diff options
| author | Jorge Ramirez-Ortiz <jorge@foundries.io> | 2020-08-25 08:53:14 +0200 |
|---|---|---|
| committer | Jérôme Forissier <jerome@forissier.org> | 2020-11-20 10:48:58 +0100 |
| commit | 5dfe86d0d6c2ec8c4ffbd7df238998a9adae0f0b (patch) | |
| tree | cd927155d022ae9c76d43b0d22869d531611ed71 /core | |
| parent | cb1b1ecd336abb5c3cca92eb702f2a794b023e40 (diff) | |
core: svc store: delete keys from secure elements
The cryptographic API provides an interface for the creation of
cryptographic keys.
These keys can be stored in secure elements and handlers to these keys
(since the keys themselves can not be read from the secure elements)
given back to the caller.
When the object holding a key is being deleted, the cryptographic API
must be informed in order to proceed with the deletion of the real
key from the secure element.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Diffstat (limited to 'core')
| -rw-r--r-- | core/crypto/crypto.c | 4 | ||||
| -rw-r--r-- | core/include/crypto/crypto.h | 3 | ||||
| -rw-r--r-- | core/tee/tee_svc_storage.c | 17 |
3 files changed, 24 insertions, 0 deletions
diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c index 22b27211..e790b0c6 100644 --- a/core/crypto/crypto.c +++ b/core/crypto/crypto.c @@ -787,3 +787,7 @@ TEE_Result crypto_acipher_sm2_kep_derive(struct ecc_keypair *my_key __unused, return TEE_ERROR_NOT_IMPLEMENTED; } #endif + +__weak void crypto_storage_obj_del(uint8_t *data __unused, size_t len __unused) +{ +} diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h index c7b0eae5..66ef2d20 100644 --- a/core/include/crypto/crypto.h +++ b/core/include/crypto/crypto.h @@ -85,6 +85,9 @@ void crypto_authenc_copy_state(void *dst_ctx, void *src_ctx); TEE_Result crypto_enable_scp03(unsigned int rotate_keys); #endif +/* Informs crypto that the data in the buffer will be removed from storage */ +void crypto_storage_obj_del(uint8_t *data, size_t len); + /* Implementation-defined big numbers */ /* diff --git a/core/tee/tee_svc_storage.c b/core/tee/tee_svc_storage.c index 6a3a00a2..048011fc 100644 --- a/core/tee/tee_svc_storage.c +++ b/core/tee/tee_svc_storage.c @@ -4,6 +4,8 @@ * Copyright (c) 2020, Linaro Limited */ +#include <config.h> +#include <crypto/crypto.h> #include <kernel/mutex.h> #include <kernel/tee_misc.h> #include <kernel/tee_ta_manager.h> @@ -515,6 +517,8 @@ TEE_Result syscall_storage_obj_del(unsigned long obj) struct user_ta_ctx *utc = to_user_ta_ctx(sess->ctx); TEE_Result res = TEE_SUCCESS; struct tee_obj *o = NULL; + uint8_t *data = NULL; + size_t len = 0; res = tee_obj_get(utc, uref_to_vaddr(obj), &o); if (res != TEE_SUCCESS) @@ -526,6 +530,19 @@ TEE_Result syscall_storage_obj_del(unsigned long obj) if (o->pobj == NULL || o->pobj->obj_id == NULL) return TEE_ERROR_BAD_STATE; + if (IS_ENABLED(CFG_NXP_SE05X)) { + len = o->info.dataSize; + data = calloc(1, len); + if (!data) + return TEE_ERROR_OUT_OF_MEMORY; + + res = o->pobj->fops->read(o->fh, o->info.dataPosition, + data, &len); + if (res == TEE_SUCCESS) + crypto_storage_obj_del(data, len); + free(data); + } + res = o->pobj->fops->remove(o->pobj); tee_obj_close(utc, o); |