[iot] Support reading ATAP certificate UUID from keymaster

Add API and IPC calls to read the ATAP certificate UUID from keymaster. Also rename const local variables to the standard convention. This cherry-picked the CL 649562 from trusty/external/trusty. Bug: 76211194 Change-Id: I98ab68180c3855e07884994dc20b879f0b59965d Signed-off-by: Haoran.Wang <elven.wang@nxp.com>

[iot] Support reading ATAP certificate UUID from keymaster
Add API and IPC calls to read the ATAP certificate UUID from keymaster. Also rename const local variables to the standard convention. This cherry-picked the CL 649562 from trusty/external/trusty. Bug: 76211194 Change-Id: I98ab68180c3855e07884994dc20b879f0b59965d Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
Yu Shan · Ji Luo
1 parent 9799955306
Showing 3 changed files with 37 additions and 5 deletions Side-by-side Diff
include/interface/keymaster/keymaster.h
include/trusty/keymaster.h
lib/trusty/ql-tipc/keymaster.c
@@ -61,6 +61,7 @@
     KM_ATAP_SET_CA_RESPONSE_BEGIN      = (0x5000 << KEYMASTER_REQ_SHIFT),
     KM_ATAP_SET_CA_RESPONSE_UPDATE     = (0x6000 << KEYMASTER_REQ_SHIFT),
     KM_ATAP_SET_CA_RESPONSE_FINISH     = (0x7000 << KEYMASTER_REQ_SHIFT),
+    KM_ATAP_READ_UUID                  = (0x8000 << KEYMASTER_REQ_SHIFT),
 };
  
 typedef enum {
@@ -108,5 +108,14 @@
 int trusty_atap_set_ca_response(const uint8_t *ca_response,
                                 uint32_t ca_response_size);
  
+/*
+* Reads the UUID from the certificate of the last provisioned attestation
+* credentials as a c-string into |*uuid_p|. Caller takes ownership of
+* |*uuid_p|. Returns one of trusty_err.
+*
+* @uuid_p: location of newly allocated UUID c-string
+*/
+int trusty_atap_read_uuid_str(char **uuid_p);
+
 #endif /* TRUSTY_KEYMASTER_H_ */
@@ -33,8 +33,9 @@
 static struct trusty_ipc_chan km_chan;
 static bool initialized;
 static int trusty_km_version = 2;
-static const size_t max_ca_request_size = 10000;
-static const size_t max_send_size = 4000;
+static const size_t kMaxCaRequestSize = 10000;
+static const size_t kMaxSendSize = 4000;
+static const size_t kUuidSize = 32;
  
 #ifndef MIN
 #define MIN(a, b) ((a) < (b) ? (a) : (b))
  
@@ -417,11 +418,11 @@
                                uint8_t **ca_request_p,
                                uint32_t *ca_request_size_p)
 {
-    *ca_request_p = trusty_calloc(1, max_ca_request_size);
+    *ca_request_p = trusty_calloc(1, kMaxCaRequestSize);
     if (!*ca_request_p) {
         return TRUSTY_ERR_NO_MEMORY;
     }
-    *ca_request_size_p = max_ca_request_size;
+    *ca_request_size_p = kMaxCaRequestSize;
     int rc = trusty_send_raw_buffer(KM_ATAP_GET_CA_REQUEST, operation_start,
                                     operation_start_size, *ca_request_p,
                                     ca_request_size_p);
@@ -448,7 +449,7 @@
  
     /* Send the CA Response message in chunks */
     while (bytes_sent < ca_response_size) {
-        send_size = MIN(max_send_size, ca_response_size - bytes_sent);
+        send_size = MIN(kMaxSendSize, ca_response_size - bytes_sent);
         rc = trusty_send_raw_buffer(KM_ATAP_SET_CA_RESPONSE_UPDATE,
                                     ca_response + bytes_sent, send_size,
                                     NULL, NULL);
@@ -460,5 +461,26 @@
  
     /* Tell Trusty Keymaster to parse the CA Response message */
     return km_do_tipc(KM_ATAP_SET_CA_RESPONSE_FINISH, true, NULL, 0, NULL, NULL);
+}
+
+
+int trusty_atap_read_uuid_str(char **uuid_p)
+{
+    *uuid_p = (char*) trusty_calloc(1, kUuidSize);
+
+    uint32_t response_size = kUuidSize;
+    int rc = km_do_tipc(KM_ATAP_READ_UUID, true, NULL, 0, *uuid_p,
+                        &response_size);
+    if (rc < 0) {
+        trusty_error("failed to read uuid: %d\n", rc);
+        trusty_free(*uuid_p);
+        return rc;
+    }
+    if (response_size != kUuidSize) {
+        trusty_error("keymaster returned wrong uuid size: %d\n", response_size);
+        trusty_free(*uuid_p);
+        rc = TRUSTY_ERR_GENERIC;
+    }
+    return rc;
 }
...	...	@@ -61,6 +61,7 @@
61	61	KM_ATAP_SET_CA_RESPONSE_BEGIN = (0x5000 << KEYMASTER_REQ_SHIFT),
62	62	KM_ATAP_SET_CA_RESPONSE_UPDATE = (0x6000 << KEYMASTER_REQ_SHIFT),
63	63	KM_ATAP_SET_CA_RESPONSE_FINISH = (0x7000 << KEYMASTER_REQ_SHIFT),
	64	+ KM_ATAP_READ_UUID = (0x8000 << KEYMASTER_REQ_SHIFT),
64	65	};
65	66
66	67	typedef enum {
...	...	@@ -108,5 +108,14 @@
108	108	int trusty_atap_set_ca_response(const uint8_t *ca_response,
109	109	uint32_t ca_response_size);
110	110
	111	+/*
	112	+* Reads the UUID from the certificate of the last provisioned attestation
	113	+* credentials as a c-string into \|*uuid_p\|. Caller takes ownership of
	114	+* \|*uuid_p\|. Returns one of trusty_err.
	115	+*
	116	+* @uuid_p: location of newly allocated UUID c-string
	117	+*/
	118	+int trusty_atap_read_uuid_str(char **uuid_p);
	119	+
111	120	#endif /* TRUSTY_KEYMASTER_H_ */
...	...	@@ -33,8 +33,9 @@
33	33	static struct trusty_ipc_chan km_chan;
34	34	static bool initialized;
35	35	static int trusty_km_version = 2;
36		-static const size_t max_ca_request_size = 10000;
37		-static const size_t max_send_size = 4000;
	36	+static const size_t kMaxCaRequestSize = 10000;
	37	+static const size_t kMaxSendSize = 4000;
	38	+static const size_t kUuidSize = 32;
38	39
39	40	#ifndef MIN
40	41	#define MIN(a, b) ((a) < (b) ? (a) : (b))
41	42
...	...	@@ -417,11 +418,11 @@
417	418	uint8_t **ca_request_p,
418	419	uint32_t *ca_request_size_p)
419	420	{
420		- *ca_request_p = trusty_calloc(1, max_ca_request_size);
	421	+ *ca_request_p = trusty_calloc(1, kMaxCaRequestSize);
421	422	if (!*ca_request_p) {
422	423	return TRUSTY_ERR_NO_MEMORY;
423	424	}
424		- *ca_request_size_p = max_ca_request_size;
	425	+ *ca_request_size_p = kMaxCaRequestSize;
425	426	int rc = trusty_send_raw_buffer(KM_ATAP_GET_CA_REQUEST, operation_start,
426	427	operation_start_size, *ca_request_p,
427	428	ca_request_size_p);
...	...	@@ -448,7 +449,7 @@
448	449
449	450	/* Send the CA Response message in chunks */
450	451	while (bytes_sent < ca_response_size) {
451		- send_size = MIN(max_send_size, ca_response_size - bytes_sent);
	452	+ send_size = MIN(kMaxSendSize, ca_response_size - bytes_sent);
452	453	rc = trusty_send_raw_buffer(KM_ATAP_SET_CA_RESPONSE_UPDATE,
453	454	ca_response + bytes_sent, send_size,
454	455	NULL, NULL);
...	...	@@ -460,5 +461,26 @@
460	461
461	462	/* Tell Trusty Keymaster to parse the CA Response message */
462	463	return km_do_tipc(KM_ATAP_SET_CA_RESPONSE_FINISH, true, NULL, 0, NULL, NULL);
	464	+}
	465	+
	466	+
	467	+int trusty_atap_read_uuid_str(char **uuid_p)
	468	+{
	469	+ uuid_p = (char) trusty_calloc(1, kUuidSize);
	470	+
	471	+ uint32_t response_size = kUuidSize;
	472	+ int rc = km_do_tipc(KM_ATAP_READ_UUID, true, NULL, 0, *uuid_p,
	473	+ &response_size);
	474	+ if (rc < 0) {
	475	+ trusty_error("failed to read uuid: %d\n", rc);
	476	+ trusty_free(*uuid_p);
	477	+ return rc;
	478	+ }
	479	+ if (response_size != kUuidSize) {
	480	+ trusty_error("keymaster returned wrong uuid size: %d\n", response_size);
	481	+ trusty_free(*uuid_p);
	482	+ rc = TRUSTY_ERR_GENERIC;
	483	+ }
	484	+ return rc;
463	485	}