drivers: crypto: se050: die_id generation

Guarantee the uniqueness of the die_id even when the requested length
is smaller than the se050 unique identifier.

Currently, tee_otp_get_die_id requests 12 bytes while the se050 unique
identifier is 18 bytes which is an issue as the uniqueness of the
device can be lost due to the truncation of the identifier.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

1 files changed, 3 insertions, 3 deletions

diff --git a/core/drivers/crypto/se050/core/huk.c b/core/drivers/crypto/se050/core/huk.c
index 4e474e16..2e800268 100644
--- a/core/drivers/crypto/se050/core/huk.c
+++ b/core/drivers/crypto/se050/core/huk.c
@@ -16,15 +16,15 @@ int tee_otp_get_die_id(uint8_t *buffer, size_t len)
 	size_t se050_huk_len = sizeof(se050_huk);
 	sss_status_t status = kStatus_SSS_Fail;
 
-	memset(buffer, 0, len);
-
 	status = sss_se05x_session_prop_get_au8(se050_session,
 						kSSS_SessionProp_UID,
 						se050_huk, &se050_huk_len);
 	if (status != kStatus_SSS_Success)
 		return -1;
 
-	memcpy(buffer, se050_huk, MIN(len, se050_huk_len));
+	if (tee_hash_createdigest(TEE_ALG_SHA256, se050_huk, se050_huk_len,
+				  buffer, len))
+		return -1;
 
 	return 0;
 }