pkcs11 - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
d9af50bc	14-Jul-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for RSA PSS signing & verification Add support for performing RSA PSS signing & verification operations for: - PKCS #1 RSA PSS with supplied hash value - Multi stage SHA-1 - ta: pkcs11: Add support for RSA PSS signing & verification Add support for performing RSA PSS signing & verification operations for: - PKCS #1 RSA PSS with supplied hash value - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.10 PKCS #1 RSA PSS Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/processing.h src/processing_asymm.c src/processing_rsa.c src/token_capabilities.c
0442c956	04-Jan-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for RSA signing & verification Add support for performing RSA signing & verification operations for: - PKCS #1 v1.5 RSA with supplied hash value - Multi stage MD5 - Multi st ta: pkcs11: Add support for RSA signing & verification Add support for performing RSA signing & verification operations for: - PKCS #1 v1.5 RSA with supplied hash value - Multi stage MD5 - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1 RSA Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/processing.c src/processing.h src/processing_asymm.c src/processing_rsa.c src/token_capabilities.c
86922832	04-Jan-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add RSA key pair generation support Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.4 PKCS #1 RSA key pair generatio ta: pkcs11: Add RSA key pair generation support Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.4 PKCS #1 RSA key pair generation Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/processing.c src/processing.h src/processing_rsa.c src/sub.mk src/token_capabilities.c
db28c542	14-Jul-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add elliptic curve mecha bits to bytes conversions Even thou not currently used by the code add support for EC bits to bytes conversions to mechanism_supported_key_sizes_bytes() as more ta: pkcs11: Add elliptic curve mecha bits to bytes conversions Even thou not currently used by the code add support for EC bits to bytes conversions to mechanism_supported_key_sizes_bytes() as more will be added for RSA. This is to help to keep it in sync with pkcs11_mechanism_supported_key_sizes(). Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-totalcompute/conf.mk /optee_os/core/arch/arm/plat-totalcompute/platform_config.h /optee_os/core/arch/arm/plat-totalcompute/sub.mk /optee_os/core/arch/arm/plat-totalcompute/tc_spmc_pm.c /optee_os/core/mm/mobj.c /optee_os/mk/config.mk src/pkcs11_attributes.c src/token_capabilities.c
66594cdb	29-Jul-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Remove dual crypto operations from token capability We don't support dual cryptographic operations in current implemenetation. So remove it from token capability. Signed-off-by: Ruchika ta: pkcs11: Remove dual crypto operations from token capability We don't support dual cryptographic operations in current implemenetation. So remove it from token capability. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/persistent_token.c
8abbc8f7	17-Jul-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Fix calling twice of C_EncryptInit()/C_DecryptInit() If C_EncryptInit()/C_DecryptInit() is called twice first starts the operation and should inform caller that operation is already in p ta: pkcs11: Fix calling twice of C_EncryptInit()/C_DecryptInit() If C_EncryptInit()/C_DecryptInit() is called twice first starts the operation and should inform caller that operation is already in progress and keep the operation active until it is terminated with C_Encrypt()/ C_Decrypt() or by C_EncryptFinal()/C_DecryptFinal(). Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.8 Encryption functions C_EncryptInit and 5.9 Decryption functions C_DecryptInit Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-ls/platform_config.h /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-marvell/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-totalcompute/conf.mk /optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts /optee_os/core/arch/arm/plat-totalcompute/main.c /optee_os/core/arch/arm/plat-totalcompute/platform_config.h /optee_os/core/arch/arm/plat-totalcompute/sub.mk /optee_os/core/arch/arm/plat-totalcompute/tc0_spmc_pm.c /optee_os/core/crypto.mk /optee_os/core/crypto/cbc-mac.c /optee_os/core/mm/vm.c /optee_os/lib/libunw/unwind_arm64.c /optee_os/mk/config.mk /optee_os/scripts/checkpatch_inc.sh src/processing.c
f5c0739c	22-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add access check on new object when deriving/unwrapping Access check is also required on created attributes when a new object is created when deriving/unwrapping keys. Reviewed-by: Vesa ta: pkcs11: Add access check on new object when deriving/unwrapping Access check is also required on created attributes when a new object is created when deriving/unwrapping keys. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/processing.c
e3f0cb56	05-Jul-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for indirect templates Add support for handling indirect template - CKA_DERIVE_TEMPLATE and CKA_UNWRAP_TEMPLATE during key derivation/unwrapping. Reviewed-by: Vesa Jääskeläi ta: pkcs11: Add support for indirect templates Add support for handling indirect template - CKA_DERIVE_TEMPLATE and CKA_UNWRAP_TEMPLATE during key derivation/unwrapping. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/attributes.c src/attributes.h src/pkcs11_attributes.c
3668310b	05-Jul-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add implementation for unwrapping keys Add implementation for handling C_UnwrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.c ta: pkcs11: Add implementation for unwrapping keys Add implementation for handling C_UnwrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/entry.c src/processing.c src/processing.h src/processing_symm.c
5f80f270	25-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add implementation for wrapping keys Add implementation for handling C_WrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> ta: pkcs11: Add implementation for wrapping keys Add implementation for handling C_WrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/entry.c src/pkcs11_attributes.c src/pkcs11_attributes.h src/pkcs11_helpers.c src/pkcs11_token.c src/pkcs11_token.h src/processing.c src/processing.h src/processing_symm.c src/token_capabilities.c
06b47dc4	25-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add missing error codes Some error codes related with wrap, unwrap and random number API's were missing from the list. These have been added. Reviewed-by: Vesa Jääskeläinen <vesa.jaaske ta: pkcs11: Add missing error codes Some error codes related with wrap, unwrap and random number API's were missing from the list. These have been added. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... include/pkcs11_ta.h src/pkcs11_helpers.c
b6030585	24-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Allocate command ID's for wrapping/unwrapping keys Allocate command ID's for C_WrapKey() and C_UnwrapKey(). Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: E ta: pkcs11: Allocate command ID's for wrapping/unwrapping keys Allocate command ID's for C_WrapKey() and C_UnwrapKey(). Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/boot.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj_dyn_shm.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-hikey/conf.mk /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c /optee_os/core/arch/arm/plat-imx/registers/imx6-crm.h /optee_os/core/arch/arm/plat-imx/registers/imx6.h /optee_os/core/arch/arm/plat-imx/registers/imx8m-crm.h /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/plat-ls/link.mk /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-marvell/otx2/core_pos.S /optee_os/core/arch/arm/plat-marvell/platform_config.h /optee_os/core/arch/arm/plat-marvell/sub.mk /optee_os/core/arch/arm/plat-rcar/conf.mk /optee_os/core/arch/arm/plat-rcar/core_pos_a64.S /optee_os/core/arch/arm/plat-rcar/hw_rng.c /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rcar/rcar.h /optee_os/core/arch/arm/plat-rcar/romapi.c /optee_os/core/arch/arm/plat-rcar/romapi.h /optee_os/core/arch/arm/plat-rcar/romapi_call.S /optee_os/core/arch/arm/plat-rcar/sub.mk /optee_os/core/arch/arm/plat-zynq7k/main.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c /optee_os/core/drivers/crypto/caam/include/caam_utils_dmaobj.h /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_asn1_oid.h /optee_os/core/drivers/imx_i2c.c /optee_os/core/drivers/imx_rngb.c /optee_os/core/drivers/scif.c /optee_os/core/include/kernel/wait_queue.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/signed_hdr.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tpm.c /optee_os/core/kernel/user_ta.c /optee_os/core/kernel/wait_queue.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/lib/libtomcrypt/src/headers/tomcrypt_pk.h /optee_os/core/lib/libtomcrypt/src/headers/tomcrypt_private.h /optee_os/core/lib/libtomcrypt/src/pk/rsa/rsa_make_key.c /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/pta/hwrng.c /optee_os/core/pta/sub.mk /optee_os/core/tee/fs_dirfile.c /optee_os/core/tee/tadb.c /optee_os/core/tee/tee_ree_fs.c /optee_os/ldelf/ta_elf_rel.c /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libutee/include/rng_pta_client.h /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/mk/config.mk include/pkcs11_ta.h
fb279d8b	26-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for elliptic curve signing & verification Add support for performing elliptic curve signing & verification operations for: - ECDSA with supplied hash value - Multi stage SHA ta: pkcs11: Add support for elliptic curve signing & verification Add support for performing elliptic curve signing & verification operations for: - ECDSA with supplied hash value - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3 Elliptic Curve Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/pkcs11_helpers.c src/pkcs11_token.c src/pkcs11_token.h src/processing.c src/processing.h src/processing_asymm.c src/processing_ec.c src/sub.mk src/token_capabilities.c
02b16804	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add support for elliptic curve key pair generation Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3.5 Elliptic curve ta: pkcs11: Add support for elliptic curve key pair generation Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.3.5 Elliptic curve key pair generation Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Co-developed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... include/pkcs11_ta.h src/pkcs11_attributes.c src/processing.c src/processing.h src/processing_ec.c src/sub.mk src/token_capabilities.c
1f5d4d23	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: scripts: Add script for generating EC curve parameters Initial supports for curves: - prime192v1 - secp224r1 - prime256v1 - secp384r1 - secp521r1 Acked-by: Etienne Carriere <etienne.ca ta: pkcs11: scripts: Add script for generating EC curve parameters Initial supports for curves: - prime192v1 - secp224r1 - prime256v1 - secp384r1 - secp521r1 Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... scripts/dump_ec_curve_params.sh
013934d8	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add generic support for key pair generation This commit only adds common key pair generation support code. Actual mechanism specific key pair generation codes are in their own commits. ta: pkcs11: Add generic support for key pair generation This commit only adds common key pair generation support code. Actual mechanism specific key pair generation codes are in their own commits. Specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.13 Key management functions C_GenerateKeyPair Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/entry.c src/pkcs11_attributes.c src/pkcs11_helpers.c src/processing.c src/processing.h
4c3354e3	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Allocate command ID for key pair generation Allocate command ID for C_GenerateKeyPair() functionality. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carri ta: pkcs11: Allocate command ID for key pair generation Allocate command ID for C_GenerateKeyPair() functionality. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... include/pkcs11_ta.h
5e1d94eb	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add helper for setting up CKA_ID value When generating a new key pair object adds CKA_ID attribute from paired object template if value given. Reviewed-by: Etienne Carriere <etienne.car ta: pkcs11: Add helper for setting up CKA_ID value When generating a new key pair object adds CKA_ID attribute from paired object template if value given. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Co-developed-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Gabor Szekely <szvgabor@gmail.com> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_attributes.c src/pkcs11_attributes.h
26b6badb	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Fix get_default_value/PKCS11_CKA_PUBLIC_KEY_INFO Default value for CKA_PUBLIC_KEY_INFO is empty unless asymmetric mechanism is specified. When asymmetric mechanism is specified it shoul ta: pkcs11: Fix get_default_value/PKCS11_CKA_PUBLIC_KEY_INFO Default value for CKA_PUBLIC_KEY_INFO is empty unless asymmetric mechanism is specified. When asymmetric mechanism is specified it should contribute the actual value. Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... src/pkcs11_attributes.c
edd95148	25-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: CKA_SUBJECT is mandatory for keys but has default value When creating a new public/private key in its template it is not mandatory to have CKA_SUBJECT field. However in the object stored ta: pkcs11: CKA_SUBJECT is mandatory for keys but has default value When creating a new public/private key in its template it is not mandatory to have CKA_SUBJECT field. However in the object stored in it must be present. If CKA_SUBJECT is not present it will be given empty default value. In PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01: 4.8 Public key objects: CKA_SUBJECT -- DER-encoding of the key subject name (default empty) 4.9 Private key objects: CKA_SUBJECT -- DER-encoding of the key subject name (default empty) Reviewed-by: Ricardo Salveti <ricardo@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/.azure-pipelines.yml /optee_os/.travis.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/arm.h /optee_os/core/arch/arm/include/arm32.h /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/boot.h /optee_os/core/arch/arm/include/kernel/delay.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/kernel/tz_proc_def.h /optee_os/core/arch/arm/include/kernel/tz_ssvce_def.h /optee_os/core/arch/arm/include/kernel/vfp.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/mm/tee_pager.h /optee_os/core/arch/arm/include/optee_ffa.h /optee_os/core/arch/arm/include/sm/optee_smc.h /optee_os/core/arch/arm/include/sm/psci.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/misc_a32.S /optee_os/core/arch/arm/kernel/misc_a64.S /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/tee_time_arm_cntpct.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/kernel/thread_optee_smc_a32.S /optee_os/core/arch/arm/kernel/thread_private.h /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a32.S /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/crypto_conf.mk /optee_os/core/arch/arm/plat-imx/imx-regs.h /optee_os/core/arch/arm/plat-imx/pm/psci.c /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/crypto_conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-ls/sub.mk /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_clk.c /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/fvp_spmc_pm.c /optee_os/core/arch/arm/sm/psci.c /optee_os/core/drivers/crypto/caam/acipher/caam_dh.c /optee_os/core/drivers/crypto/caam/acipher/caam_dsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime_dsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime_rsa.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/caam/acipher/local.h /optee_os/core/drivers/crypto/caam/acipher/sub.mk /optee_os/core/drivers/crypto/caam/caam_ctrl.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c /optee_os/core/drivers/crypto/caam/hal/sub.mk /optee_os/core/drivers/crypto/caam/include/caam_acipher.h /optee_os/core/drivers/crypto/caam/include/caam_desc_ccb_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_helper.h /optee_os/core/drivers/crypto/caam/include/caam_trace.h /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/crypto_api/acipher/dh.c /optee_os/core/drivers/crypto/crypto_api/acipher/dsa.c /optee_os/core/drivers/crypto/crypto_api/acipher/sub.mk /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt.h /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/drivers/gic.c /optee_os/core/drivers/imx_wdog.c /optee_os/core/drivers/sp805_wdt.c /optee_os/core/include/bench.h /optee_os/core/include/drivers/imx/dcp.h /optee_os/core/include/drivers/imx_wdog.h /optee_os/core/include/drivers/ls_gpio.h /optee_os/core/include/drivers/ls_i2c.h /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/tzc380.h /optee_os/core/include/drivers/tzc400.h /optee_os/core/include/kernel/asan.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/pm.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/include/mm/fobj.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/mm/tee_mmu_types.h /optee_os/core/include/optee_msg.h /optee_os/core/include/optee_rpc_cmd.h /optee_os/core/include/tee/fs_htree.h /optee_os/core/include/tee/tee_fs.h /optee_os/core/include/tee/tee_fs_key_manager.h /optee_os/core/include/tee/tee_svc_storage.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/interrupt.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/zlib/zconf.h /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/mm/sub.mk /optee_os/core/mm/vm.c /optee_os/core/pta/scmi.c /optee_os/core/pta/sub.mk /optee_os/core/tee/entry_std.c /optee_os/core/tee/tee_pobj.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/core/tee/tee_svc_storage.c /optee_os/lib/libmbedtls/core/sm2-dsa.c /optee_os/lib/libmbedtls/core/sm2-pke.c /optee_os/lib/libmbedtls/mbedtls/library/md2.c /optee_os/lib/libmbedtls/mbedtls/library/md4.c /optee_os/lib/libmbedtls/mbedtls/library/md5.c /optee_os/lib/libmbedtls/mbedtls/library/ripemd160.c /optee_os/lib/libmbedtls/mbedtls/library/sha512.c /optee_os/lib/libutee/include/arm64_user_sysreg.h /optee_os/lib/libutee/include/arm_user_sysreg.h /optee_os/lib/libutee/include/pta_invoke_tests.h /optee_os/lib/libutee/include/pta_scmi_client.h /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/isoc/include/sys/queue.h /optee_os/mk/config.mk /optee_os/scripts/mem_usage.py src/pkcs11_attributes.c
ed8bece7	09-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Remove class and key check for indirect attributes In sanitize_indirect_attributes(), class and key check is performed to check that the indirect attribute is provided only for particula ta: pkcs11: Remove class and key check for indirect attributes In sanitize_indirect_attributes(), class and key check is performed to check that the indirect attribute is provided only for particular type of key objects. This check causes issue in case an indirect template further has pointer to another indirect template. It is not essential for an indirect template to have class and key attributes. When creating objects for classes which don't support the indirect template, this would result in scenario where error is not returned. However, the indirect attribute won't get added to the created object. This is inline with how the other attributes are dealt with currently. eg. if while creating a secret key, a public key attribute is passed, it is currently ignored rather than returning error. A probable fix is to check all the attributes in the user provided template with the attributes of the type of object which needs to be created. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/sanitize_object.c
02dbcc7e	13-Apr-2021	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: use a temporary list for object under creation This change removes the hacky handling of whether object was previously in a list of not. This is replaced by default registering pkcs11 ob ta: pkcs11: use a temporary list for object under creation This change removes the hacky handling of whether object was previously in a list of not. This is replaced by default registering pkcs11 objects in a temporary list at object allocation so it can be blindly removed from its list when destroyed and can be safely moved to its destination list (either a session object list or a token object list) when object is successfully created. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome@forissier.org> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> show more ... /optee_os/.azure-pipelines.yml /optee_os/core/arch/arm/include/kernel/abort.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/mm/tee_pager.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/unwind_arm64.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/mm/sub.mk /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-imx/crypto_conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/crypto_conf.mk /optee_os/core/arch/arm/plat-ls/platform_config.h /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-mediatek/platform_config.h /optee_os/core/arch/arm/plat-rcar/link.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/nsec-service/stm32mp1_svc_setup.c /optee_os/core/arch/arm/plat-stm32mp1/sub.mk /optee_os/core/arch/arm/tee/sub.mk /optee_os/core/drivers/bcm_sotp.c /optee_os/core/drivers/crypto/caam/acipher/caam_ecc.c /optee_os/core/drivers/crypto/caam/acipher/caam_math.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/caam/acipher/sub.mk /optee_os/core/drivers/crypto/caam/caam_ctrl.c /optee_os/core/drivers/crypto/caam/caam_desc.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_mac.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher_xts.c /optee_os/core/drivers/crypto/caam/cipher/local.h /optee_os/core/drivers/crypto/caam/hal/ls/registers/ctrl_regs.h /optee_os/core/drivers/crypto/caam/hash/caam_hash.c /optee_os/core/drivers/crypto/caam/hash/caam_hash_mac.c /optee_os/core/drivers/crypto/caam/hash/local.h /optee_os/core/drivers/crypto/caam/include/caam_acipher.h /optee_os/core/drivers/crypto/caam/include/caam_common.h /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_helper.h /optee_os/core/drivers/crypto/caam/include/caam_io.h /optee_os/core/drivers/crypto/caam/include/caam_jr_status.h /optee_os/core/drivers/crypto/caam/include/caam_status.h /optee_os/core/drivers/crypto/caam/include/caam_trace.h /optee_os/core/drivers/crypto/caam/include/caam_types.h /optee_os/core/drivers/crypto/caam/include/caam_utils_dmaobj.h /optee_os/core/drivers/crypto/caam/include/caam_utils_mem.h /optee_os/core/drivers/crypto/caam/include/caam_utils_sgt.h /optee_os/core/drivers/crypto/caam/include/caam_utils_status.h /optee_os/core/drivers/crypto/caam/utils/sub.mk /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/caam/utils/utils_mem.c /optee_os/core/drivers/crypto/caam/utils/utils_sgt.c /optee_os/core/drivers/crypto/caam/utils/utils_sgt_v1.c /optee_os/core/drivers/crypto/caam/utils/utils_sgt_v2.c /optee_os/core/drivers/crypto/caam/utils/utils_status.c /optee_os/core/drivers/crypto/se050/core/cipher.c /optee_os/core/drivers/scmi-msg/smt.c /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/kernel/early_ta.h /optee_os/core/include/kernel/embedded_ts.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/mm/fobj.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/mm/vm.h /optee_os/core/include/tee/entry_std.h /optee_os/core/include/tee/tee_fs_rpc.h /optee_os/core/kernel/early_ta.c /optee_os/core/kernel/embedded_ts.c /optee_os/core/kernel/pseudo_ta.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/secstor_ta.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/user_ta.c /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/mm/sub.mk /optee_os/core/mm/vm.c /optee_os/core/sub.mk /optee_os/core/tee/entry_std.c /optee_os/core/tee/sub.mk /optee_os/core/tee/tee_fs_rpc.c /optee_os/core/tee/tee_svc_cryp.c /optee_os/lib/libmbedtls/sub.mk /optee_os/mk/compile.mk /optee_os/mk/config.mk src/object.c
c95980b1	12-Mar-2021	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: fix comment stating no mechanism is supported Remove the inline comment that states the implementation does not yet support any mechanism as is it not true. Signed-off-by: Etienne Carri ta: pkcs11: fix comment stating no mechanism is supported Remove the inline comment that states the implementation does not yet support any mechanism as is it not true. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/token_capabilities.c
372064dc	10-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add restriction in C_GetAttributeValue() Support for getting indirect template attributes using C_GetAttributeValue() is not supported as of now. Explicitly return error if such attribut ta: pkcs11: Add restriction in C_GetAttributeValue() Support for getting indirect template attributes using C_GetAttributeValue() is not supported as of now. Explicitly return error if such attribute value is requested. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/object.c
196bcd93	10-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add sanitize function for symmetric keys The specification [1] mandates some rules for CKA_VALUE and CKA_VALUE_LEN for keys of type CKO_GENERIC_SECRET in Table 45, Table 47. These checks ta: pkcs11: Add sanitize function for symmetric keys The specification [1] mandates some rules for CKA_VALUE and CKA_VALUE_LEN for keys of type CKO_GENERIC_SECRET in Table 45, Table 47. These checks were missing in current implementation. Add explicit checks for this when creating such objects. [1] - PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... src/pkcs11_attributes.c
1 2 345 6 7 8 9 10 11