Searched hist:c84ccd0a805e522eb29976bbaaeff88bf4d44637 (Results 1 – 5 of 5) sorted by relevance
| /optee_os/ta/pkcs11/src/ |
| H A D | sub.mk | c84ccd0a805e522eb29976bbaaeff88bf4d44637 Tue Feb 04 13:43:40 UTC 2020 Etienne Carriere <etienne.carriere@linaro.org> ta: pkcs11: persistent database for the pkcs11 tokens
Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state and save the database in secure storage.
PKCS11 TA may implement several tokens each related to its own
database.
A token persistent database is stored in several part in TEE secure
storage. The main database stores token label, flags and PINs status.
Another database stores the UUIDs of the TEE persistent objects
used to store the token PKCS11 objects allowing the token to find
back PKCS11 persistent objects. This object database is out of the
scope of this change.
At runtime, a token instance is reference by a struct ck_token instance
in RAM which stores the state of the token and references to the
resources the token as loaded as PIN cipher keys (see paragraph below),
session states and the volatile copy of the persistent databases.
Among data saved in persistent database is the reference to
the keys used to cipher the PINs that will be used. A symmetric
encryption scheme is used using keys PKCS11 TA does not have access
to. This allows PKCS11 TA to save in RAM an encrypted value of
the owners PINs.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
| H A D | persistent_token.c | c84ccd0a805e522eb29976bbaaeff88bf4d44637 Tue Feb 04 13:43:40 UTC 2020 Etienne Carriere <etienne.carriere@linaro.org> ta: pkcs11: persistent database for the pkcs11 tokens
Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state and save the database in secure storage.
PKCS11 TA may implement several tokens each related to its own
database.
A token persistent database is stored in several part in TEE secure
storage. The main database stores token label, flags and PINs status.
Another database stores the UUIDs of the TEE persistent objects
used to store the token PKCS11 objects allowing the token to find
back PKCS11 persistent objects. This object database is out of the
scope of this change.
At runtime, a token instance is reference by a struct ck_token instance
in RAM which stores the state of the token and references to the
resources the token as loaded as PIN cipher keys (see paragraph below),
session states and the volatile copy of the persistent databases.
Among data saved in persistent database is the reference to
the keys used to cipher the PINs that will be used. A symmetric
encryption scheme is used using keys PKCS11 TA does not have access
to. This allows PKCS11 TA to save in RAM an encrypted value of
the owners PINs.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
| H A D | pkcs11_token.h | c84ccd0a805e522eb29976bbaaeff88bf4d44637 Tue Feb 04 13:43:40 UTC 2020 Etienne Carriere <etienne.carriere@linaro.org> ta: pkcs11: persistent database for the pkcs11 tokens
Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state and save the database in secure storage.
PKCS11 TA may implement several tokens each related to its own
database.
A token persistent database is stored in several part in TEE secure
storage. The main database stores token label, flags and PINs status.
Another database stores the UUIDs of the TEE persistent objects
used to store the token PKCS11 objects allowing the token to find
back PKCS11 persistent objects. This object database is out of the
scope of this change.
At runtime, a token instance is reference by a struct ck_token instance
in RAM which stores the state of the token and references to the
resources the token as loaded as PIN cipher keys (see paragraph below),
session states and the volatile copy of the persistent databases.
Among data saved in persistent database is the reference to
the keys used to cipher the PINs that will be used. A symmetric
encryption scheme is used using keys PKCS11 TA does not have access
to. This allows PKCS11 TA to save in RAM an encrypted value of
the owners PINs.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
| H A D | pkcs11_token.c | c84ccd0a805e522eb29976bbaaeff88bf4d44637 Tue Feb 04 13:43:40 UTC 2020 Etienne Carriere <etienne.carriere@linaro.org> ta: pkcs11: persistent database for the pkcs11 tokens
Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state and save the database in secure storage.
PKCS11 TA may implement several tokens each related to its own
database.
A token persistent database is stored in several part in TEE secure
storage. The main database stores token label, flags and PINs status.
Another database stores the UUIDs of the TEE persistent objects
used to store the token PKCS11 objects allowing the token to find
back PKCS11 persistent objects. This object database is out of the
scope of this change.
At runtime, a token instance is reference by a struct ck_token instance
in RAM which stores the state of the token and references to the
resources the token as loaded as PIN cipher keys (see paragraph below),
session states and the volatile copy of the persistent databases.
Among data saved in persistent database is the reference to
the keys used to cipher the PINs that will be used. A symmetric
encryption scheme is used using keys PKCS11 TA does not have access
to. This allows PKCS11 TA to save in RAM an encrypted value of
the owners PINs.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
| H A D | entry.c | c84ccd0a805e522eb29976bbaaeff88bf4d44637 Tue Feb 04 13:43:40 UTC 2020 Etienne Carriere <etienne.carriere@linaro.org> ta: pkcs11: persistent database for the pkcs11 tokens
Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state and save the database in secure storage.
PKCS11 TA may implement several tokens each related to its own
database.
A token persistent database is stored in several part in TEE secure
storage. The main database stores token label, flags and PINs status.
Another database stores the UUIDs of the TEE persistent objects
used to store the token PKCS11 objects allowing the token to find
back PKCS11 persistent objects. This object database is out of the
scope of this change.
At runtime, a token instance is reference by a struct ck_token instance
in RAM which stores the state of the token and references to the
resources the token as loaded as PIN cipher keys (see paragraph below),
session states and the volatile copy of the persistent databases.
Among data saved in persistent database is the reference to
the keys used to cipher the PINs that will be used. A symmetric
encryption scheme is used using keys PKCS11 TA does not have access
to. This allows PKCS11 TA to save in RAM an encrypted value of
the owners PINs.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|