Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove core dependencies from generic part #11

Merged
1 commit merged into from
Aug 13, 2014
Merged

Remove core dependencies from generic part #11

1 commit merged into from
Aug 13, 2014

Conversation

pascal-brand38
Copy link
Contributor

This concerns:

  • Communication Non-Secure <--> Secure
  • asm.S, which is arm specific
  • sys/types.h contains some types not defined on all compilers

Signed-off-by: Pascal Brand [email protected]

@pascal-brand38
Copy link
Contributor Author

We normally don't put an _ in the name of the inclusion guard.

I'll remove it

The arm32 part of the filename is redundant since we're already below arch/arm32

Right. But we have already a tee_fs.c in the generic part. That is why I used this name. However, I'm opened to any other name

Since this file is extending sys/types.h, why not have it in the same directory?

Because depending on the compiler, all the types are not defined in sys/types.h. sys/types.h is not available on arm since we do not include libc. However, it can be the case on other platforms. So on given platforms, we will use types_ext.h as given by the TEE, but sys/types.h as given by the compiler.

Comments about common code arm32 and arm64

Well, this is not what I call "generic". They cannot be used on other cores, like the st231 for example. That is why I removed it from the generic part.
I think we should have an offline discussion about "how to deal with common code arm32 / arm64".

Let me know if I missed any comment.

This concerns:
- Communication Non-Secure <--> Secure
- sys/types.h contains some types not defined on all compilers

Signed-off-by: Pascal Brand <[email protected]>
@pascal-brand38
Copy link
Contributor Author

Here is a new version of the patch without asm.S and driver changes.

@ghost ghost merged commit ec21959 into OP-TEE:master Aug 13, 2014
@pascal-brand38 pascal-brand38 deleted the cr/generic_to_arm branch October 10, 2014 13:39
@jenswi-linaro jenswi-linaro mentioned this pull request Apr 15, 2020
vingu-linaro pushed a commit to vingu-linaro/optee_os that referenced this pull request May 20, 2020
A squashed series of changes in stm32mp1 clock driver for
supporting SCMI server as a clock consumer. These changes
have not been upstream yet in OP-TEE OS. Below the details.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#1
plat-stm32mp1: clock: remove oscillators and PLLs from shared resources

Oscillators, PLL1 and PLL2 are not resources allocated upon platform
configuration, these are always under secure world control. This change
removes them fro the list of the shared resources.

Since these resource are always secure, there is no need to look up
clock tree when a leaf clock is registered as secure to know which
parent clock(s) is/are secure. This removes functions from
shared_resources.c and stm32mp1_clk.c.

stm32mp_register_clock_parents_secure() can be removed and all its
private dependencies.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#2
plat-stm32mp1: clock: fix mcu/axi parent clock

Correct MCU clock parent selector: MCU subsystem clock is derived
from clock  PLL3_P, not PLL3.

Correct AXI clock parent selector: AXI subsystem clock is derived
from clock  PLL2_P, not PLL2.

This change also renames MCU clock and AXI clock resources to
prevent confusion.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#3
plat-stm32mp1: clock: allow tree lookup for several system clocks

Oscillators, PLLs and some system clocks can be related straight to
a parent clock. Prior this change were only oscillators and few
clocks supported by this look up. This changes adds PLLs and other
system clocks. This enables for flexible use of clock tree exploration
when computing a clock frequency value.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#4
plat-stm32mp1: clock: handle always on clocks

Oscillators and PLLs are not gated on stm32mp_clk_enable/disable()
calls. This change allows function to blindly call clock gating function
on always on clocks. Gating these clock is out of the scope of this
change even if preferred for power consumption optimization.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#5
plat-stm32mp1: clock: add rtc as gateable clock

Add clock RTC as a clock one can access through the
stm32_util.h API function stm32_clock_*().

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#6
plat-stm32mp1: clock: enable some secure clocks at init

With this change some system clock are enabled by core at
boot time and have a reference counter synchronized with
the clock hardware state.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#7
plat-stm32mp1: factorize rtc clock gating bit position

For consistency, define macro RCC_BDCR_RTCCKEN_POS in stm32mp1_rcc.h
to factorize definition of the RTC clock gating resources.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#8
plat-stm32mp1: add mdma secure clock

Add support for MDMA secure clock.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#9
plat-stm32mp1: remove unused usb non-secure clock

Remove unused clocks USBO_CLK and USBPHY_K resources.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#10
plat-stm32mp1: clock: secure and non-secure gateable clocks

Array stm32mp1_clk_gate[] defines the clock resources. This change
add a secure attribute to the clock: secure upon RCC[TZEN] (SEC),
secure upon RCC[TZEN] and RCC[MCKPROT] (MKP) or always accessible
from non-secure (N_S).

At init, lookup clock tree to ensure that parents of a secure clock
are registered a secure resources in the shared_resources.c driver.

Non-secure clock that OP-TEE expect to enable are enabled without
increase the clock refcount. For consistency, such clocks are not
disabled by core. Such clocks may be accessed by OP-TEE Core when
the non-secure world is not executing, for example at boot time
or could be when system is suspending/resuming.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#11
plat-stm32mp1: clock: fixup parent clock ids

Use _UNKNOWN_ID macro rather than 0xff for clocks parent IDs
that do not relate to a gateable clock.

Fix parent clock ID _HSE_KER_DIV2 that relates to clock
CK_HSE_KER_DIV2, not CK_HSE.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#12
plat-stm32mp1: clock: don't embed unused non-secure uart clock

Embed UART parent clock resource upon CFG_WITH_NSEC_UARTS=y.
This configuration switch was already used to embed or not
the non-secure UART clocks but not the resources used to
looks there ascendant clocks.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#13
plat-stm32mp1: shared resources: get shared clock controller state

stm32mp_nsec_can_access_clock() reports whether a clock is assigned
to the secure world only, or when it can be manipulated by the
non-secure world.

Signed-off-by: Etienne Carriere <[email protected]>

### Commit message OP-TEE#14
plat-stm32mp1: shared resource: remove unused stm32mp_clock_is_*()

Remove unused functions stm32mp_clock_is_shareable(),
stm32mp_clock_is_shared() and stm32mp_clock_is_non_secure().

Signed-off-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 18, 2020
When creating a new public/private key in its template it is not mandatory
to have CKA_SUBJECT field. However in the object stored in it must be
present.

If CKA_SUBJECT is not present it will be given empty default value.

In PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01:

4.8 Public key objects:

  CKA_SUBJECT -- DER-encoding of the key subject name (default empty)

4.9 Private key objects:

  CKA_SUBJECT -- DER-encoding of the key subject name (default empty)

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 18, 2020
CKA_PUBLIC_EXPONENT can also be provided by calling process when creating
a new RSA key pair.

Specified in:

PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01

2.1.2 RSA public key objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 18, 2020
Specified in:

PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

C_SetAttributeValue

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 18, 2020
Specified in:

PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.10 PKCS OP-TEE#1 RSA PSS

To support CKM_RSA_PKCS_PSS request params for hash and mgf need to be
translated to TEE operation ID.

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 18, 2020
Adds support for:

PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 18, 2020
It is fully allowed to have pre-defined CKA_ID values during key-pair
generation.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
C_GenerateKeyPair

Fixes: c3c16294 ("pkcs11: Fix object creation to have only one ID")

Signed-off-by: Vesa Jääskeläinen <[email protected]>
ruchi393 added a commit to ruchi393/optee_os that referenced this pull request Dec 24, 2020
PKCS#11 Specification[1] states that Private session/token objects
cannot be created in Public sessions. So, add a check for access
type when creating objects.

[1] PKCS OP-TEE#11 Cryptographic Token Interface Usage Guide Version 2.40
(Table 3 - ACCESS TO DIFFERENT TYPES OBJECTS BY DIFFERENT TYPES
OF SESSIONS)

Signed-off-by: Ruchika Gupta <[email protected]>
ruchi393 added a commit to ruchi393/optee_os that referenced this pull request Dec 28, 2020
PKCS#11 Specification[1] states that Private session/token objects
cannot be created in Public sessions. So, add a check for access
type when creating objects.

[1] PKCS OP-TEE#11 Cryptographic Token Interface Usage Guide Version 2.40
(Table 3 - ACCESS TO DIFFERENT TYPES OBJECTS BY DIFFERENT TYPES
OF SESSIONS)

Signed-off-by: Ruchika Gupta <[email protected]>
Reviewed-by: Vesa Jääskeläinen <[email protected]>
jforissier pushed a commit that referenced this pull request Dec 28, 2020
PKCS#11 Specification[1] states that Private session/token objects
cannot be created in Public sessions. So, add a check for access
type when creating objects.

[1] PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40
(Table 3 - ACCESS TO DIFFERENT TYPES OBJECTS BY DIFFERENT TYPES
OF SESSIONS)

Signed-off-by: Ruchika Gupta <[email protected]>
Reviewed-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 30, 2020
When creating a new public/private key in its template it is not mandatory
to have CKA_SUBJECT field. However in the object stored in it must be
present.

If CKA_SUBJECT is not present it will be given empty default value.

In PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01:

4.8 Public key objects:

  CKA_SUBJECT -- DER-encoding of the key subject name (default empty)

4.9 Private key objects:

  CKA_SUBJECT -- DER-encoding of the key subject name (default empty)

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 30, 2020
This commit only adds common key pair generation support code.

Actual mechanism specific key pair generation codes are in their own
commits.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40 Plus
Errata 01

5.13 Key management functions
C_GenerateKeyPair

Co-developed-by: Etienne Carriere <[email protected]>
Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 30, 2020
Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01

2.3.5 Elliptic curve key pair generation

Co-developed-by: Ricardo Salveti <[email protected]>
Co-developed-by: Etienne Carriere <[email protected]>
Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 31, 2020
When creating a new public/private key in its template it is not mandatory
to have CKA_SUBJECT field. However in the object stored in it must be
present.

If CKA_SUBJECT is not present it will be given empty default value.

In PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01:

4.8 Public key objects:

  CKA_SUBJECT -- DER-encoding of the key subject name (default empty)

4.9 Private key objects:

  CKA_SUBJECT -- DER-encoding of the key subject name (default empty)

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 31, 2020
This commit only adds common key pair generation support code.

Actual mechanism specific key pair generation codes are in their own
commits.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40 Plus
Errata 01

5.13 Key management functions
C_GenerateKeyPair

Co-developed-by: Etienne Carriere <[email protected]>
Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 31, 2020
Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01

2.3.5 Elliptic curve key pair generation

Co-developed-by: Ricardo Salveti <[email protected]>
Co-developed-by: Etienne Carriere <[email protected]>
Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 31, 2020
It is mandatory to have CKF_SERIAL_SESSION set when invoking
C_OpenSession(). Return value CKR_SESSION_PARALLEL_NOT_SUPPORTED must be
returned.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.6 Session management functions
C_OpenSession

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Dec 31, 2020
It is mandatory to have CKF_SERIAL_SESSION set when invoking
C_OpenSession(). Return value CKR_SESSION_PARALLEL_NOT_SUPPORTED must be
returned.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.6 Session management functions
C_OpenSession

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
Add support for performing RSA signing & verification operations for:

- PKCS OP-TEE#1 v1.5 RSA with supplied hash value
- Multi stage MD5
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1 RSA

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
Add support for performing RSA PSS signing & verification operations for:

- PKCS OP-TEE#1 RSA PSS with supplied hash value
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.10 PKCS OP-TEE#1 RSA PSS

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
Add support for performing PKCS OP-TEE#1 RSA OAEP encryption & decryption
operations for:

- MGF1 SHA-1
- MGF1 SHA-224
- MGF1 SHA-256
- MGF1 SHA-384
- MGF1 SHA-512

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.8 PKCS OP-TEE#1 RSA OAEP

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
When invalid input data is provided for TEE_AsymmetricEncrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Encrypt()/C_EncryptFinal() should return in this
case CKR_DATA_LEN_RANGE.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.8 Encryption functions
C_Encrypt/C_EncryptFinal

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
When invalid input data is provided for TEE_AsymmetricDecrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Decrypt()/C_DecryptFinal() should return in this
case CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE.

As it is hard to determine which case it is return matching error similar
to encryption case.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.9 Decryption functions
C_Decrypt/C_DecryptFinal

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
Different requirements are in place when importing RSA public key vs.
generaing a new RSA key pair.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.2 RSA public key objects
and
2.1.4 PKCS OP-TEE#1 RSA key pair generation

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
Add support for performing RSA PSS signing & verification operations for:

- PKCS OP-TEE#1 RSA PSS with supplied hash value
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.10 PKCS OP-TEE#1 RSA PSS

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
Add support for performing PKCS OP-TEE#1 RSA OAEP encryption & decryption
operations for:

- MGF1 SHA-1
- MGF1 SHA-224
- MGF1 SHA-256
- MGF1 SHA-384
- MGF1 SHA-512

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.8 PKCS OP-TEE#1 RSA OAEP

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
When invalid input data is provided for TEE_AsymmetricEncrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Encrypt()/C_EncryptFinal() should return in this
case CKR_DATA_LEN_RANGE.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.8 Encryption functions
C_Encrypt/C_EncryptFinal

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
When invalid input data is provided for TEE_AsymmetricDecrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Decrypt()/C_DecryptFinal() should return in this
case CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE.

As it is hard to determine which case it is return matching error similar
to encryption case.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.9 Decryption functions
C_Decrypt/C_DecryptFinal

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 6, 2021
Different requirements are in place when importing RSA public key vs.
generaing a new RSA key pair.

Specified in:
PKCS OP-TEE#11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.2 RSA public key objects
and
2.1.4 PKCS OP-TEE#1 RSA key pair generation

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
jforissier pushed a commit that referenced this pull request Aug 9, 2021
Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.4 PKCS #1 RSA key pair generation

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
jforissier pushed a commit that referenced this pull request Aug 9, 2021
Add support for performing RSA signing & verification operations for:

- PKCS #1 v1.5 RSA with supplied hash value
- Multi stage MD5
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1 RSA

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
jforissier pushed a commit that referenced this pull request Aug 9, 2021
Add support for performing RSA PSS signing & verification operations for:

- PKCS #1 RSA PSS with supplied hash value
- Multi stage SHA-1
- Multi stage SHA-224
- Multi stage SHA-256
- Multi stage SHA-384
- Multi stage SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.10 PKCS #1 RSA PSS

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
jforissier pushed a commit that referenced this pull request Aug 9, 2021
Add support for performing PKCS #1 RSA OAEP encryption & decryption
operations for:

- MGF1 SHA-1
- MGF1 SHA-224
- MGF1 SHA-256
- MGF1 SHA-384
- MGF1 SHA-512

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.8 PKCS #1 RSA OAEP

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
jforissier pushed a commit that referenced this pull request Aug 9, 2021
When invalid input data is provided for TEE_AsymmetricEncrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Encrypt()/C_EncryptFinal() should return in this
case CKR_DATA_LEN_RANGE.

Specified in:
PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.8 Encryption functions
C_Encrypt/C_EncryptFinal

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
jforissier pushed a commit that referenced this pull request Aug 9, 2021
When invalid input data is provided for TEE_AsymmetricDecrypt() it will
fail with TEE_ERROR_BAD_PARAMETERS.

PCSK#11 operation for C_Decrypt()/C_DecryptFinal() should return in this
case CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE.

As it is hard to determine which case it is return matching error similar
to encryption case.

Specified in:
PKCS #11 Cryptographic Token Interface Base Specification
Version 2.40 Plus Errata 01
5.9 Decryption functions
C_Decrypt/C_DecryptFinal

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
jforissier pushed a commit that referenced this pull request Aug 9, 2021
Different requirements are in place when importing RSA public key vs.
generaing a new RSA key pair.

Specified in:
PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
Version 2.40 Plus Errata 01
2.1.2 RSA public key objects
and
2.1.4 PKCS #1 RSA key pair generation

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 13, 2021
Adds support for:

PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Aug 27, 2021
Adds support for:

PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Sep 19, 2021
Adds support for:

PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Oct 1, 2021
Adds support for:

PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Oct 2, 2021
Adds support for:

PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
vesajaaskelainen added a commit to vesajaaskelainen/optee_os that referenced this pull request Oct 4, 2021
Adds support for:

PKCS OP-TEE#11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
jforissier pushed a commit that referenced this pull request Oct 5, 2021
Adds support for:

PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01

4.6 Certificate objects
4.6.3 X.509 public key certificate objects

Signed-off-by: Vesa Jääskeläinen <[email protected]>
Reviewed-by: Etienne Carriere <[email protected]>
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant