DPE: Add custom argument cert_id to DeriveContext
Cert_id is custom argument passed by the client to DeriveContext
to assign the context to specific certificate. For now only
support the parameter as mandatory input.
Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: Ib8c00cbab8fd0ad5b49012d854ae3fc6077409b9
diff --git a/partitions/dice_protection_environment/dpe_cmd_decode.c b/partitions/dice_protection_environment/dpe_cmd_decode.c
index 63e23ea..c4f2623 100644
--- a/partitions/dice_protection_environment/dpe_cmd_decode.c
+++ b/partitions/dice_protection_environment/dpe_cmd_decode.c
@@ -150,6 +150,7 @@
int new_parent_context_handle;
uint8_t *new_certificate_buf = REUSE_CMD_BUF(DICE_CERT_SIZE);
uint8_t exported_cdi_buf[DICE_MAX_ENCODED_CDI_SIZE];
+ uint32_t cert_id;
size_t new_certificate_actual_size = 0;
size_t exported_cdi_actual_size = 0;
@@ -158,11 +159,19 @@
QCBORDecode_GetByteStringInMapN(decode_ctx, DPE_DERIVE_CONTEXT_CONTEXT_HANDLE,
&out);
- if (out.len != sizeof(context_handle)) {
+ qcbor_err = QCBORDecode_GetAndResetError(decode_ctx);
+ if ((qcbor_err != QCBOR_SUCCESS) || (out.len != sizeof(context_handle))) {
return DPE_INVALID_COMMAND;
}
memcpy(&context_handle, out.ptr, out.len);
+ QCBORDecode_GetUInt64InMapN(decode_ctx, DPE_DERIVE_CONTEXT_CERT_ID, &cert_id);
+ /* Check if cert_id was encoded in the received command buffer */
+ qcbor_err = QCBORDecode_GetAndResetError(decode_ctx);
+ if (qcbor_err != QCBOR_SUCCESS) {
+ cert_id = DPE_CERT_ID_INVALID;
+ }
+
QCBORDecode_GetBoolInMapN(decode_ctx, DPE_DERIVE_CONTEXT_RETAIN_PARENT_CONTEXT,
&retain_parent_context);
@@ -204,7 +213,7 @@
return DPE_INVALID_COMMAND;
}
- dpe_err = derive_context_request(context_handle, retain_parent_context,
+ dpe_err = derive_context_request(context_handle, cert_id, retain_parent_context,
allow_new_context_to_derive, create_certificate,
&dice_inputs, client_id,
target_locality,