summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Krzysztof Jackiewicz [Wed, 9 Oct 2019 14:22:54 +0000 (16:22 +0200)]
Move the logging code to a common directory
This is to avoid 2-way calls between ta and serialization directories which SAM
complains about.
Change-Id: Ibac9f6e6bbda7ee37c7bc5591cfa2a480c9c0531
Krzysztof Jackiewicz [Wed, 28 Aug 2019 10:07:07 +0000 (12:07 +0200)]
Simplify password handling
Change-Id: I57591c31259e28dfb154b544e3f5af7ba667ab31
Tomasz Swierczek [Wed, 4 Sep 2019 08:22:49 +0000 (10:22 +0200)]
Do not assign return value if its not needed
Opened/decrypted key is checked in KM_ExecCmdSign and KM_ExecCmdVerify
just after retrieval, so assigning return value is redundant.
Change-Id: I75502c006aa0cb5ec554d3aab7638e6c0765de98
Arkadiusz Bokowy [Fri, 16 Aug 2019 09:05:52 +0000 (11:05 +0200)]
Make sure we are not freeing NULL operation handle
According to the GP Internal API <= 1.1.2, freeing an invalid operation
handle should result in panic.
For GP Internal API >= 1.2 user can pass TEE_HANDLE_NULL to TEE_FreeOperation().
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
Change-Id: I6067c70e4fdc1f5ed658b35d6e8bdce90e107af5
Tomasz Swierczek [Fri, 9 Aug 2019 12:42:41 +0000 (14:42 +0200)]
Remove unused serialization definitions
Old magic-number-based serialization is replaced with new one,
that uses buffer size guards not to cause memory issues.
Old comments with serialization data removed, code is now
self-explanatory.
Change-Id: Ie7d68bafcfbaf89e4b892f635b85ba976bb525c9
Tomasz Swierczek [Mon, 5 Aug 2019 14:45:52 +0000 (16:45 +0200)]
Change serialization in TA to use new, simpler functions
Changed functions:
* CMD_GENERATE_KEY
* CMD_ENCRYPT
* CMD_DECRYPT
* CMD_SIGN
* CMD_VERIFY
* CMD_GENERATE_IV
* CMD_GENERATE_KEY_PWD
* CMD_DESTROY_KEY
Change-Id: I5db50848e115bd35e7bef3622ce9a4752ce19166
Krzysztof Jackiewicz [Thu, 4 Jul 2019 13:53:15 +0000 (15:53 +0200)]
Unify object and attribute size processing
- Some TEE implementations assume different object and attribute size
units (bits vs. bytes). This commit adds wrappers for affected TEE
API to simplify size unit switching.
- Remove unused key_bits_size argument from KM_OpenKey().
- Fix improper size unit used in KM_EncryptKey() and
KM_DecryptKey() (size bits was used for buffer allocation).
- Fix improper key size serialized with encrypted asymmetric key. Size
in bytes was serialized but bits were expected during
deserialization.
Change-Id: Icba600c6817e3e880af431ccd09944a3c2b3bcd5
Tomasz Swierczek [Mon, 20 May 2019 11:56:14 +0000 (13:56 +0200)]
Calm down warnings & errors for ARM build
* make logs compile fully only in debug mode
* make logs use our own BUILD_TYPE_DEBUG definition
* remove not used OpenSSL header
* initialize possibly uninitialize pointer to calm down overreacting gcc
* change AES_BLOCK_SIZE to extern
Change-Id: Ide148262c2426931be08276671e625f9c043f78a
Krzysztof Jackiewicz [Tue, 9 Apr 2019 08:02:59 +0000 (10:02 +0200)]
Remove unused function
Change-Id: If5fee179ef06c03c0f3108f6a3769a4a60729222
Krzysztof Jackiewicz [Fri, 5 Apr 2019 12:25:53 +0000 (14:25 +0200)]
Close key object after sign/verify
Persistent key object was not closed after signing/verification was performed
leading to access conflict error later.
Change-Id: I4fc6b73a1f69e1f24ecb7ce0e5ba350fa10cd6e5
Krzysztof Jackiewicz [Fri, 5 Apr 2019 11:30:53 +0000 (13:30 +0200)]
Use PKCS1 v1.5 instead of PKCS1 PSS padding
SW backend uses PKCS1 v1.5 not PKCS1 PSS. Adjust key-manager-ta to use the
former as well.
Change-Id: I83da0d9b00929481fcd01208b5cf8ca068627af4
Krzysztof Jackiewicz [Tue, 26 Mar 2019 15:47:55 +0000 (16:47 +0100)]
Adjust error codes to key-manager
Depending on the context the failing GCM tag verification should return
different errors. Key-manager distinguishes 2 such situations:
1. Client performs GCM decryption and tag verification fails. In such case the
error returned to the client should indicate invalid parameter.
2. Client performs a cryptographic operation using a password protected key. If
password is wrong the GCM decryption of the key fails and should return an error
indication authentication failuire.
If GCM decryption requested by cliend fails with TEE_ERROR_MAC_INVALID, return
TEE_ERROR_BAD_PARAMETERS (case 1). If key decryption fails with
TEE_ERROR_MAC_INVALID (case 2) propagate it to key-manager unchanged. This way
key-manager will be able to distinguish both cases.
Change-Id: I8b5cc23281d71959fc89511e183e205deff170ad
Krzysztof Jackiewicz [Thu, 21 Mar 2019 15:23:13 +0000 (16:23 +0100)]
Disable padding in stream ciphers
Stream ciphers like CFB or CTR should not be padded.
Adjust CFB implementation to work as a stream cipher. Remove unnecessary padding
in other cases.
Change-Id: Ibc12fa523898ddca0ab9296eaf8500c242d6f8e6
Lukasz Kostyra [Wed, 20 Feb 2019 11:22:09 +0000 (12:22 +0100)]
Add support for asymmetric operations
This commit adds support for asymmetric key operations. Implemented changes are:
Asymmetric key generation, RSA OAEP encryption/decryption, RSA/DSA signing and
verification operations.
Note that this commit introduces support for RSA/DSA algorithms only. Moreover,
DSA is supported only with SHA1 digest. TA is supposed to run on GP API 1.0
version, which does not support Elliptic Curve algorithms, or other digest types
for DSA.
Change-Id: I4631ffe34597931c60d1c6fa5d66edb192d7712b
Lukasz Kostyra [Thu, 24 Jan 2019 11:52:17 +0000 (12:52 +0100)]
Enable debug logs on DEBUG build type
Additionally fixes log buffering issue, by flushing stdout() every
log. Now logs should be immediately accessible on appropriate logging
output (ex. /var/log/ta/ on tef-simulator).
Change-Id: I47a9cf6f2b7d40ad347b2363b85d6928a21017d1
Tomasz Swierczek [Thu, 3 Jan 2019 09:02:13 +0000 (09:02 +0000)]
Merge "Remove unnecessary key generation" into tizen
Tomasz Swierczek [Wed, 28 Nov 2018 06:56:06 +0000 (07:56 +0100)]
Remove unnecessary key generation
When saving encrypted key, the unencrypted key was created
just to be overwritten later with unnecessary retrieval of
data from that key. This was changed to manually encrypting
key secret data & saving it with the key.
Change-Id: Idc7379deea35082804cab0048328c96f0f60e709
Pawel Kowalski [Wed, 28 Nov 2018 10:49:46 +0000 (11:49 +0100)]
Add gbs option to attach the test key
To attach the test key add following option to the gbs build:
--define "test_key ON". If the option is not set or is set to value
different than ON, the key won't be attached (it is not attached by
default).
Change-Id: Ied386b44ab85a4fdd2229a75cb444f40aca0b163
Tomasz Swierczek [Tue, 13 Nov 2018 08:46:38 +0000 (09:46 +0100)]
Add checking of return value from KM_CreateKey in KM_ExecCmdSaveData
Change-Id: I1c822bb6dc1f75d9919deb7b1e18a9b38b7443cd
Igor Kotrasinski [Fri, 26 Oct 2018 12:03:42 +0000 (14:03 +0200)]
Move optee config header to devkit conf dir
Change-Id: I6c6ec24387b75443b8e33f9ea2e107b871107aca
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Igor Kotrasinski [Fri, 26 Oct 2018 10:15:37 +0000 (12:15 +0200)]
Use new semantics for devkit TA configuration
The devkit now accepts a base directory to all backend-specific
configurations.
Change-Id: Ib8068d70651607f3a1d8600e290a8934262a4f8b
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
r.tyminski [Tue, 16 Oct 2018 07:47:13 +0000 (09:47 +0200)]
Compilation fixes for OpTEE.
Change-Id: Ia33a87899975e1793efefa2d1778aaba8c2f9fa0
r.tyminski [Tue, 16 Oct 2018 07:19:02 +0000 (09:19 +0200)]
Copy data to secure memory.
In solutions that shared memory is separated from normal world,
we need to copy data to secure world in TA.
Change-Id: I1634769c94d7023f4d2ec3e61e8f072f9b8eb977
Dongsun Lee [Tue, 11 Sep 2018 10:25:45 +0000 (19:25 +0900)]
Remove unused licenses in spec file
Change-Id: If7993493879d8ce30ef4377f54adbb05c489cac6
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Krzysztof Jackiewicz [Mon, 8 Oct 2018 08:59:31 +0000 (10:59 +0200)]
Fix base64 encoding function
Bitwise OR of unsigned int and a signed char is machine dependent and
could lead to invalid base64 encoding.
This commit makes it use unsigned char instead.
Change-Id: I8cf918158bca6783494b09aaa73fd710fb41f164
Bartlomiej Grzelewski [Tue, 2 Oct 2018 13:20:57 +0000 (15:20 +0200)]
Remove unused code
Change-Id: Ied2d1e0987bdf964c1c1b128fbe07e8eac18ab8b
Bartlomiej Grzelewski [Mon, 1 Oct 2018 17:07:15 +0000 (19:07 +0200)]
Support for initial values decryption
Change-Id: I5b5086a7db69e7677eda93ade1dd2500255a3f20
Bartlomiej Grzelewski [Tue, 25 Sep 2018 12:11:38 +0000 (14:11 +0200)]
Reduce number of import methods
Change-Id: Ifa869fb2c5688e348cd7dda5da1d7629c06b67b3
Tomasz Swierczek [Mon, 24 Sep 2018 15:15:06 +0000 (17:15 +0200)]
Enable release mode for TA manifest
It is needed to properly use tef-simulator outside real SDK
Change-Id: Ie869630f29e609fe6ea8e7792d1f6128fd2bcb30
Tomasz Swierczek [Thu, 13 Sep 2018 12:05:23 +0000 (14:05 +0200)]
Add data storage operations
Change-Id: Ieb0363d19d2b6f53783fce517a37e1b63d7759f3
r.tyminski [Mon, 9 Jul 2018 12:57:44 +0000 (14:57 +0200)]
Added doxygen documentation
Documentation for key manager ta defines/structures/enums.
Documentation for data serialization.
Change-Id: Ie71cc0a926858dcf0b0b481caa3b3082fed5626a
r.tyminski [Thu, 19 Apr 2018 15:22:40 +0000 (17:22 +0200)]
Use unified-ta-devkit package to build TA
Change-Id: I91c77e1ad5dc4f53d39f0728c598db47744599c9
Dongkyun Son [Mon, 16 Apr 2018 23:57:21 +0000 (08:57 +0900)]
packaging: Disable asan build for %{arm}, aarch64
Change-Id: I8eecb92b2a4863b656d9a4bf407dc1c0c4f0b61e
Signed-off-by: Dongkyun Son <dongkyun.s@samsung.com>
Dongkyun Son [Tue, 10 Apr 2018 15:49:45 +0000 (00:49 +0900)]
packaging: Disable building with ASan extra packs only for %{arm} arch.
Change-Id: Idd6a9a2a66d2ca79e20c39c99b7c9cd2ec8d65e5
Rafa? Tymi?ski [Fri, 9 Mar 2018 10:57:10 +0000 (10:57 +0000)]
Merge "Restart key-manager after TA installation" into tizen
Rafa? Tymi?ski [Fri, 9 Mar 2018 10:57:01 +0000 (10:57 +0000)]
Merge "Properly install manifest files" into tizen
Rafa? Tymi?ski [Fri, 9 Mar 2018 10:56:50 +0000 (10:56 +0000)]
Merge "Free leaking TEE_OperationHandle" into tizen
Rafa? Tymi?ski [Fri, 9 Mar 2018 10:56:37 +0000 (10:56 +0000)]
Merge "Use bytes instead of bits in TEE_InitRefAttribute" into tizen
Dongsun Lee [Thu, 8 Mar 2018 04:53:29 +0000 (13:53 +0900)]
Disable building repository with ASan extra packs
Change-Id: I72de104dcb239a449c388d1f5cac6226d4e4df08
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Lukasz Kostyra [Tue, 20 Feb 2018 09:35:30 +0000 (10:35 +0100)]
SVACE: Fix accidential case statement fall throughs
Change-Id: Ie266437477eacc6c146bc9b57703692fb32db5e5
Krzysztof Jackiewicz [Fri, 16 Feb 2018 13:07:47 +0000 (14:07 +0100)]
Restart key-manager after TA installation
Key-manager may keep the session to the previous TA. Restart it so that it
opens the session to the new one.
Change-Id: Id6a6de73fb3a1e23b555d8345f34806f009b0beb
Krzysztof Jackiewicz [Fri, 16 Feb 2018 12:58:34 +0000 (13:58 +0100)]
Properly install manifest files
Change-Id: Ib081fe61cb0f138726f84b702bcf08fbc0bca4ec
Krzysztof Jackiewicz [Fri, 16 Feb 2018 09:15:39 +0000 (10:15 +0100)]
Free leaking TEE_OperationHandle
Change-Id: I75e4f51056c69fc4d74bdedf473d00b486050a5e
Krzysztof Jackiewicz [Thu, 15 Feb 2018 15:28:14 +0000 (16:28 +0100)]
Use bytes instead of bits in TEE_InitRefAttribute
According to TEE Internal Core API spec TEE_InitRefAttribute expects a buffer
length, so bytes instead of bits.
Change-Id: Ie5348a357b83cb727ffbfff9e5be633c5b8b1da9
Igor Kotrasinski [Fri, 24 Nov 2017 09:37:35 +0000 (10:37 +0100)]
Remove unused WIP key verification code
This code is a non-functional WIP that is not used by key-manager. If
needed, we can restore it in the future.
Change-Id: I0e7d1840f7a6695dfb1342915c18a3262d1a71df
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Igor Kotrasinski [Thu, 23 Nov 2017 13:09:38 +0000 (14:09 +0100)]
Typo fixes in copypasted NULL comparisons
Change-Id: I5765575cf903400b6fbabcfb9b2c2eea49145dac
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
Krzysztof Jackiewicz [Thu, 23 Nov 2017 15:31:57 +0000 (16:31 +0100)]
Fix license issues
- Add license file
- Update License tag in spec
- Add missing license boilerplate
- Install the license file with rpms
- Change license headerĀ of user_ta_header_defines.h. The name contains only
definitions requreed by Optee OS and as such it should not be considered a
derivative work.
Change-Id: I0da62c022f83aca5b7bc13dd7ff863353d784c3e
Lukasz Kostyra [Thu, 23 Nov 2017 09:04:19 +0000 (10:04 +0100)]
Enable OpTee build
Change-Id: I1d5da59e911824674ee98e4d589b689962043ead
Lukasz Kostyra [Wed, 15 Nov 2017 11:04:12 +0000 (12:04 +0100)]
Rewrite symmetric crypto code to support key encryption
Change-Id: I0bc9b507e146192f9ae2c75332227cafa9502c49
Lukasz Kostyra [Tue, 14 Nov 2017 14:44:34 +0000 (15:44 +0100)]
Support importing keys
Change-Id: If7509f02b32351c32dda9e58d5af3dc108b8cfae
Lukasz Kostyra [Mon, 4 Sep 2017 13:13:01 +0000 (15:13 +0200)]
Implement PKCS7 and zero padding
PKCS7 padding is used in symmetric cipher operations, as GP API does not
support it natively.
Zero padding is used with PBKDF2 to allow passwords having less than 10
bytes.
Some minor bugs were also squashed to make the code fully working.
Change-Id: Ibec339af3e1adf2ff69d08a83baf07429ef567c3
Lukasz Kostyra [Wed, 16 Aug 2017 12:05:23 +0000 (14:05 +0200)]
Implement PBKDF2 key derivation routine
Change-Id: I40882cda3a59eb12b04416859b027c8b4cda302a
Lukasz Kostyra [Fri, 28 Jul 2017 13:40:23 +0000 (15:40 +0200)]
Implement digest and asymmetric operations
Change-Id: Iaee5d63bea67887665f5c171230c73c89cf010a3
Lukasz Kostyra [Thu, 20 Jul 2017 08:12:15 +0000 (10:12 +0200)]
Adjust TA to work with TEF Simulator
Change-Id: I52abe06fd92dac5c6c390ec1906cc7aab2b941e6
Lukasz Kostyra [Thu, 29 Jun 2017 12:10:52 +0000 (14:10 +0200)]
Finish symmetric encryption, add missing AES CFB mode
Because this is supposed to be a TA-only repo, the old
test CA code was removed, along with some deprecated
modules from early development stages.
Change-Id: I7414f1aa7254b78d9be4148ee324a9e74d400f3c
Lukasz Kostyra [Tue, 6 Jun 2017 09:40:02 +0000 (11:40 +0200)]
log: printf in one call, add extra info
Change-Id: I1653832d0f408efbdfa6db628eba20ce10ec26b2
Lukasz Kostyra [Wed, 31 May 2017 15:12:17 +0000 (17:12 +0200)]
Adjustments to KM TA, further implementation WIP
Change-Id: Ib68bb63c97080602d3fe9a232e4f6caa7d983d91
r.tyminski [Tue, 27 Jun 2017 12:34:13 +0000 (14:34 +0200)]
Adding packaging that use optee-os-ta-devel toolkit
Change-Id: I4b52a284c27065e2166fb7a1f014e4ea2180fb2c
r.tyminski [Wed, 10 May 2017 13:19:58 +0000 (15:19 +0200)]
Initial source code commit
Change-Id: I22841985f12e09d22fbabcf4870ab17c8cc7434b
Tizen Infrastructure [Mon, 3 Apr 2017 07:02:36 +0000 (00:02 -0700)]
Initial empty repository