Home
last modified time | relevance | path

Searched +full:restore +full:- +full:keys (Results 1 – 13 of 13) sorted by relevance

/optee_os/.github/workflows/
H A Dci.yml6 group: ci-${{ github.ref }} # unique per branch
7 cancel-in-progress: true # cancel previous runs on the same branch
11 runs-on: ubuntu-latest
14 - name: Checkout
17 fetch-depth: 0 # full history so checkpatch can check commit IDs in commit messages
18 - name: Update Git config
19 run: git config --globa
[all...]
/optee_os/core/arch/arm/include/kernel/
H A Dthread_arch.h1 /* SPDX-License-Identifier: BSD-2-Clause */
4 * Copyright (c) 2016-2022, Linaro Limited
5 * Copyright (c) 2020-2021, Arm Limited
33 * Storage of keys used for pointer authentication. FEAT_PAuth supports a
34 * number of keys of which only the APIA key is currently used, depending on
51 struct thread_pauth_keys keys; member
65 /* Function ID to use for a direct response, 32-bit vs 64-bit */
364 * thread_kernel_enable_vfp() - Temporarily enables usage of VFP
368 * and restore the foreign interrupt status.
381 * thread_kernel_disable_vfp() - Disables usage of VFP
[all …]
/optee_os/lib/libutee/
H A Dtee_api_operations.c1 // SPDX-License-Identifier: BSD-2-Clause
36 /* Cryptographic Operations API - Generic Operation Functions */
102 /* Two 256-bit keys */ in TEE_AllocateOperation()
317 op->info.algorithm = algorithm; in TEE_AllocateOperation()
318 op->info.operationClass = TEE_ALG_GET_CLASS(algorithm); in TEE_AllocateOperation()
321 op->info.operationClass = TEE_OPERATION_ASYMMETRIC_SIGNATURE; in TEE_AllocateOperation()
323 op->info.mode = mode; in TEE_AllocateOperation()
324 op->info.digestLength = TEE_ALG_GET_DIGEST_SIZE(algorithm); in TEE_AllocateOperation()
325 op->info.maxKeySize = maxKeySize; in TEE_AllocateOperation()
326 op->info.requiredKeyUsage = req_key_usage; in TEE_AllocateOperation()
[all …]
/optee_os/core/arch/arm/kernel/
H A Dthread.c1 // SPDX-License-Identifier: BSD-2-Clause
3 * Copyright (c) 2016-2022, Linaro Limited
5 * Copyright (c) 2020-2021, Arm Limited
127 thr->vfp_state.ns_saved = false; in thread_lazy_save_ns_vfp()
128 vfp_lazy_save_state_init(&thr->vfp_state.ns); in thread_lazy_save_ns_vfp()
136 struct thread_user_vfp_state *tuv = thr->vfp_state.uvfp; in thread_lazy_restore_ns_vfp()
138 assert(!thr->vfp_state.sec_lazy_saved && !thr->vfp_state.sec_saved); in thread_lazy_restore_ns_vfp()
140 if (tuv && tuv->lazy_saved && !tuv->saved) { in thread_lazy_restore_ns_vfp()
141 vfp_lazy_save_state_final(&tuv->vfp, false /*!force_save*/); in thread_lazy_restore_ns_vfp()
142 tuv->saved = true; in thread_lazy_restore_ns_vfp()
[all …]
H A Dsecure_partition.c1 // SPDX-License-Identifier: BSD-2-Clause
3 * Copyright (c) 2020-2024, Arm Limited.
97 if (!memcmp(&sp->image.uuid, uuid, sizeof(*uuid))) in find_secure_partition()
98 return &sp->image; in find_secure_partition()
102 if (!memcmp(&fip_sp->sp_img.image.uuid, uuid, sizeof(*uuid))) in find_secure_partition()
103 return &fip_sp->sp_img.image; in find_secure_partition()
111 return ctx && (ctx->ops == &sp_ops); in is_sp_ctx()
116 ctx->ops = &sp_ops; in set_sp_ctx_ops()
124 if (s->endpoint_id == session_id) in sp_get_session()
148 memcmp(&s->ffa_uuid, ffa_uuid, sizeof(*ffa_uuid))) in sp_partition_info_get()
[all …]
/optee_os/lib/libmbedtls/mbedtls/
H A DChangeLog3 = Mbed TLS 3.6.4 branch released 2025-06-30
7 client and server to extract additional shared symmetric keys from an SSL
8 session, according to the TLS-Exporter specification in RFC 8446 and 5705.
15 CVE-2025-49601
19 CVE-2025-49600
30 CVE-2025-52496
31 * Fix possible use-after-free or double-free in code calling
36 they were free()d, resulting in high risk of use-after-free or double-free,
39 were affected (use-after-free if the san string contains more than one DN).
42 CVE-2025-47917
[all …]
/optee_os/lib/libmbedtls/mbedtls/include/psa/
H A Dcrypto_se_driver.h20 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
45 /** A read-only pointer to the driver's persistent data.
64 * the persistent data is all-bits-zero. After a driver upgrade, if the
69 * This pointer is to read-only data. Only a few driver functions are
72 * - psa_drv_se_t::p_init
73 * - psa_drv_se_key_management_t::p_allocate
74 * - psa_drv_se_key_management_t::p_destroy
80 * - psa_crypto_init() causes a call to psa_drv_se_t::p_init, and may call
83 * - Key creation functions cause a call to
86 * - psa_destroy_key() causes a call to
[all …]
/optee_os/core/arch/riscv/kernel/
H A Dthread_arch.c1 // SPDX-License-Identifier: BSD-2-Clause
3 * Copyright 2022-2023 NXP
4 * Copyright (c) 2016-2022, Linaro Limited
6 * Copyright (c) 2020-2021, Arm Limited
61 * While in RISC-V, the bits in CSR XIE are used to enable(unmask) in thread_set_exceptions()
101 regs->epc = (uintptr_t)thread_unwind_user_mode; in setup_unwind_user_mode()
102 regs->status = xstatus_for_xret(true, PRV_S); in setup_unwind_user_mode()
103 regs->ie = 0; in setup_unwind_user_mode()
110 regs->sp = (uintptr_t)(regs + 1); in setup_unwind_user_mode()
134 /* Restore foreign interrupts which are disabled on exception entry */ in thread_scall_handler()
[all …]
/optee_os/lib/libmbedtls/mbedtls/include/mbedtls/
H A Dssl.h8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
47 #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
49 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
51 #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
53 #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
55 #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
57 #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
59 #define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300
62 #define MBEDTLS_ERR_SSL_NO_RNG -0x7400
64 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
[all …]
/optee_os/lib/libmbedtls/mbedtls/library/
H A Dx509_crt.c5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 * The ITU-T X.509 standard defines a certificate format for PKI.
14 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
15 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
17 * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
83 * Max size of verification chain: end-entity + intermediates + trusted root
91 /* Hashes from SHA-256 and above. Note that this selection
98 /* Curves at or above 128-bit security level. Note that this selection
113 /* Next-generation profile. Currently identical to the default, but may
117 /* Hashes from SHA-256 and above. */
[all …]
H A Drsa.c2 * The RSA public-key cryptosystem
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
12 * [1] A method for obtaining digital signatures and public-key cryptosystems
16 * [2] Handbook of Applied Cryptography - 1997, Chapter 8
57 * - never a valid value for an RSA parameter
58 * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
98 * modulus INTEGER, -- n in mbedtls_rsa_parse_key()
99 * publicExponent INTEGER, -- e in mbedtls_rsa_parse_key()
100 * privateExponent INTEGER, -- d in mbedtls_rsa_parse_key()
101 * prime1 INTEGER, -- p in mbedtls_rsa_parse_key()
[all …]
H A Decp.c5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
11 * SEC1 https://www.secg.org/sec1-v2.pdf
12 * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
13 * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
15 * - https://www.rfc-editor.org/rfc/rfc4492
17 * - https://www.rfc-editor.org/rfc/rfc7748
19 * [Curve25519] https://cr.yp.to/ecdh/curve25519-20060209.pdf
21 * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
23 * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
24 * <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
[all …]
H A Dssl_msg.c6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
77 * extension in order to get constant-flow behaviour. in mbedtls_ct_hmac()
136 * deliberately-crafted input), in case the caller doesn't in mbedtls_ct_hmac()
197 * extension to the MD API in order to get constant-flow behaviour. in mbedtls_ct_hmac()
201 * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx. in mbedtls_ct_hmac()
209 const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info); in mbedtls_ct_hmac()
210 /* TLS 1.2 only supports SHA-384, SHA-256, SHA-1, MD-5, in mbedtls_ct_hmac()
211 * all of which have the same block size except SHA-384. */ in mbedtls_ct_hmac()
213 const unsigned char * const ikey = ctx->hmac_ctx; in mbedtls_ct_hmac()
215 const size_t hash_size = mbedtls_md_get_size(ctx->md_info); in mbedtls_ct_hmac()
[all …]