Commit 65955f553b3742f433d4d8d6e94f93bc8c6ee0fb
Committed by
Ji Luo
1 parent
9799955306
Exists in
smarc_8mm-imx_v2018.03_4.14.98_2.0.0_ga
and in
5 other branches
[iot] Support reading ATAP certificate UUID from keymaster
Add API and IPC calls to read the ATAP certificate UUID from keymaster. Also rename const local variables to the standard convention. This cherry-picked the CL 649562 from trusty/external/trusty. Bug: 76211194 Change-Id: I98ab68180c3855e07884994dc20b879f0b59965d Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
Showing 3 changed files with 37 additions and 5 deletions Side-by-side Diff
include/interface/keymaster/keymaster.h
... | ... | @@ -61,6 +61,7 @@ |
61 | 61 | KM_ATAP_SET_CA_RESPONSE_BEGIN = (0x5000 << KEYMASTER_REQ_SHIFT), |
62 | 62 | KM_ATAP_SET_CA_RESPONSE_UPDATE = (0x6000 << KEYMASTER_REQ_SHIFT), |
63 | 63 | KM_ATAP_SET_CA_RESPONSE_FINISH = (0x7000 << KEYMASTER_REQ_SHIFT), |
64 | + KM_ATAP_READ_UUID = (0x8000 << KEYMASTER_REQ_SHIFT), | |
64 | 65 | }; |
65 | 66 | |
66 | 67 | typedef enum { |
include/trusty/keymaster.h
... | ... | @@ -108,5 +108,14 @@ |
108 | 108 | int trusty_atap_set_ca_response(const uint8_t *ca_response, |
109 | 109 | uint32_t ca_response_size); |
110 | 110 | |
111 | +/* | |
112 | +* Reads the UUID from the certificate of the last provisioned attestation | |
113 | +* credentials as a c-string into |*uuid_p|. Caller takes ownership of | |
114 | +* |*uuid_p|. Returns one of trusty_err. | |
115 | +* | |
116 | +* @uuid_p: location of newly allocated UUID c-string | |
117 | +*/ | |
118 | +int trusty_atap_read_uuid_str(char **uuid_p); | |
119 | + | |
111 | 120 | #endif /* TRUSTY_KEYMASTER_H_ */ |
lib/trusty/ql-tipc/keymaster.c
... | ... | @@ -33,8 +33,9 @@ |
33 | 33 | static struct trusty_ipc_chan km_chan; |
34 | 34 | static bool initialized; |
35 | 35 | static int trusty_km_version = 2; |
36 | -static const size_t max_ca_request_size = 10000; | |
37 | -static const size_t max_send_size = 4000; | |
36 | +static const size_t kMaxCaRequestSize = 10000; | |
37 | +static const size_t kMaxSendSize = 4000; | |
38 | +static const size_t kUuidSize = 32; | |
38 | 39 | |
39 | 40 | #ifndef MIN |
40 | 41 | #define MIN(a, b) ((a) < (b) ? (a) : (b)) |
41 | 42 | |
... | ... | @@ -417,11 +418,11 @@ |
417 | 418 | uint8_t **ca_request_p, |
418 | 419 | uint32_t *ca_request_size_p) |
419 | 420 | { |
420 | - *ca_request_p = trusty_calloc(1, max_ca_request_size); | |
421 | + *ca_request_p = trusty_calloc(1, kMaxCaRequestSize); | |
421 | 422 | if (!*ca_request_p) { |
422 | 423 | return TRUSTY_ERR_NO_MEMORY; |
423 | 424 | } |
424 | - *ca_request_size_p = max_ca_request_size; | |
425 | + *ca_request_size_p = kMaxCaRequestSize; | |
425 | 426 | int rc = trusty_send_raw_buffer(KM_ATAP_GET_CA_REQUEST, operation_start, |
426 | 427 | operation_start_size, *ca_request_p, |
427 | 428 | ca_request_size_p); |
... | ... | @@ -448,7 +449,7 @@ |
448 | 449 | |
449 | 450 | /* Send the CA Response message in chunks */ |
450 | 451 | while (bytes_sent < ca_response_size) { |
451 | - send_size = MIN(max_send_size, ca_response_size - bytes_sent); | |
452 | + send_size = MIN(kMaxSendSize, ca_response_size - bytes_sent); | |
452 | 453 | rc = trusty_send_raw_buffer(KM_ATAP_SET_CA_RESPONSE_UPDATE, |
453 | 454 | ca_response + bytes_sent, send_size, |
454 | 455 | NULL, NULL); |
... | ... | @@ -460,5 +461,26 @@ |
460 | 461 | |
461 | 462 | /* Tell Trusty Keymaster to parse the CA Response message */ |
462 | 463 | return km_do_tipc(KM_ATAP_SET_CA_RESPONSE_FINISH, true, NULL, 0, NULL, NULL); |
464 | +} | |
465 | + | |
466 | + | |
467 | +int trusty_atap_read_uuid_str(char **uuid_p) | |
468 | +{ | |
469 | + *uuid_p = (char*) trusty_calloc(1, kUuidSize); | |
470 | + | |
471 | + uint32_t response_size = kUuidSize; | |
472 | + int rc = km_do_tipc(KM_ATAP_READ_UUID, true, NULL, 0, *uuid_p, | |
473 | + &response_size); | |
474 | + if (rc < 0) { | |
475 | + trusty_error("failed to read uuid: %d\n", rc); | |
476 | + trusty_free(*uuid_p); | |
477 | + return rc; | |
478 | + } | |
479 | + if (response_size != kUuidSize) { | |
480 | + trusty_error("keymaster returned wrong uuid size: %d\n", response_size); | |
481 | + trusty_free(*uuid_p); | |
482 | + rc = TRUSTY_ERR_GENERIC; | |
483 | + } | |
484 | + return rc; | |
463 | 485 | } |