Searched hist:"6301 ca1c10ac83ef0b0a6cc104de65d902c20878" (Results 1 – 5 of 5) sorted by relevance
| /optee_os/core/drivers/crypto/se050/core/ |
| H A D | storage.c | 6301ca1c10ac83ef0b0a6cc104de65d902c20878 Sat Sep 24 18:25:29 UTC 2022 Jorge Ramirez-Ortiz <jorge@foundries.io> crypto: se050: updates to the crypto object deletion interface
Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key during
the release of the object.
The storage allocated to hold those keys (ECC/RSA) is always below the
page size length which seems like a reasonable figure to use for future
extensions.
- This commit avoids scanning objects larger than that length.
This commit also updates the interface to delegate the actual handling
of the object to the crypto driver instead of passing just the raw data
contained in the object.
The cryptographic layer is also being allowed to block the deletion of
the object. This is to cover the scenario where the I2C device is not
accessible while a reference to the key is being removed from the secure
storage in the filesystem.
Incidentally also fixes regression 6018: this test releases an object
of size 0xA0000 which can't be scanned due to this part of the code
hitting an Out of Memory condition.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
| /optee_os/core/drivers/crypto/se050/ |
| H A D | crypto.mk | 6301ca1c10ac83ef0b0a6cc104de65d902c20878 Sat Sep 24 18:25:29 UTC 2022 Jorge Ramirez-Ortiz <jorge@foundries.io> crypto: se050: updates to the crypto object deletion interface
Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key during
the release of the object.
The storage allocated to hold those keys (ECC/RSA) is always below the
page size length which seems like a reasonable figure to use for future
extensions.
- This commit avoids scanning objects larger than that length.
This commit also updates the interface to delegate the actual handling
of the object to the crypto driver instead of passing just the raw data
contained in the object.
The cryptographic layer is also being allowed to block the deletion of
the object. This is to cover the scenario where the I2C device is not
accessible while a reference to the key is being removed from the secure
storage in the filesystem.
Incidentally also fixes regression 6018: this test releases an object
of size 0xA0000 which can't be scanned due to this part of the code
hitting an Out of Memory condition.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
| /optee_os/core/include/crypto/ |
| H A D | crypto.h | 6301ca1c10ac83ef0b0a6cc104de65d902c20878 Sat Sep 24 18:25:29 UTC 2022 Jorge Ramirez-Ortiz <jorge@foundries.io> crypto: se050: updates to the crypto object deletion interface
Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key during
the release of the object.
The storage allocated to hold those keys (ECC/RSA) is always below the
page size length which seems like a reasonable figure to use for future
extensions.
- This commit avoids scanning objects larger than that length.
This commit also updates the interface to delegate the actual handling
of the object to the crypto driver instead of passing just the raw data
contained in the object.
The cryptographic layer is also being allowed to block the deletion of
the object. This is to cover the scenario where the I2C device is not
accessible while a reference to the key is being removed from the secure
storage in the filesystem.
Incidentally also fixes regression 6018: this test releases an object
of size 0xA0000 which can't be scanned due to this part of the code
hitting an Out of Memory condition.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
| /optee_os/core/crypto/ |
| H A D | crypto.c | 6301ca1c10ac83ef0b0a6cc104de65d902c20878 Sat Sep 24 18:25:29 UTC 2022 Jorge Ramirez-Ortiz <jorge@foundries.io> crypto: se050: updates to the crypto object deletion interface
Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key during
the release of the object.
The storage allocated to hold those keys (ECC/RSA) is always below the
page size length which seems like a reasonable figure to use for future
extensions.
- This commit avoids scanning objects larger than that length.
This commit also updates the interface to delegate the actual handling
of the object to the crypto driver instead of passing just the raw data
contained in the object.
The cryptographic layer is also being allowed to block the deletion of
the object. This is to cover the scenario where the I2C device is not
accessible while a reference to the key is being removed from the secure
storage in the filesystem.
Incidentally also fixes regression 6018: this test releases an object
of size 0xA0000 which can't be scanned due to this part of the code
hitting an Out of Memory condition.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
| /optee_os/core/tee/ |
| H A D | tee_svc_storage.c | 6301ca1c10ac83ef0b0a6cc104de65d902c20878 Sat Sep 24 18:25:29 UTC 2022 Jorge Ramirez-Ortiz <jorge@foundries.io> crypto: se050: updates to the crypto object deletion interface
Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key during
the release of the object.
The storage allocated to hold those keys (ECC/RSA) is always below the
page size length which seems like a reasonable figure to use for future
extensions.
- This commit avoids scanning objects larger than that length.
This commit also updates the interface to delegate the actual handling
of the object to the crypto driver instead of passing just the raw data
contained in the object.
The cryptographic layer is also being allowed to block the deletion of
the object. This is to cover the scenario where the I2C device is not
accessible while a reference to the key is being removed from the secure
storage in the filesystem.
Incidentally also fixes regression 6018: this test releases an object
of size 0xA0000 which can't be scanned due to this part of the code
hitting an Out of Memory condition.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|