHA-224 - MGF1 SHA-256 - MGF1 SHA-384 - MGF1 SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.8 PKCS #1 RSA OAEP Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/pkcs11_helpers.c src/processing.h src/processing_asymm.c src/processing_rsa.c src/token_capabilities.c
d9af50bc	14-Jul-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for RSA PSS signing & verification Add support for performing RSA PSS signing & verification operations for: - PKCS #1 RSA PSS with supplied hash value - Multi stage SHA-1 - ta: pkcs11: Add support for RSA PSS signing & verification Add support for performing RSA PSS signing & verification operations for: - PKCS #1 RSA PSS with supplied hash value - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.10 PKCS #1 RSA PSS Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/processing.h src/processing_asymm.c src/processing_rsa.c src/token_capabilities.c
0442c956	04-Jan-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for RSA signing & verification Add support for performing RSA signing & verification operations for: - PKCS #1 v1.5 RSA with supplied hash value - Multi stage MD5 - Multi st ta: pkcs11: Add support for RSA signing & verification Add support for performing RSA signing & verification operations for: - PKCS #1 v1.5 RSA with supplied hash value - Multi stage MD5 - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1 RSA Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/processing.c src/processing.h src/processing_asymm.c src/processing_rsa.c src/token_capabilities.c
86922832	04-Jan-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add RSA key pair generation support Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.4 PKCS #1 RSA key pair generatio ta: pkcs11: Add RSA key pair generation support Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.4 PKCS #1 RSA key pair generation Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/processing.c src/processing.h src/processing_rsa.c src/sub.mk src/token_capabilities.c
db28c542	14-Jul-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add elliptic curve mecha bits to bytes conversions Even thou not currently used by the code add support for EC bits to bytes conversions to mechanism_supported_key_sizes_bytes() as more ta: pkcs11: Add elliptic curve mecha bits to bytes conversions Even thou not currently used by the code add support for EC bits to bytes conversions to mechanism_supported_key_sizes_bytes() as more will be added for RSA. This is to help to keep it in sync with pkcs11_mechanism_supported_key_sizes(). Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-totalcompute/conf.mk /optee_os/core/arch/arm/plat-totalcompute/platform_config.h /optee_os/core/arch/arm/plat-totalcompute/sub.mk /optee_os/core/arch/arm/plat-totalcompute/tc_spmc_pm.c /optee_os/core/mm/mobj.c /optee_os/mk/config.mk src/pkcs11_attributes.c src/token_capabilities.c
66594cdb	29-Jul-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Remove dual crypto operations from token capability We don't support dual cryptographic operations in current implemenetation. So remove it from token capability. Signed-off-by: Ruchika ta: pkcs11: Remove dual crypto operations from token capability We don't support dual cryptographic operations in current implemenetation. So remove it from token capability. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/persistent_token.c
8abbc8f7	17-Jul-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Fix calling twice of C_EncryptInit()/C_DecryptInit() If C_EncryptInit()/C_DecryptInit() is called twice first starts the operation and should inform caller that operation is already in p ta: pkcs11: Fix calling twice of C_EncryptInit()/C_DecryptInit() If C_EncryptInit()/C_DecryptInit() is called twice first starts the operation and should inform caller that operation is already in progress and keep the operation active until it is terminated with C_Encrypt()/ C_Decrypt() or by C_EncryptFinal()/C_DecryptFinal(). Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.8 Encryption functions C_EncryptInit and 5.9 Decryption functions C_DecryptInit Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-ls/platform_config.h /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-marvell/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-totalcompute/conf.mk /optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts /optee_os/core/arch/arm/plat-totalcompute/main.c /optee_os/core/arch/arm/plat-totalcompute/platform_config.h /optee_os/core/arch/arm/plat-totalcompute/sub.mk /optee_os/core/arch/arm/plat-totalcompute/tc0_spmc_pm.c /optee_os/core/crypto.mk /optee_os/core/crypto/cbc-mac.c /optee_os/core/mm/vm.c /optee_os/lib/libunw/unwind_arm64.c /optee_os/mk/config.mk /optee_os/scripts/checkpatch_inc.sh src/processing.c
f5c0739c	22-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add access check on new object when deriving/unwrapping Access check is also required on created attributes when a new object is created when deriving/unwrapping keys. Reviewed-by: Vesa ta: pkcs11: Add access check on new object when deriving/unwrapping Access check is also required on created attributes when a new object is created when deriving/unwrapping keys. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/processing.c
e3f0cb56	05-Jul-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for indirect templates Add support for handling indirect template - CKA_DERIVE_TEMPLATE and CKA_UNWRAP_TEMPLATE during key derivation/unwrapping. Reviewed-by: Vesa Jääskeläi ta: pkcs11: Add support for indirect templates Add support for handling indirect template - CKA_DERIVE_TEMPLATE and CKA_UNWRAP_TEMPLATE during key derivation/unwrapping. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/attributes.c src/attributes.h src/pkcs11_attributes.c
3668310b	05-Jul-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add implementation for unwrapping keys Add implementation for handling C_UnwrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.c ta: pkcs11: Add implementation for unwrapping keys Add implementation for handling C_UnwrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/entry.c src/processing.c src/processing.h src/processing_symm.c
5f80f270	25-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add implementation for wrapping keys Add implementation for handling C_WrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> ta: pkcs11: Add implementation for wrapping keys Add implementation for handling C_WrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/entry.c src/pkcs11_attributes.c src/pkcs11_attributes.h src/pkcs11_helpers.c src/pkcs11_token.c src/pkcs11_token.h src/processing.c src/processing.h src/processing_symm.c src/token_capabilities.c
06b47dc4	25-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add missing error codes Some error codes related with wrap, unwrap and random number API's were missing from the list. These have been added. Reviewed-by: Vesa Jääskeläinen <vesa.jaaske ta: pkcs11: Add missing error codes Some error codes related with wrap, unwrap and random number API's were missing from the list. These have been added. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_helpers.c
b6030585	24-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Allocate command ID's for wrapping/unwrapping keys Allocate command ID's for C_WrapKey() and C_UnwrapKey(). Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: E ta: pkcs11: Allocate command ID's for wrapping/unwrapping keys Allocate command ID's for C_WrapKey() and C_UnwrapKey(). Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/boot.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj_dyn_shm.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-hikey/conf.mk /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c /optee_os/core/arch/arm/plat-imx/registers/imx6-crm.h /optee_os/core/arch/arm/plat-imx/registers/imx6.h /optee_os/core/arch/arm/plat-imx/registers/imx8m-crm.h /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/plat-ls/link.mk /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-marvell/otx2/core_pos.S /optee_os/core/arch/arm/plat-marvell/platform_config.h /optee_os/core/arch/arm/plat-marvell/sub.mk /optee_os/core/arch/arm/plat-rcar/conf.mk /optee_os/core/arch/arm/plat-rcar/core_pos_a64.S /optee_os/core/arch/arm/plat-rcar/hw_rng.c /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rcar/rcar.h /optee_os/core/arch/arm/plat-rcar/romapi.c /optee_os/core/arch/arm/plat-rcar/romapi.h /optee_os/core/arch/arm/plat-rcar/romapi_call.S /optee_os/core/arch/arm/plat-rcar/sub.mk /optee_os/core/arch/arm/plat-zynq7k/main.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c /optee_os/core/drivers/crypto/caam/include/caam_utils_dmaobj.h /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_asn1_oid.h /optee_os/core/drivers/imx_i2c.c /optee_os/core/drivers/imx_rngb.c /optee_os/core/drivers/scif.c /optee_os/core/include/kernel/wait_queue.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/signed_hdr.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tpm.c /optee_os/core/kernel/user_ta.c /optee_os/core/kernel/wait_queue.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/lib/libtomcrypt/src/headers/tomcrypt_pk.h /optee_os/core/lib/libtomcrypt/src/headers/tomcrypt_private.h /optee_os/core/lib/libtomcrypt/src/pk/rsa/rsa_make_key.c /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/pta/hwrng.c /optee_os/core/pta/sub.mk /optee_os/core/tee/fs_dirfile.c /optee_os/core/tee/tadb.c /optee_os/core/tee/tee_ree_fs.c /optee_os/ldelf/ta_elf_rel.c /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libutee/include/rng_pta_client.h /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/mk/config.mk include/pkcs11_ta.h
fb279d8b	26-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for elliptic curve signing & verification Add support for performing elliptic curve signing & verification operations for: - ECDSA with supplied hash value - Multi stage SHA ta: pkcs11: Add support for elliptic curve signing & verification Add support for performing elliptic curve signing & verification operations for: - ECDSA with supplied hash value - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3 Elliptic Curve Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/pkcs11_helpers.c src/pkcs11_token.c src/pkcs11_token.h src/processing.c src/processing.h src/processing_asymm.c src/processing_ec.c src/sub.mk src/token_capabilities.c
02b16804	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for elliptic curve key pair generation Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3.5 Elliptic curve ta: pkcs11: Add support for elliptic curve key pair generation Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3.5 Elliptic curve key pair generation Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Co-developed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/processing.c src/processing.h src/processing_ec.c src/sub.mk src/token_capabilities.c
1f5d4d23	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: scripts: Add script for generating EC curve parameters Initial supports for curves: - prime192v1 - secp224r1 - prime256v1 - secp384r1 - secp521r1 Acked-by: Etienne Carriere <etienne.ca ta: pkcs11: scripts: Add script for generating EC curve parameters Initial supports for curves: - prime192v1 - secp224r1 - prime256v1 - secp384r1 - secp521r1 Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... scripts/dump_ec_curve_params.sh
013934d8	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add generic support for key pair generation This commit only adds common key pair generation support code. Actual mechanism specific key pair generation codes are in their own commits. ta: pkcs11: Add generic support for key pair generation This commit only adds common key pair generation support code. Actual mechanism specific key pair generation codes are in their own commits. Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.13 Key management functions C_GenerateKeyPair Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/entry.c src/pkcs11_attributes.c src/pkcs11_helpers.c src/processing.c src/processing.h
4c3354e3	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Allocate command ID for key pair generation Allocate command ID for C_GenerateKeyPair() functionality. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carri ta: pkcs11: Allocate command ID for key pair generation Allocate command ID for C_GenerateKeyPair() functionality. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... include/pkcs11_ta.h
5e1d94eb	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add helper for setting up CKA_ID value When generating a new key pair object adds CKA_ID attribute from paired object template if value given. Reviewed-by: Etienne Carriere <etienne.car ta: pkcs11: Add helper for setting up CKA_ID value When generating a new key pair object adds CKA_ID attribute from paired object template if value given. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_attributes.c src/pkcs11_attributes.h
26b6badb	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Fix get_default_value/PKCS11_CKA_PUBLIC_KEY_INFO Default value for CKA_PUBLIC_KEY_INFO is empty unless asymmetric mechanism is specified. When asymmetric mechanism is specified it shoul ta: pkcs11: Fix get_default_value/PKCS11_CKA_PUBLIC_KEY_INFO Default value for CKA_PUBLIC_KEY_INFO is empty unless asymmetric mechanism is specified. When asymmetric mechanism is specified it should contribute the actual value. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_attributes.c
edd95148	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: CKA_SUBJECT is mandatory for keys but has default value When creating a new public/private key in its template it is not mandatory to have CKA_SUBJECT field. However in the object stored ta: pkcs11: CKA_SUBJECT is mandatory for keys but has default value When creating a new public/private key in its template it is not mandatory to have CKA_SUBJECT field. However in the object stored in it must be present. If CKA_SUBJECT is not present it will be given empty default value. In PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01: 4.8 Public key objects: CKA_SUBJECT -- DER-encoding of the key subject name (default empty) 4.9 Private key objects: CKA_SUBJECT -- DER-encoding of the key subject name (default empty) Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/.azure-pipelines.yml /optee_os/.travis.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/arm.h /optee_os/core/arch/arm/include/arm32.h /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/boot.h /optee_os/core/arch/arm/include/kernel/delay.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/kernel/tz_proc_def.h /optee_os/core/arch/arm/include/kernel/tz_ssvce_def.h /optee_os/core/arch/arm/include/kernel/vfp.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/mm/tee_pager.h /optee_os/core/arch/arm/include/optee_ffa.h /optee_os/core/arch/arm/include/sm/optee_smc.h /optee_os/core/arch/arm/include/sm/psci.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/misc_a32.S /optee_os/core/arch/arm/kernel/misc_a64.S /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/tee_time_arm_cntpct.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/kernel/thread_optee_smc_a32.S /optee_os/core/arch/arm/kernel/thread_private.h /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a32.S /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/crypto_conf.mk /optee_os/core/arch/arm/plat-imx/imx-regs.h /optee_os/core/arch/arm/plat-imx/pm/psci.c /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/crypto_conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-ls/sub.mk /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_clk.c /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/fvp_spmc_pm.c /optee_os/core/arch/arm/sm/psci.c /optee_os/core/drivers/crypto/caam/acipher/caam_dh.c /optee_os/core/drivers/crypto/caam/acipher/caam_dsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime_dsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime_rsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/caam/acipher/local.h /optee_os/core/drivers/crypto/caam/acipher/sub.mk /optee_os/core/drivers/crypto/caam/caam_ctrl.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c /optee_os/core/drivers/crypto/caam/hal/sub.mk /optee_os/core/drivers/crypto/caam/include/caam_acipher.h /optee_os/core/drivers/crypto/caam/include/caam_desc_ccb_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_helper.h /optee_os/core/drivers/crypto/caam/include/caam_trace.h /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/crypto_api/acipher/dh.c /optee_os/core/drivers/crypto/crypto_api/acipher/dsa.c /optee_os/core/drivers/crypto/crypto_api/acipher/sub.mk /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt.h /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/drivers/gic.c /optee_os/core/drivers/imx_wdog.c /optee_os/core/drivers/sp805_wdt.c /optee_os/core/include/bench.h /optee_os/core/include/drivers/imx/dcp.h /optee_os/core/include/drivers/imx_wdog.h /optee_os/core/include/drivers/ls_gpio.h /optee_os/core/include/drivers/ls_i2c.h /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/tzc380.h /optee_os/core/include/drivers/tzc400.h /optee_os/core/include/kernel/asan.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/pm.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/include/mm/fobj.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/mm/tee_mmu_types.h /optee_os/core/include/optee_msg.h /optee_os/core/include/optee_rpc_cmd.h /optee_os/core/include/tee/fs_htree.h /optee_os/core/include/tee/tee_fs.h /optee_os/core/include/tee/tee_fs_key_manager.h /optee_os/core/include/tee/tee_svc_storage.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/interrupt.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/zlib/zconf.h /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/mm/sub.mk /optee_os/core/mm/vm.c /optee_os/core/pta/scmi.c /optee_os/core/pta/sub.mk /optee_os/core/tee/entry_std.c /optee_os/core/tee/tee_pobj.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/core/tee/tee_svc_storage.c /optee_os/lib/libmbedtls/core/sm2-dsa.c /optee_os/lib/libmbedtls/core/sm2-pke.c /optee_os/lib/libmbedtls/mbedtls/library/md2.c /optee_os/lib/libmbedtls/mbedtls/library/md4.c /optee_os/lib/libmbedtls/mbedtls/library/md5.c /optee_os/lib/libmbedtls/mbedtls/library/ripemd160.c /optee_os/lib/libmbedtls/mbedtls/library/sha512.c /optee_os/lib/libutee/include/arm64_user_sysreg.h /optee_os/lib/libutee/include/arm_user_sysreg.h /optee_os/lib/libutee/include/pta_invoke_tests.h /optee_os/lib/libutee/include/pta_scmi_client.h /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/isoc/include/sys/queue.h /optee_os/mk/config.mk /optee_os/scripts/mem_usage.py src/pkcs11_attributes.c
1 2 345 6 7 8 9 10 11