- 06 8月, 2021 2 次提交
-
-
由 Ruchika Gupta 提交于
For C_UnwrapKey(), if unwrapping key handle is NULL, return CKR_UNWRAPPING_KEY_HANDLE_INVALID instead of CKR_ARGUMENT_BAD. Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
由 Ruchika Gupta 提交于
C_GetAttributeValue() for attribute CKA_KEY_GEN_MECHANISM can also return CK_UNAVAILABLE_INFORMATION. When in 64 bits we need to extend CK_UNAVAILABLE_INFORMATION uint32_t value to CK_ULONG (64 bits). Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
- 03 8月, 2021 5 次提交
-
-
由 Vesa Jääskeläinen 提交于
Some libraries registers notify callbacks to Cryptoki just to be on safe side without having intention of aborting the operation. Possibly uses for notify callback are defined in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.16 Callback functions "A typical use of a surrender callback might be to give an application user feedback during a lengthy key pair generation operation. Each time the application receives a callback, it could display an additional “.” to the user." OP-TEE do not currently have this kind of mechanism to abort key generation thus no need for such callback. If callee has registered for such callback and is prepared to display progress indication or abort the progress it will just never happen. User application receives control back upon completion of such operaton. It also states that: "A Cryptoki library is not required to make any surrender callbacks." So with the change we take liberty of not making the callbacks at all. Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Acked-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Vesa Jääskeläinen 提交于
Add support for performing PKCS #1 RSA OAEP encryption & decryption operations for: - MGF1 SHA-1 - MGF1 SHA-224 - MGF1 SHA-256 - MGF1 SHA-384 - MGF1 SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.8 PKCS #1 RSA OAEP Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Vesa Jääskeläinen 提交于
Add support for performing RSA PSS signing & verification operations for: - PKCS #1 RSA PSS with supplied hash value - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.10 PKCS #1 RSA PSS Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Vesa Jääskeläinen 提交于
Add support for performing RSA signing & verification operations for: - PKCS #1 v1.5 RSA with supplied hash value - Multi stage MD5 - Multi stage SHA-1 - Multi stage SHA-224 - Multi stage SHA-256 - Multi stage SHA-384 - Multi stage SHA-512 Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.6 PKCS #1 v1.5 RSA Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Vesa Jääskeläinen 提交于
Add support to generate PKCS #1 RSA keys when issuing C_GenerateKeyPair(). Specified in: PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01 2.1.4 PKCS #1 RSA key pair generation Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
- 20 7月, 2021 1 次提交
-
-
由 Vesa Jääskeläinen 提交于
As specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.2 Conventions for functions returning output in a variable-length buffer When querying size of returned variable-length buffer actual value of *pulBufLen for input can be anything as long as pBuf is NULL and pulBufLen is not NULL. Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Acked-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org>
-
- 30 6月, 2021 1 次提交
-
-
由 Vesa Jääskeläinen 提交于
As specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.2 Conventions for functions returning output in a variable-length buffer When querying size of returned variable-length buffer actual value of *pulBufLen for input can be anything as long as pBuf is NULL and pulBufLen is not NULL. Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
- 29 6月, 2021 1 次提交
-
-
由 Vesa Jääskeläinen 提交于
Even thou CK_ULONG is known size some application might still ask the size in generic way for all attributes. CK_ULONG has additional twist -- in 64 bit targets user space is 64 bit but TA interface handles that as 32 bit. This change handles both transparently. Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
- 28 6月, 2021 1 次提交
-
-
由 Vesa Jääskeläinen 提交于
As specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.2 Conventions for functions returning output in a variable-length buffer When querying size of returned variable-length buffer actual value of *pulBufLen for input can be anything as long as pBuf is NULL and pulBufLen is not NULL. Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
- 23 6月, 2021 4 次提交
-
-
由 Ruchika Gupta 提交于
Add code for handling C_WrapKey(), C_UnWrapKey() for mechanisms : CKM_AES_ECB CKM_AES_CBC Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
由 Ruchika Gupta 提交于
Allocate command ID's for C_WrapKey() and C_UnwrapKey(). Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Ruchika Gupta 提交于
Some error codes related with wrap, unwrap and random number API's were missing from the list. These have been added. Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Ruchika Gupta 提交于
CKA_DERIVE_TEMPLATE attribute was missing from the list when serializing/deserializing indirect attributes. Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
- 08 6月, 2021 1 次提交
-
-
由 Timothée Cercueil 提交于
The shared memory size got from tee_shm object already strips offset from total buffer size. The offset substraction breaks memref parameters through RPC when applying offset to them. Signed-off-by: NTimothée Cercueil <timothee.cercueil@st.com> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NJens Wiklander <jens.wiklander@linaro.org>
-
- 02 6月, 2021 1 次提交
-
-
由 Pengguang Zhu 提交于
Fix spelling mistake in pkcs11_api.c. Building in debug mode fails with the following error: src/pkcs11_api.c: In function ‘C_Sign’: src/pkcs11_api.c:969:36: error: ‘CKR_USER_NOT_LOGG_IN’ undeclared (first use in this function); did you mean ‘CKR_USER_NOT_LOGGED_IN’? CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGG_IN, ^~~~~~~~~~~~~~~~~~~~ Fixes: 3f44b870 ("libckteec: add support for Signing and Verification Functions") Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NPengguang Zhu <zpghao@163.com>
-
- 27 5月, 2021 3 次提交
-
-
由 Victor Chong 提交于
Enable build of plugin framework under AOSP. Signed-off-by: NVictor Chong <victor.chong@linaro.org> Acked-by: NJens Wiklander <jens.wiklander@linaro.org> Acked-by: NJerome Forissier <jerome@forissier.org>
-
由 Victor Chong 提交于
Set log level for AOSP build to 2 (info). Signed-off-by: NVictor Chong <victor.chong@linaro.org> Acked-by: NJens Wiklander <jens.wiklander@linaro.org> Acked-by: NJerome Forissier <jerome@forissier.org>
-
由 Victor Chong 提交于
Reorder some lines to match tee-supplicant/Makefile. Signed-off-by: NVictor Chong <victor.chong@linaro.org> Acked-by: NJens Wiklander <jens.wiklander@linaro.org> Acked-by: NJerome Forissier <jerome@forissier.org>
-
- 29 4月, 2021 1 次提交
-
-
由 Ricardo Salveti 提交于
optee_client_config.mk should be installed to a more traditional and common folder such as INCLUDEDIR instead of being installed directly to DESTDIR (which can end up as / depending on the packaging system used). This was noticed when packaging optee-client for OE, as DESTDIR gets set to the deploy folder, which is later used as root for packaging optee-client. Signed-off-by: NRicardo Salveti <ricardo@foundries.io> Acked-by: NJerome Forissier <jerome@forissier.org>
-
- 28 4月, 2021 1 次提交
-
-
由 Rouven Czerwinski 提交于
The readdir(3) man page mentions: Currently, only some filesystems (among them: Btrfs, ext2, ext3, and ext4) have full support for returning the file type in d_type. All applications must properly handle a return of DT_UNKNOWN. Which is exactly the case on my nitrogen6x test system based on YOCTO gatesgarth even using ext4: getdents64(4</usr/lib/tee-supplicant/plugins>, [{d_ino=3269, d_off=375390918, d_reclen=64, d_type=DT_UNKNOWN, d_name="f07bfc66-958c-4a15-99c0-260e4e7375dd.plugin"}, …], 32768) = 112 Even the regular test plugin for the tee-supplicant is identified as DT_UNKNOWN, preventing the supplicant from loading the plugin. Instead try to open all files within the plugin directory, excluding "." & "..". Signed-off-by: NRouven Czerwinski <r.czerwinski@pengutronix.de> Reviewed-by: NJerome Forissier <jerome@forissier.org> Reviewed-by: NJens Wiklander <jens.wiklander@linaro.org>
-
- 21 4月, 2021 3 次提交
-
-
由 Vesa Jääskeläinen 提交于
Add support for signing with mechanisms: - CKM_ECDSA - CKM_ECDSA_SHA1 - CKM_ECDSA_SHA224 - CKM_ECDSA_SHA256 - CKM_ECDSA_SHA384 - CKM_ECDSA_SHA512 Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NRicardo Salveti <ricardo@foundries.io> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
由 Vesa Jääskeläinen 提交于
Add support code for issuing C_GenerateKeyPair() command to TA. Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NRicardo Salveti <ricardo@foundries.io> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
由 Vesa Jääskeläinen 提交于
Allocate command ID for C_GenerateKeyPair() functionality. Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NRicardo Salveti <ricardo@foundries.io> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
- 19 4月, 2021 1 次提交
-
-
由 Etienne Carriere 提交于
Change all impacted processing functions to release the active processing when they find an error before invoking the TA. This is needed since PKCS#11 specification expect the active operation is aborted (released) when the Cryptoki API functions do not return CKR_BUFFER_TOO_SMALL or CKR_OK. Signed-off-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
- 29 3月, 2021 3 次提交
-
-
由 Etienne Carriere 提交于
Return CKR_CANT_LOCK if mutex fails at lib initialization. This conforms with the PKCS#11 specification v2.40-errata01. Preserve the exit cases on mutex issues when unlocking and in C_Finalize(). Signed-off-by: NEtienne Carriere <etienne.carriere@linaro.org> Acked-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Jens Wiklander 提交于
Allocate page aligned shared memory buffer guarantee that each shared memory buffer doesn't accidentally share a page of memory or they may become aliased when mapped in secure world. This is normally not a big problem but may make it a bit harder to track down buffer overruns in shared memory buffers. In a post Arm v8.4 architecture with FF-A [1] there's trouble since it's not permitted to share the same physical page twice. [1] https://developer.arm.com/documentation/den0077/latestReviewed-by: NJerome Forissier <jerome@forissier.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NJens Wiklander <jens.wiklander@linaro.org>
-
由 Ricardo Salveti 提交于
On some eMMC devices, the mix of RPMB and normal MMC commands can result in GENERAL FAILURE, which then forces OP-TEE to mark the RPMB device as dead (part of the rollback vulnerability fix). In order to work around this problem, the linux kernel also supports sending all the required MMC_IOC commands in one single multiple ioctl command request, which forces the RPMB commands to be serialized, avoiding the issue. As MMC_IOC_MULTI_CMD is available since linux 4.3, we should be safe to use it by default on read / write block operations. For reference, this issue is also nicely described at the https://www.mail-archive.com/linux-mmc@vger.kernel.org/msg17589.html. Reviewed-by: NJerome Forissier <jerome@forissier.org> Tested-by: NIgor Opaniuk <igor.opaniuk@foundries.io> Signed-off-by: NRicardo Salveti <ricardo@foundries.io>
-
- 11 3月, 2021 1 次提交
-
-
由 Ruchika Gupta 提交于
An attribute template (type, pValue, ulValueLen) provided with C_GetAttributeValue() may have pValue field as NULL pointer with a zero/non-zero ulValueLen field. In these cases TEE should modify the ulValueLen to hold the exact length of the specified attribute for the object. In the current code, for non-zero ulValueLen with pValue as NULL pointer, an attempt was being made to read the ulValueLen length data from NULL pointer resulting in segmentation fault. To fix this, in such scenarios, pass ulValueLen as 0 to TEE. Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
- 09 3月, 2021 1 次提交
-
-
由 Etienne Carriere 提交于
Include missing unistd.h to support type gid_t. This change fixes [1]. Link: [1] http://autobuild.buildroot.net/results/34b9946e6d59112a7eead304933534ad4739a84c/build-end.logSigned-off-by: NEtienne Carriere <etienne.carriere@linaro.org> Acked-by: NJerome Forissier <jerome@forissier.org>
-
- 08 3月, 2021 3 次提交
-
-
由 Vesa Jääskeläinen 提交于
Implements support for digest operations as specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 5.10 Message digesting functions Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
由 Vesa Jääskeläinen 提交于
When error condition is detected in Cryptoki API side in bad argument processing add support for terminating active processing to comply with the specification. Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
由 Ruchika Gupta 提交于
Error code CKR_DATA_LEN_RANGE is mentioned in [1] for the mechanisms CKM_AES_ECB_ENCRYPT_DATA, CKM_AES_ECB_DECRYPT_DATA even though not explicitly specified in [2]. So, add it in the allowed error codes for C_DeriveKey(). [1] - Section 2.15.3 in "PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01" [2] - "PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01" Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Reviewed-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
- 23 2月, 2021 4 次提交
-
-
由 Ruchika Gupta 提交于
Add code for handling C_DeriveKey() for mechanisms : CKM_AES_ECB_ENCRYPT_DATA CKM_AES_CBC_ENCRYPT_DATA Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Ruchika Gupta 提交于
Allocate command ID for C_DeriveKey(). Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Ruchika Gupta 提交于
Add helper function for mechanisms CKM_AES_ECB_ENCRYPT_DATA CKM_AES_CBC_ENCRYPT_DATA Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
由 Ruchika Gupta 提交于
Add CK_KEY_DERIVATION_STRING_DATA. This provides parameters for miscellaneous simple key derivation mechanisms. Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NRuchika Gupta <ruchika.gupta@linaro.org>
-
- 15 2月, 2021 2 次提交
-
-
由 Vesa Jääskeläinen 提交于
Add support code for issuing C_SeedRandom() and C_GenerateRandom() commands to TA. Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-
由 Vesa Jääskeläinen 提交于
Allocate command IDs for C_SeedRandom() and C_GenerateRandom() functionality. Reviewed-by: NRuchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: NEtienne Carriere <etienne.carriere@linaro.org> Signed-off-by: NVesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-