OP-TEE TA/Library for Secure Key Services (PKCS#11)
This git repository contains both the Trusted Application and the client for the OP-TEE Secure Key Services (PKCS#11).
Code is based on the current work-in-progress implementation started by Etienne Carriere [email protected], which can be found at OP-TEE/optee_os#2342.
Hello,
I have compiled TA/secure_key_services sources with command "make".
I am finding this error :
src/processing_ec.c:7:10: fatal error: config.h: No such file or directory
#include <config.h>
^~~~~~~~~~
compilation terminated.
/home/devel/build.mx8mmevk/export-ta_arm64/mk/compile.mk:146: recipe for target 'src/processing_ec.o' failed
make: *** [src/processing_ec.o] Error 1
how to avoid this ?
thank you
Thanks for maintaining this out of optee tree, so we can use it existing optee implementation.
I'm trying to use this in order to store and perfom operation on a ec prime256v1 key. I manage to create the key but not to use it. Am I doing something wrong ?
# pkcs11-tool --module /usr/lib/libsks.so.0.0 --login --pin 12345678 --keypairgen --key-type EC:prime256v1 --label testkey --id 02
Using slot 0 with a present token (0x0)
Key pair generated:
Private Key Object; EC
label: testkey
ID: 02
Usage: sign, derive
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104021d05e8aa992c1106c4bb55bd5ac786a50c957109c0815cc6f5e05a870b2011eceb38bfb243b16e09519a3bf888096b16f8e7cc264383e94c736d611d634f95
EC_PARAMS: 06082a8648ce3d030107
label: testkey
ID: 02
Usage: verify, derive
# dd if=/dev/random of=32bytes count=32 bs=1
# pkcs11-tool --module /usr/lib/libsks.so.0.0 --login --pin 12345678 --sign -m ECDSA --id 02 --input-file 32bytes --output-file sign.out
Using slot 0 with a present token (0x0)
error: Private key not found
Aborting.
Hi all,
I have a question regarding the crypto interface implementation found in OPTEE OS in core/drivers/crypto/crypto_api: is that implementation supposed to be accessible/usable through this PKCS11 frontend?
The reason behind my question is that we've had a report of a bug when attempting to decrypt with RSA keys on an i.MX 8M Mini EVK device using the TA-based crypto implementation. The TA returned a TEE_ERROR_BAD_PARAMETERS, and we traced it to this function. As far as I understand it, however, given the checks on line 190, that implementation is not compatible with PKCS11 because it does not permit the first of the common calling conventions described here (and which we rely on to determine the size of the decrypted data).
I'm unsure whether this is an issue with the backend or the frontend - I hope this is the right place to ask, let me know otherwise!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.