DPE: Add logging of received commands
Adds logging of commands received in the DPE service to aid debugging.
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Change-Id: I4b49fd2842cd5e08a434ab555ac06ef3a5165f91
diff --git a/partitions/dice_protection_environment/CMakeLists.txt b/partitions/dice_protection_environment/CMakeLists.txt
index 1b5413f..447ee8a 100644
--- a/partitions/dice_protection_environment/CMakeLists.txt
+++ b/partitions/dice_protection_environment/CMakeLists.txt
@@ -21,6 +21,7 @@
PRIVATE
dpe_cmd_decode.c
dpe_impl.c
+ dpe_log.c
dpe_req_mngr.c
)
diff --git a/partitions/dice_protection_environment/dpe_impl.c b/partitions/dice_protection_environment/dpe_impl.c
index 563957e..8167a4f 100644
--- a/partitions/dice_protection_environment/dpe_impl.c
+++ b/partitions/dice_protection_environment/dpe_impl.c
@@ -9,6 +9,8 @@
#include <string.h>
+#include "dpe_log.h"
+
dpe_error_t dpe_derive_child_impl(int context_handle,
bool retain_parent_context,
bool allow_child_to_derive,
@@ -17,6 +19,9 @@
int *child_context_handle,
int *new_context_handle)
{
+ log_derive_child(context_handle, retain_parent_context,
+ allow_child_to_derive, create_certificate, dice_inputs);
+
*child_context_handle = 123;
*new_context_handle = 456;
@@ -37,6 +42,9 @@
size_t *derived_public_key_actual_size,
int *new_context_handle)
{
+ log_certify_key(context_handle, retain_context, public_key, public_key_size,
+ label, label_size);
+
memcpy(certificate_chain_buf, "abc", 4);
*certificate_chain_actual_size = 4;
memcpy(derived_public_key_buf, "def", 4);
diff --git a/partitions/dice_protection_environment/dpe_log.c b/partitions/dice_protection_environment/dpe_log.c
new file mode 100644
index 0000000..a290891
--- /dev/null
+++ b/partitions/dice_protection_environment/dpe_log.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#include "dpe_log.h"
+
+#if (TFM_PARTITION_LOG_LEVEL >= TFM_PARTITION_LOG_LEVEL_DEBUG)
+
+static void print_byte_array(const uint8_t *array, size_t len)
+{
+ size_t i;
+
+ if (array != NULL) {
+ for (i = 0; i < len; ++i) {
+ if ((i & 0xF) == 0) {
+ LOG_DBGFMT("\r\n ");
+ }
+ if (array[i] < 0x10) {
+ LOG_DBGFMT(" 0%x", array[i]);
+ } else {
+ LOG_DBGFMT(" %x", array[i]);
+ }
+ }
+ }
+
+ LOG_DBGFMT("\r\n");
+}
+
+static void log_dice_inputs(const DiceInputValues *input)
+{
+ LOG_DBGFMT(" - DICE code_hash =");
+ print_byte_array(input->code_hash, sizeof(input->code_hash));
+ LOG_DBGFMT(" - DICE code_descriptor =");
+ print_byte_array(input->code_descriptor, input->code_descriptor_size);
+ LOG_DBGFMT(" - DICE config_type = %d\r\n", input->config_type);
+ LOG_DBGFMT(" - DICE config_value =");
+ print_byte_array(input->config_value, sizeof(input->config_value));
+ LOG_DBGFMT(" - DICE config_descriptor =");
+ print_byte_array(input->config_descriptor, input->config_descriptor_size);
+ LOG_DBGFMT(" - DICE authority_hash =");
+ print_byte_array(input->authority_hash, sizeof(input->authority_hash));
+ LOG_DBGFMT(" - DICE authority_descriptor =");
+ print_byte_array(input->authority_descriptor,
+ input->authority_descriptor_size);
+ LOG_DBGFMT(" - DICE mode = %d\r\n", input->mode);
+ LOG_DBGFMT(" - DICE hidden =");
+ print_byte_array(input->hidden, sizeof(input->hidden));
+}
+
+void log_derive_child(int context_handle,
+ bool retain_parent_context,
+ bool allow_child_to_derive,
+ bool create_certificate,
+ const DiceInputValues *dice_inputs)
+{
+ LOG_DBGFMT("DPE DeriveChild:\r\n");
+ LOG_DBGFMT(" - context_handle = %d\r\n", context_handle);
+ LOG_DBGFMT(" - retain_parent_context = %d\r\n", retain_parent_context);
+ LOG_DBGFMT(" - allow_child_to_derive = %d\r\n", allow_child_to_derive);
+ LOG_DBGFMT(" - create_certificate = %d\r\n", create_certificate);
+ log_dice_inputs(dice_inputs);
+}
+
+void log_certify_key(int context_handle,
+ bool retain_context,
+ const uint8_t *public_key,
+ size_t public_key_size,
+ const uint8_t *label,
+ size_t label_size)
+{
+ LOG_DBGFMT("DPE CertifyKey:\r\n");
+ LOG_DBGFMT(" - context_handle = %d\r\n", context_handle);
+ LOG_DBGFMT(" - retain_context = %d\r\n", retain_context);
+ LOG_DBGFMT(" - public_key =");
+ print_byte_array(public_key, public_key_size);
+ LOG_DBGFMT(" - label =");
+ print_byte_array(label, label_size);
+}
+
+#endif /* TFM_PARTITION_LOG_LEVEL */
diff --git a/partitions/dice_protection_environment/dpe_log.h b/partitions/dice_protection_environment/dpe_log.h
new file mode 100644
index 0000000..d30b2a3
--- /dev/null
+++ b/partitions/dice_protection_environment/dpe_log.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __DPE_LOG_H__
+#define __DPE_LOG_H__
+
+#include "dice_protection_environment.h"
+#include "tfm_sp_log.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if (TFM_PARTITION_LOG_LEVEL >= TFM_PARTITION_LOG_LEVEL_DEBUG)
+
+/**
+ * \brief Log the derive child command parameters.
+ */
+void log_derive_child(int context_handle,
+ bool retain_parent_context,
+ bool allow_child_to_derive,
+ bool create_certificate,
+ const DiceInputValues *dice_inputs);
+
+/**
+ * \brief Log the certify key command parameters.
+ */
+void log_certify_key(int context_handle,
+ bool retain_context,
+ const uint8_t *public_key,
+ size_t public_key_size,
+ const uint8_t *label,
+ size_t label_size);
+
+#else /* TFM_PARTITION_LOG_LEVEL */
+
+#define log_derive_child(...)
+#define log_certify_key(...)
+
+#endif /* TFM_PARTITION_LOG_LEVEL */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __DPE_LOG_H__ */