Age | Commit message (Collapse) | Author |
|
We should not shrink the input size when:
Request size + Input size > OPTEE_KEYMASTER_SEND_BUF_SIZE
Otherwise we may return incorrect/unexpected data when we perform an
UpdateOperation.
Instead we should set the response error to
KM_ERROR_INVALID_INPUT_LENGTH and return.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Julien Masson <jmasson@baylibre.com>
|
|
Keymint source code has been copied from Trusty, it contains
unnecessary comments, we can remove them.
Fixes: bdce96afd712 (keymaster: add keymint support)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Julien Masson <jmasson@baylibre.com>
|
|
All the code related to Keymint has been copied from trusty.
We follow the exact same tree structure and naming convention.
All occurrences of "trusty" word are replaced by "optee".
The update is based on this HEAD reference in trusty:
f53626de0 Merge cherrypicks of ['googleplex-android-review.googlesource.com/25156721'] into udc-release.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Julien Masson <jmasson@baylibre.com>
|
|
Android use by default Soong Build System, *.mk files are deprecated
in favor of Android.bp [1].
All the logics present in Android.mk to build keymaster binaries have
been ported to Android.bp
Note: TA building have not been converted to Android.bp because this
requires significant rework.
[1] https://source.android.com/docs/setup/build
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Julien Masson <jmasson@baylibre.com>
|
|
The keymaster service has been realigned with trusty but some parts of
the code imported need changes:
- remove unused macros
- align keymaster_command
- keep OPTEE_KEYMASTER_SEND_BUF_SIZE size
- OP-TEE Foundation -> OP-TEE
Fixes: 258bfd4cec42 (keymaster: realign android service with trusty)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Julien Masson <jmasson@baylibre.com>
|
|
All the logics/code in the keymaster service could be exactly the same
as trusty, there is nothing specific for OP-TEE.
Compared to trusty the main difference are with OP-TEE:
- forward operations from IPC to the Trusted Application
- support crypto operations in the Trusted Application
Thus all the code related to the keymaster service is now realigned
with trusty: system/core/trusty/keymaster
We follow the exact same tree structure and naming convention.
All occurrences of "trusty" word are replaced by "optee".
The update is based on this HEAD reference in trusty:
f53626de0 Merge cherrypicks of ['googleplex-android-review.googlesource.com/25156721'] into udc-release.
In that way all the futur fixes/improvments made in trusty service can
be applied easily for OP-TEE keymaster.
All the crypto operations not yet supported should be reported by the
Trusted Application.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Julien Masson <jmasson@baylibre.com>
|
|
Since the TEE Internal Core API in OP-TEE OS is updated,
enable compatibility with TEE Internal Core API v1.1 for
Keymaster and Gatekeeper TAs.
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
|
Add github action to close stale issues and PRs with no recent activity,
and templates for issues and PRs.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
Add skeleton for TA_getVersion().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
Based on "Add attestation key to generate/import messages"
[LINK] https://android.googlesource.com/platform/system/core/+/657f71cd26a679e505099d25c0482b41e9d2772c
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
Based on "Revise KeymasterMessage versioning system"
[LINK]: https://android.googlesource.com/platform/system/core/+/9323f4113b449500f38ac4c4af2c3804634035e1
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
Add cmake files to build and install kmgk TAs in build.git's buildroot
root FS.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
Per
https://source.android.com/devices/architecture/vintf/objects#manifest-fragments
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
Change log level from 3 (dbg) to 2 (info) to reduce noise.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
|
|
Add out of bounds check to TA_fill_characteristics().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>
|
|
Add out of bounds check to TA_serialize_ec_keypair().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add out of bounds check to TA_serialize_rsa_keypair().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add out of bounds check to TA_serialize_cert_chain_akms().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add out of bounds check to TA_serialize_blob_akms().
Make similar changes along the function call chain as well, i.e.
TA_serialize_characteristics()
TA_serialize_param_set()
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add missing out of bounds check for output buffer.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add out of bounds check to TA_serialize_characteristics_akms().
Make similar changes along the function call chain as well, i.e.
TA_serialize_auth_set()
param_serialize()
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add out of bounds check to TA_serialize_key_blob_akms().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add out of bounds check to TA_serialize_rsp_err().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Verify that the output buffer size in the TA is as expected, i.e. the
same as the one passed in by the REE, and return error if not.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Rename variable name from out_size to keyblob_out_size in TA_update()
and TA_finish() to avoid confusion with the *out and *out_end variable
names which point to the output buffer and end of the output buffer
passed in by the REE.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add end of the output buffer as an arg to all serializer functions. This
is in preparation for checking of writing beyond the buffer.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Check pointer params from the REE for NULL before deferencing or
accessing them (e.g. source or destination of a mem op).
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
TA_* functions called by TA_InvokeCommandEntryPoint() should never
return before serializing the return code into the response output
buffer. Fix instances of where this happens.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add more input buffer out of bounds check in places that are missing
it, or move the oob check to the proper location, or fix the size of
the check.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
When removing the const qualifier for the deserialization functions,
param_deserialize() was missed so fix it.
Fixes: 282d261e9154 ("km: ta: remove unnecessary const qualifier")
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Format code to comply with OP-TEE coding style.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Remove old code that are not used anymore.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Print debug info for day of the week and leap year.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add descriptions for the root cert generated internally for attestation.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>
|
|
Add initial check for SetUp() in KeymasterTest class to verify
supported features are as expected.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>
|
|
Remove TODO items that no longer apply or are not necessary anymore.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>
|
|
Clear auth_token_key from memory after use in
TA_InitializeAuthTokenKey().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>
|
|
Convert return type of TA_SetAttestationKey() and
TA_AppendAttestationCertKey() from keymaster_error_t to TEE_Result to
match all the other TA_* functions.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org>
|
|
Use MUL_OVERFLOW() check in TA_deserialize_param_set() instead of just
doing direct multiplication.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org> (VtsHalKeymasterV3_0TargetTest)
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Since optee_os core doesn't have an absolute time, only relative, we're
not able to derive the current date using the System (TEE) time and
hence not able to generate a valid certificate for testing. An invalid
certificate will cause the TA to panic.
Use the REE time for certificate generation. Obviously this isn't fully
secure, but since this code path is used for development and testing
only, we allow it and print a warning to let the user know what to do
instead in actual platforms or products.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Workaround 'variable set but not used [-Wunused-but-set-variable]'
warnings.
Fix print format warnings.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Add missing param check for TA_is_out_of_bounds().
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
The attestation code used boringssl's ASN.1 encoding tools
incorrectly, causing it to encode incorrect values in device_locked.
[LINK] https://android.googlesource.com/platform/hardware/interfaces/+/994c65e5bc90822f18a185502a6d553c06bdaa6b
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
[LINK] https://android.googlesource.com/platform/hardware/interfaces/+/3bacd7f63416a8e5b379c599b08741a0b5d10afc
[LINK] https://android.googlesource.com/platform/hardware/interfaces/+/ba894f81db6f20b9fef104e31eb1f7dc26f68c2d
[LINK] https://android.googlesource.com/platform/hardware/interfaces/+/ba4d532fee4bbadcdcb7aa52edd12232f30e2fa4
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
..header and lib.
[LINK] https://android.googlesource.com/device/google/coral/+/ba2b3e7d5438c9a0195c382dbf31c4bba59ae762
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Fix misc build warnings like unused or uninitialized variables.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Use arithmetic operations with overflow detection at places where
parameters come or are derived from REE.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
..in TA_deserialize_auth_set(). param_set->length is derived from the
REE so make sure there's no overflow when allocating memory for the
number of key params required for it.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
Currently the IS_OUT_OF_BOUNDS macro does not account for integer
overflow so convert it to a function which does, using ADD_OVERFLOW from
the TA dev kit.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|
|
The deserialization functions append the const qualifier to the in and
in_end args which aren't really const so remove them to fix build
warnings.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
|