diff options
-rw-r--r-- | include/interface/keymaster/keymaster.h | 1 | ||||
-rw-r--r-- | include/trusty/keymaster.h | 9 | ||||
-rw-r--r-- | lib/trusty/ql-tipc/keymaster.c | 32 |
3 files changed, 37 insertions, 5 deletions
diff --git a/include/interface/keymaster/keymaster.h b/include/interface/keymaster/keymaster.h index fa60a1aeb5..7b18a64f36 100644 --- a/include/interface/keymaster/keymaster.h +++ b/include/interface/keymaster/keymaster.h @@ -61,6 +61,7 @@ enum keymaster_command { KM_ATAP_SET_CA_RESPONSE_BEGIN = (0x5000 << KEYMASTER_REQ_SHIFT), KM_ATAP_SET_CA_RESPONSE_UPDATE = (0x6000 << KEYMASTER_REQ_SHIFT), KM_ATAP_SET_CA_RESPONSE_FINISH = (0x7000 << KEYMASTER_REQ_SHIFT), + KM_ATAP_READ_UUID = (0x8000 << KEYMASTER_REQ_SHIFT), }; typedef enum { diff --git a/include/trusty/keymaster.h b/include/trusty/keymaster.h index e69527e0fa..beb2ff9578 100644 --- a/include/trusty/keymaster.h +++ b/include/trusty/keymaster.h @@ -108,4 +108,13 @@ int trusty_atap_get_ca_request(const uint8_t *operation_start, int trusty_atap_set_ca_response(const uint8_t *ca_response, uint32_t ca_response_size); +/* +* Reads the UUID from the certificate of the last provisioned attestation +* credentials as a c-string into |*uuid_p|. Caller takes ownership of +* |*uuid_p|. Returns one of trusty_err. +* +* @uuid_p: location of newly allocated UUID c-string +*/ +int trusty_atap_read_uuid_str(char **uuid_p); + #endif /* TRUSTY_KEYMASTER_H_ */ diff --git a/lib/trusty/ql-tipc/keymaster.c b/lib/trusty/ql-tipc/keymaster.c index d62ed4aeb2..e0b8217262 100644 --- a/lib/trusty/ql-tipc/keymaster.c +++ b/lib/trusty/ql-tipc/keymaster.c @@ -33,8 +33,9 @@ static struct trusty_ipc_chan km_chan; static bool initialized; static int trusty_km_version = 2; -static const size_t max_ca_request_size = 10000; -static const size_t max_send_size = 4000; +static const size_t kMaxCaRequestSize = 10000; +static const size_t kMaxSendSize = 4000; +static const size_t kUuidSize = 32; #ifndef MIN #define MIN(a, b) ((a) < (b) ? (a) : (b)) @@ -417,11 +418,11 @@ int trusty_atap_get_ca_request(const uint8_t *operation_start, uint8_t **ca_request_p, uint32_t *ca_request_size_p) { - *ca_request_p = trusty_calloc(1, max_ca_request_size); + *ca_request_p = trusty_calloc(1, kMaxCaRequestSize); if (!*ca_request_p) { return TRUSTY_ERR_NO_MEMORY; } - *ca_request_size_p = max_ca_request_size; + *ca_request_size_p = kMaxCaRequestSize; int rc = trusty_send_raw_buffer(KM_ATAP_GET_CA_REQUEST, operation_start, operation_start_size, *ca_request_p, ca_request_size_p); @@ -448,7 +449,7 @@ int trusty_atap_set_ca_response(const uint8_t *ca_response, /* Send the CA Response message in chunks */ while (bytes_sent < ca_response_size) { - send_size = MIN(max_send_size, ca_response_size - bytes_sent); + send_size = MIN(kMaxSendSize, ca_response_size - bytes_sent); rc = trusty_send_raw_buffer(KM_ATAP_SET_CA_RESPONSE_UPDATE, ca_response + bytes_sent, send_size, NULL, NULL); @@ -461,3 +462,24 @@ int trusty_atap_set_ca_response(const uint8_t *ca_response, /* Tell Trusty Keymaster to parse the CA Response message */ return km_do_tipc(KM_ATAP_SET_CA_RESPONSE_FINISH, true, NULL, 0, NULL, NULL); } + + +int trusty_atap_read_uuid_str(char **uuid_p) +{ + *uuid_p = (char*) trusty_calloc(1, kUuidSize); + + uint32_t response_size = kUuidSize; + int rc = km_do_tipc(KM_ATAP_READ_UUID, true, NULL, 0, *uuid_p, + &response_size); + if (rc < 0) { + trusty_error("failed to read uuid: %d\n", rc); + trusty_free(*uuid_p); + return rc; + } + if (response_size != kUuidSize) { + trusty_error("keymaster returned wrong uuid size: %d\n", response_size); + trusty_free(*uuid_p); + rc = TRUSTY_ERR_GENERIC; + } + return rc; +} |