DPE: Add index field to layer_context_t
Both layer_ctx and layer_idx are used throughout and passed
as input to various functions. Add index field to the
layer_ctx so that only pointer to context is required
to pass and implementation stays consistent.
Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: I1603c82ef1c11d558e7f0bafecb1e2eecfe09885
diff --git a/partitions/dice_protection_environment/dpe_certificate.c b/partitions/dice_protection_environment/dpe_certificate.c
index 6dfb0f5..629f1cf 100644
--- a/partitions/dice_protection_environment/dpe_certificate.c
+++ b/partitions/dice_protection_environment/dpe_certificate.c
@@ -115,7 +115,7 @@
}
static void add_cdi_export_claim(QCBOREncodeContext *cbor_enc_ctx,
- struct layer_context_t *layer_ctx)
+ const struct layer_context_t *layer_ctx)
{
QCBOREncode_AddBoolToMapN(cbor_enc_ctx,
DPE_CERT_LABEL_CDI_EXPORT,
@@ -123,7 +123,7 @@
}
static void add_subject_claim(QCBOREncodeContext *cbor_enc_ctx,
- struct layer_context_t *layer_ctx)
+ const struct layer_context_t *layer_ctx)
{
char cdi_id_hex[ID_HEX_SIZE];
@@ -397,14 +397,14 @@
return DPE_NO_ERROR;
}
-static dpe_error_t encode_layer_certificate_internal(uint16_t layer_idx,
+static dpe_error_t encode_layer_certificate_internal(const struct layer_context_t *layer_ctx,
QCBOREncodeContext *cbor_enc_ctx,
bool finish_cbor_encoding,
size_t *cert_actual_size)
{
struct t_cose_sign1_sign_ctx signer_ctx;
- struct layer_context_t *layer_ctx, *parent_layer_ctx;
- uint16_t parent_layer_idx;
+ struct layer_context_t *parent_layer_ctx;
+ uint16_t parent_layer_idx, layer_idx;
dpe_error_t err;
UsefulBufC completed_cert;
psa_key_id_t attest_key_id;
@@ -412,9 +412,8 @@
/* Valid options: true & !NULL OR false & NULL */
assert(finish_cbor_encoding ^ (cert_actual_size == NULL));
+ layer_idx = layer_ctx->idx;
assert(layer_idx < MAX_NUM_OF_LAYERS);
- layer_ctx = get_layer_ctx_ptr(layer_idx);
-
parent_layer_idx = layer_ctx->parent_layer_idx;
assert(parent_layer_idx < MAX_NUM_OF_LAYERS);
parent_layer_ctx = get_layer_ctx_ptr(parent_layer_idx);
@@ -492,7 +491,7 @@
return err;
}
-dpe_error_t encode_layer_certificate(uint16_t layer_idx,
+dpe_error_t encode_layer_certificate(const struct layer_context_t *layer_ctx,
uint8_t *cert_buf,
size_t cert_buf_size,
size_t *cert_actual_size)
@@ -504,11 +503,11 @@
cert_buf_size });
/* Only a single certificate is encoded */
- return encode_layer_certificate_internal(layer_idx, &cbor_enc_ctx,
+ return encode_layer_certificate_internal(layer_ctx, &cbor_enc_ctx,
true, cert_actual_size);
}
-dpe_error_t store_layer_certificate(struct layer_context_t *layer_ctx)
+dpe_error_t store_layer_certificate(const struct layer_context_t *layer_ctx)
{
//TODO:
(void)layer_ctx;
@@ -569,17 +568,17 @@
return DPE_NO_ERROR;
}
-dpe_error_t get_certificate_chain(uint16_t layer_idx,
+dpe_error_t get_certificate_chain(const struct layer_context_t *layer_ctx,
uint8_t *cert_chain_buf,
size_t cert_chain_buf_size,
size_t *cert_chain_actual_size)
{
- struct layer_context_t *layer_ctx;
QCBOREncodeContext cbor_enc_ctx;
dpe_error_t err;
int i;
uint16_t layer_chain[MAX_NUM_OF_LAYERS];
uint16_t layer_cnt = 0;
+ uint16_t layer_idx = layer_ctx->idx;
open_certificate_chain(&cbor_enc_ctx,
cert_chain_buf,
@@ -612,8 +611,9 @@
/* Add certificate from RoT to leaf layer order */
while (i >= DPE_ROT_LAYER_IDX) {
+ layer_ctx = get_layer_ctx_ptr(layer_chain[i]);
/* Might multiple certificate is encoded */
- err = encode_layer_certificate_internal(layer_chain[i], &cbor_enc_ctx,
+ err = encode_layer_certificate_internal(layer_ctx, &cbor_enc_ctx,
false, NULL);
if (err != DPE_NO_ERROR) {
return err;
diff --git a/partitions/dice_protection_environment/dpe_certificate.h b/partitions/dice_protection_environment/dpe_certificate.h
index 95cbbf2..4d6fa0f 100644
--- a/partitions/dice_protection_environment/dpe_certificate.h
+++ b/partitions/dice_protection_environment/dpe_certificate.h
@@ -22,14 +22,14 @@
/**
* \brief Encodes and signs the certificate for a layer
*
- * \param[in] layer_idx Index of the current layer context.
+ * \param[in] layer_ctx Pointer to certificate layer context.
* \param[out] cert_buf Pointer to the output cert buffer.
* \param[in] cert_buf_size Size of the output cert buffer.
* \param[out] cert_actual_size Actual size of the final certificate.
* *
* \return Returns error code of type dpe_error_t
*/
-dpe_error_t encode_layer_certificate(uint16_t layer_idx,
+dpe_error_t encode_layer_certificate(const struct layer_context_t *layer_ctx,
uint8_t *cert_buf,
size_t cert_buf_size,
size_t *cert_actual_size);
@@ -41,19 +41,19 @@
*
* \return Returns error code of type dpe_error_t
*/
-dpe_error_t store_layer_certificate(struct layer_context_t *layer_ctx);
+dpe_error_t store_layer_certificate(const struct layer_context_t *layer_ctx);
/**
* \brief Returns the encoded certificate chain from leaf layer to the RoT layer.
*
- * \param[in] layer_idx Index of the current leaf layer context.
+ * \param[in] layer_ctx Pointer to the current leaf layer context.
* \param[out] cert_chain_buf Pointer to certificate chain buffer.
* \param[in] cert_chain_buf_size Size of certificate chain buffer.
* \param[out] cert_chain_actual_size Actual size of the chain.
*
* \return Returns error code of type dpe_error_t
*/
-dpe_error_t get_certificate_chain(uint16_t layer_idx,
+dpe_error_t get_certificate_chain(const struct layer_context_t *layer_ctx,
uint8_t *cert_chain_buf,
size_t cert_chain_buf_size,
size_t *cert_chain_actual_size);
diff --git a/partitions/dice_protection_environment/dpe_context_mngr.c b/partitions/dice_protection_environment/dpe_context_mngr.c
index 02e5feb..bebe779 100644
--- a/partitions/dice_protection_environment/dpe_context_mngr.c
+++ b/partitions/dice_protection_environment/dpe_context_mngr.c
@@ -80,6 +80,7 @@
static void invalidate_layer(int i)
{
+ layer_ctx_array[i].idx = i;
layer_ctx_array[i].state = LAYER_STATE_CLOSED;
layer_ctx_array[i].parent_layer_idx = INVALID_LAYER_IDX;
layer_ctx_array[i].is_cdi_to_be_exported = false;
@@ -207,7 +208,7 @@
return PSA_SUCCESS;
}
-static psa_status_t compute_layer_cdi_attest_input(uint16_t curr_layer_idx)
+static psa_status_t compute_layer_cdi_attest_input(struct layer_context_t *layer_ctx)
{
psa_status_t status;
uint8_t component_ctx_data[CONTEXT_DATA_MAX_SIZE];
@@ -227,7 +228,7 @@
* and hash it.
*/
for (idx = 0; idx < MAX_NUM_OF_COMPONENTS; idx++) {
- if (component_ctx_array[idx].linked_layer_idx == curr_layer_idx) {
+ if (component_ctx_array[idx].linked_layer_idx == layer_ctx->idx) {
/* This component belongs to current layer */
/* Concatenate all context data for this component */
status = get_component_data_for_attest_cdi(component_ctx_data,
@@ -248,8 +249,8 @@
}
status = psa_hash_finish(&hash_op,
- &layer_ctx_array[curr_layer_idx].attest_cdi_hash_input[0],
- sizeof(layer_ctx_array[curr_layer_idx].attest_cdi_hash_input),
+ &layer_ctx->attest_cdi_hash_input[0],
+ sizeof(layer_ctx->attest_cdi_hash_input),
&hash_len);
assert(hash_len == DPE_HASH_ALG_SIZE);
@@ -289,14 +290,14 @@
return DPE_NO_ERROR;
}
-static dpe_error_t prepare_layer_certificate(uint16_t layer_idx)
+static dpe_error_t prepare_layer_certificate(struct layer_context_t *layer_ctx)
{
- uint16_t parent_layer_idx;
+ uint16_t layer_idx, parent_layer_idx;
psa_status_t status;
- struct layer_context_t *layer_ctx, *parent_layer_ctx;
+ struct layer_context_t *parent_layer_ctx;
+ layer_idx = layer_ctx->idx;
assert(layer_idx < MAX_NUM_OF_LAYERS);
- layer_ctx = &layer_ctx_array[layer_idx];
parent_layer_idx = layer_ctx->parent_layer_idx;
assert(parent_layer_idx < MAX_NUM_OF_LAYERS);
parent_layer_ctx = &layer_ctx_array[parent_layer_idx];
@@ -307,7 +308,7 @@
/* Except for RoT Layer with no external public key supplied */
- status = compute_layer_cdi_attest_input(layer_idx);
+ status = compute_layer_cdi_attest_input(layer_ctx);
if (status != PSA_SUCCESS) {
return DPE_INTERNAL_ERROR;
}
@@ -656,14 +657,14 @@
/* Finalise the layer */
layer_ctx->state = LAYER_STATE_FINALISED;
- err = prepare_layer_certificate(linked_layer_idx);
+ err = prepare_layer_certificate(layer_ctx);
if (err != DPE_NO_ERROR) {
return err;
}
if (return_certificate) {
/* Encode and return generated layer certificate */
- err = encode_layer_certificate(linked_layer_idx,
+ err = encode_layer_certificate(layer_ctx,
new_certificate_buf,
new_certificate_buf_size,
new_certificate_actual_size);
@@ -846,12 +847,12 @@
* derive context command
*/
/* Create leaf certificate */
- err = prepare_layer_certificate(input_layer_idx);
+ err = prepare_layer_certificate(layer_ctx);
if (err != DPE_NO_ERROR) {
return err;
}
- err = encode_layer_certificate(input_layer_idx,
+ err = encode_layer_certificate(layer_ctx,
certificate_buf,
certificate_buf_size,
certificate_actual_size);
@@ -935,7 +936,7 @@
return DPE_INVALID_ARGUMENT;
}
- err = get_certificate_chain(input_layer_idx,
+ err = get_certificate_chain(layer_ctx,
certificate_chain_buf,
certificate_chain_buf_size,
certificate_chain_actual_size);
diff --git a/partitions/dice_protection_environment/dpe_context_mngr.h b/partitions/dice_protection_environment/dpe_context_mngr.h
index d861d43..edcc9f3 100644
--- a/partitions/dice_protection_environment/dpe_context_mngr.h
+++ b/partitions/dice_protection_environment/dpe_context_mngr.h
@@ -93,6 +93,7 @@
struct layer_context_t {
struct layer_context_data_t data;
+ uint16_t idx;
uint16_t parent_layer_idx;
uint8_t attest_cdi_hash_input[DPE_HASH_ALG_SIZE];
enum layer_state_t state;