{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":780648704,"defaultBranch":"master","name":"optee_os","ownerLogin":"samitolvanen","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2024-04-01T22:41:32.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1209872?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1712184607.0","currentOid":""},"activityList":{"items":[{"before":"eb518c111fe946a482af87efc937205aa9334d68","after":"3095e107fc8b6e9df86eb5d5733d810be4eda368","ref":"refs/heads/optee-mgf1","pushedAt":"2024-05-23T15:10:40.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for AOSP compatibility\n(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>\nReviewed-by: Jens Wiklander <jens.wiklander@linaro.org>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"8642f6edadc4f4a6744e88f2264576aefde75870","after":"eb518c111fe946a482af87efc937205aa9334d68","ref":"refs/heads/optee-mgf1","pushedAt":"2024-05-22T16:06:32.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for AOSP compatibility\n(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"e23655e01ea03ab5bfc828b79bae6539ad0b1886","after":"8642f6edadc4f4a6744e88f2264576aefde75870","ref":"refs/heads/optee-mgf1","pushedAt":"2024-05-21T15:54:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for AOSP compatibility\n(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"639589984844da38683f7db0cb920c4d19a6a6ac","after":"c5765f8351390f43011b51fcb57010384893b8e3","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-23T15:46:03.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3\n\nWhen generating RSA key pairs, OP-TEE currently enforces a minimum public\nexponent size of 65537 per NIST SP800-56B recommendations. However, AOSP\nKeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1]) requires\nimplementations to support public exponent 3 for backwards compatibility.\nAdd CFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5258 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>\nReviewed-by: Jerome Forissier <jerome.forissier@linaro.org>\nReviewed-by: Jens Wiklander <jens.wiklander@linaro.org>","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":"02fdbdb94e3bd62d76a00b04040e46917962fef3","after":"112a371dc2f482ce544bc772e3c62d739730b67b","ref":"refs/heads/optee-buffer","pushedAt":"2024-04-23T15:43:46.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"libutee: process a full buffer immediately\n\nIn tee_buffer_update, libutee currently delays processing an input\nblock until more space is needed in the buffer, which is perfectly\nvalid behavior, but doesn't match AOSP compatibility requirements.\n\nSpecifically, both CTS (testKatEncryptOneByteAtATime [1]) and VTS\n(EncryptionOperationsTest.*OneByteAtATime [2]) expect block cipher\nimplementations to produce an output block as soon as a full block\nof input has been received. Change libutee behavior to be AOSP\ncompatible.\n\nLink: https://android.googlesource.com/platform/cts/+/refs/heads/main/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java#779 [1]\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp#827 [2]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>\nReviewed-by: Jens Wiklander <jens.wiklander@linaro.org>","shortMessageHtmlLink":"libutee: process a full buffer immediately"}},{"before":"56edae55700e719a1820f30dd854aa5eb0512460","after":"e23655e01ea03ab5bfc828b79bae6539ad0b1886","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-18T20:37:08.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for AOSP compatibility\n(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"2bdf2b7201fd6218ddb7f725f1f2b2712eb8e4f5","after":"02fdbdb94e3bd62d76a00b04040e46917962fef3","ref":"refs/heads/optee-buffer","pushedAt":"2024-04-18T18:31:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"libutee: process a full buffer immediately\n\nIn tee_buffer_update, libutee currently delays processing an input\nblock until more space is needed in the buffer, which is perfectly\nvalid behavior, but doesn't match AOSP compatibility requirements.\n\nSpecifically, both CTS (testKatEncryptOneByteAtATime [1]) and VTS\n(EncryptionOperationsTest.*OneByteAtATime [2]) expect block cipher\nimplementations to produce an output block as soon as a full block\nof input has been received. Change libutee behavior to be AOSP\ncompatible.\n\nLink: https://android.googlesource.com/platform/cts/+/refs/heads/main/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java#779 [1]\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp#827 [2]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"libutee: process a full buffer immediately"}},{"before":"4f3db83bb38ac9931f9351e4ec04d9e91579ecf0","after":"639589984844da38683f7db0cb920c4d19a6a6ac","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-17T22:53:44.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3\n\nWhen generating RSA key pairs, OP-TEE currently enforces a minimum public\nexponent size of 65537 per NIST SP800-56B recommendations. However, AOSP\nKeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1]) requires\nimplementations to support public exponent 3 for backwards compatibility.\nAdd CFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5258 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":"66a991592aa55a0d5246420fb4017a8103d4cd87","after":"2bdf2b7201fd6218ddb7f725f1f2b2712eb8e4f5","ref":"refs/heads/optee-buffer","pushedAt":"2024-04-17T20:31:34.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"libutee: process a full buffer immediately\n\nIn tee_buffer_update, libutee currently delays processing an input\nblock until more space is needed in the buffer, which is perfectly\nvalid behavior, but doesn't match AOSP compatibility requirements.\n\nSpecifically, both CTS (testKatEncryptOneByteAtATime [1]) and VTS\n(EncryptionOperationsTest.*OneByteAtATime [2]) expect block cipher\nimplementations to produce an output block as soon as a full block\nof input has been received. Change libutee behavior to be AOSP\ncompatible.\n\nLink: https://android.googlesource.com/platform/cts/+/refs/heads/main/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java#779 [1]\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp#827 [2]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"libutee: process a full buffer immediately"}},{"before":"4684f4d042b1f5e25fca2629ff07783cb867b810","after":"66a991592aa55a0d5246420fb4017a8103d4cd87","ref":"refs/heads/optee-buffer","pushedAt":"2024-04-16T20:31:30.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"libutee: process a full buffer immediately\n\nIn tee_buffer_update, libutee currently delays processing an input\nblock until more space is needed in the buffer, which is perfectly\nvalid behavior, but doesn't match AOSP compatibility requirements.\n\nSpecifically, both CTS (testKatEncryptOneByteAtATime [1]) and VTS\n(EncryptionOperationsTest.*OneByteAtATime [2]) expect block cipher\nimplementations to produce an output block as soon as a full block\nof input has been received. Change libutee behavior to be AOSP\ncompatible.\n\nLink: https://android.googlesource.com/platform/cts/+/refs/heads/main/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java#779 [1]\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp#827 [2]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"libutee: process a full buffer immediately"}},{"before":"fbb9fe247b196999b423464e2346822ed5cc2aae","after":"4f3db83bb38ac9931f9351e4ec04d9e91579ecf0","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-16T18:21:33.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3\n\nWhen generating RSA keypairs, OP-TEE currently enforces a minimum public\nexponent size of 65537 per NIST SP800-56B recommendations. However, AOSP\nKeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1]) requires\nimplementations to support public exponent 3 for backwards compatibility.\nAdd CFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5258 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":"0bbc9f0e8325af77ca50b973d3469cb6b01bbbdf","after":"fbb9fe247b196999b423464e2346822ed5cc2aae","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-16T16:38:24.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3\n\nWhen generating RSA keypairs, OP-TEE currently enforces a minimum public\nexponent size of 65537 per NIST SP800-56B recommendations. However, AOSP\nKeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1]) requires\nimplementations to support public exponent 3 for backwards compatibility.\nAdd CFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5258 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":"b5ffff602ace7c4ddae32bb6abe4f1ecd89ff98f","after":"0bbc9f0e8325af77ca50b973d3469cb6b01bbbdf","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-15T23:44:40.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3\n\nWhen generating RSA keypairs, OP-TEE currently enforces a minimum public\nexponent size of 65537 per NIST SP800-56B recommendations. However, AOSP\nKeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1]) requires\nimplementations to support public exponent 3 for backwards compatibility.\nAdd CFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5372 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":"6e844dbcc9a10c18a84959239e58b10d675958f3","after":"b5ffff602ace7c4ddae32bb6abe4f1ecd89ff98f","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-11T20:51:52.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3\n\nOP-TEE currently enforces a minimum RSA public exponent of\n65537 per NIST SP800-56B recommendations. However, AOSP\nKeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1])\nrequires implementations to also support public exponent 3 for\nbackwards compatibility. Add CFG_RSA_PUB_EXPONENT_3 to also\nallow public exponents >= 3.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5372 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":"d66d7283a5d9d3ab9f05fbed050e43e20fac1525","after":"56edae55700e719a1820f30dd854aa5eb0512460","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-08T17:04:09.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for AOSP compatibility\n(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"c3a4cfa3d0298e5a2f6d59454bc752c8c061516f","after":"d66d7283a5d9d3ab9f05fbed050e43e20fac1525","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-05T21:27:06.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"Rename mgf_digest_size to mgf_size to fix checkpatch warnings\n\nReformatting these function calls will always result in checkpatch\nwarnings unless the variable names are shorter or the calls is\nrefactored to a separate function. Shortening the name is simpler.\n\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"Rename mgf_digest_size to mgf_size to fix checkpatch warnings"}},{"before":"bc782c3e225a95b8b8035d6f8a63b62701c739b4","after":"c3a4cfa3d0298e5a2f6d59454bc752c8c061516f","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-05T19:27:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"Fix crypto_acipher_rsaes_(en|de)crypt declarations in core/crypto/crypto.c","shortMessageHtmlLink":"Fix crypto_acipher_rsaes_(en|de)crypt declarations in core/crypto/cry…"}},{"before":"b0070fb7cedf534ebb9f4f7096507c959b2de622","after":"bc782c3e225a95b8b8035d6f8a63b62701c739b4","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-04T21:50:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for AOSP compatibility\n(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"f1ab07250d5a5ac6a9af7b0d9bf8e5868a68ed78","after":"b0070fb7cedf534ebb9f4f7096507c959b2de622","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-04T20:28:15.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for AOSP compatibility\n(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"af065db4ffb10e3f9934dde2d39401f885390917","after":"4684f4d042b1f5e25fca2629ff07783cb867b810","ref":"refs/heads/optee-buffer","pushedAt":"2024-04-04T16:39:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"libutee: process a full buffer immediately\n\nIn tee_buffer_update, libutee currently delays processing an input\nblock until more space is needed in the buffer, which is perfectly\nvalid behavior, but doesn't match AOSP compatibility requirements.\n\nSpecifically, both CTS (testKatEncryptOneByteAtATime [1]) and VTS\n(EncryptionOperationsTest.*OneByteAtATime [2]) expect block cipher\nimplementations to produce an output block as soon as a full block\nof input has been received. Change libutee behavior to be AOSP\ncompatible.\n\nLink: https://android.googlesource.com/platform/cts/+/refs/heads/main/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java#779 [1]\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp#812 [2]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"libutee: process a full buffer immediately"}},{"before":"10cf2fea41fd86450eb19c088d08f555734e7076","after":"f1ab07250d5a5ac6a9af7b0d9bf8e5868a68ed78","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-04T16:38:52.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for AOSP compatibility\n(e.g. in EncryptionOperationsTest.RsaOaepWithMGFDigestSuccess [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"744acc2ebd8b2ab836e24f26c3c5c5126e2fddea","after":"6e844dbcc9a10c18a84959239e58b10d675958f3","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-04T16:37:14.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3\n\nOP-TEE currently enforces a minimum RSA public exponent of\n65537 per NIST SP800-56B recommendations. However, AOSP\nKeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1])\nrequires implementations to also support public exponent 3. Add\nCFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3 for AOSP\ncompatibility.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5372 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":"018b51632771525e887c41a5a440f3788a467d7c","after":"af065db4ffb10e3f9934dde2d39401f885390917","ref":"refs/heads/optee-buffer","pushedAt":"2024-04-04T16:34:50.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"libutee: process a full buffer immediately\n\nIn tee_buffer_update, libutee currently delays processing an input\nblock until more space is needed in the buffer, which is perfectly\nvalid behavior, but doesn't match AOSP compatibility requirements.\n\nSpecifically, both CTS (testKatEncryptOneByteAtATime [1]) and VTS\n(EncryptionOperationsTest/*OneByteAtATime [2]) expect block cipher\nimplementations to produce an output block as soon as a full block\nof input has been received. Change libutee behavior to be AOSP\ncompatible.\n\nLink: https://android.googlesource.com/platform/cts/+/refs/heads/main/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java#779 [1]\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp#812 [2]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"libutee: process a full buffer immediately"}},{"before":"d0f7143a122db06b48b948624dc50469505b3dc3","after":"10cf2fea41fd86450eb19c088d08f555734e7076","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-04T16:08:57.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for Android compatibility\n(e.g. EncryptionOperationsTest/RsaOaepWithMGFDigestSuccess in the\nVendor Test Suite [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that\nonly libtomcrypt supports this feature at the moment, so other\nimplementations will either fail or fall back to libtomcrypt when\npassed a different MGF1 hash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":"11341b78f506bea9893deb791ccd6e2304bdf49b","after":"744acc2ebd8b2ab836e24f26c3c5c5126e2fddea","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-03T23:02:16.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3\n\nOP-TEE currently enforces a minimum RSA public exponent of 65537\nper NIST SP800-56B recommendations. However, AOSP KeyMint VTS tests\n[1] require implementations to also support public exponent 3. Add\nCFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3 for AOSP\ncompatibility.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5372 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":null,"after":"11341b78f506bea9893deb791ccd6e2304bdf49b","ref":"refs/heads/optee-rsaexp3","pushedAt":"2024-04-03T22:50:07.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: add CFG_RSA_PUB_EXPONENT_3","shortMessageHtmlLink":"core: add CFG_RSA_PUB_EXPONENT_3"}},{"before":null,"after":"018b51632771525e887c41a5a440f3788a467d7c","ref":"refs/heads/optee-buffer","pushedAt":"2024-04-03T17:10:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"libutee: process a full buffer immediately\n\nIn tee_buffer_update, libutee currently delays processing a full\ninput buffer until more space is needed, which is perfectly valid\nbehavior, but doesn't match Android compatibility requirements.\n\nSpecifically, both Android CTS [1] and VTS [2] expect block cipher\nimplementations to produce output as soon as a full block of\ninput has been received. Change libutee behavior to match Android\nrequirements.\n\nLink: https://android.googlesource.com/platform/cts/+/refs/heads/main/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java#779 [1]\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp#812 [2]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"libutee: process a full buffer immediately"}},{"before":"a471cdecfb1cbeec4999c996ac4ccde1def54efe","after":"fc57019cb35c8c1bad66fc6d814ace5debde170a","ref":"refs/heads/master","pushedAt":"2024-04-03T16:57:33.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"plat-sam: add support for Microchip sama7g54-ek board\n\nAdd the main functions for sama7g54 initialize, including:\n - console_init()\n - Matrix, TZC, TZPM, interrupt related\nUpdate conf.mk and Makefile for sama7g5 OP-TEE support.\n\nSigned-off-by: Tony Han <tony.han@microchip.com>\nAcked-by: Jens Wiklander <jens.wiklander@linaro.org>\nAcked-by: Etienne Carriere <etienne.carriere@foss.st.com>","shortMessageHtmlLink":"plat-sam: add support for Microchip sama7g54-ek board"}},{"before":"d052ebb672eb25e8595075f5bd674d69a76d3e79","after":"d0f7143a122db06b48b948624dc50469505b3dc3","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-03T16:57:08.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for Android compatibility\n(e.g. EncryptionOperationsTest::RsaOaepWithMGFDigestSuccess in the\nVendor Test Suite [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that only\nlibtomcrypt supports this feature, so other implementations will\neither fail or fall back to libtomcrypt when passed a different MGF1\nhash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}},{"before":null,"after":"d052ebb672eb25e8595075f5bd674d69a76d3e79","ref":"refs/heads/optee-mgf1","pushedAt":"2024-04-03T16:47:38.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"samitolvanen","name":"Sami Tolvanen","path":"/samitolvanen","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1209872?s=80&v=4"},"commit":{"message":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations\n\nOP-TEE currently doesn't support using a different hash for MGF1\nwith RSA-OAEP. However, this is required for Android compatibility\n(e.g. EncryptionOperationsTest::RsaOaepWithMGFDigestSuccess in the\nVendor Test Suite [1]).\n\nPass the MGF1 attribute to crypto implementations. Note that only\nlibtomcrypt supports this feature, so other implementations will\neither fail or fall back to libtomcrypt when passed a different MGF1\nhash.\n\nLink: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5552 [1]\nSigned-off-by: Sami Tolvanen <samitolvanen@google.com>","shortMessageHtmlLink":"core: pass TEE_ATTR_RSA_OAEP_MGF_HASH to RSA-OAEP implementations"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEUinnZgA","startCursor":null,"endCursor":null}},"title":"Activity · samitolvanen/optee_os"}