fixup! Add Application Secrets TEE client library

Signed-off-by: Tuomas Salokanto <tuomas.salokanto@vaisala.com>

Author: tusal-vaisala

CMakeLists.txt

@@ -6,6 +6,7 @@ set(CMAKE_TOOLCHAIN_FILE CMakeToolchain.txt)
 
 option(CFG_WERROR "Build with -Werror" TRUE)
 option(WITH_TEEACL "Build libteeacl" TRUE)
+option(WITH_ASTEEC "Build libasteec" TRUE)
 
 include(GNUInstallDirs)
 
@@ -47,4 +48,6 @@ if(WITH_TEEACL)
     add_subdirectory(libteeacl)
 endif(WITH_TEEACL)
 add_subdirectory(libseteec)
-add_subdirectory(libasteec)
+if(WITH_ASTEEC)
+    add_subdirectory(libasteec)
+endif(WITH_ASTEEC)

Makefile

@@ -20,6 +20,7 @@ libdir ?= $(LIBDIR)
 includedir ?= $(INCLUDEDIR)
 
 WITH_TEEACL ?= 1
+WITH_ASTEEC ?= 1
 
 .PHONY: all build build-libteec build-libckteec build-libseteec \
 	build-libteeacl build-libasteec install copy_export clean cscope \
@@ -40,10 +41,13 @@ build-tee-supplicant: build-libteec
 	@echo "Building tee-supplicant"
 	$(MAKE) --directory=tee-supplicant  --no-print-directory --no-builtin-variables CFG_TEE_SUPP_LOG_LEVEL=$(CFG_TEE_SUPP_LOG_LEVEL)
 
-build: build-libteec build-tee-supplicant build-libckteec build-libseteec build-libasteec
+build: build-libteec build-tee-supplicant build-libckteec build-libseteec
 ifeq ($(WITH_TEEACL),1)
 build: build-libteeacl
 endif
+ifeq ($(WITH_ASTEEC),1)
+build: build-libasteec
+endif
 
 build-libckteec: build-libteec
 	@echo "Building libckteec.so"
@@ -64,10 +68,13 @@ build-libasteec: build-libteec
 install: copy_export
 
 clean: clean-libteec clean-tee-supplicant clean-cscope clean-libckteec \
-	clean-libseteec clean-libasteec
+	clean-libseteec
 ifeq ($(WITH_TEEACL),1)
 clean: clean-libteeacl
 endif
+ifeq ($(WITH_ASTEEC),1)
+clean: clean-libasteec
+endif
 
 clean-libteec:
 	@$(MAKE) --directory=libteec --no-print-directory clean
@@ -179,6 +186,8 @@ endif
 	cp libseteec/include/*.h $(DESTDIR)$(includedir)
 	cp -d ${O}/libseteec/libseteec.so* $(DESTDIR)$(libdir)
 	cp -d ${O}/libseteec/libseteec.a $(DESTDIR)$(libdir)
+ifeq ($(WITH_ASTEEC),1)
 	cp libasteec/include/*.h $(DESTDIR)$(includedir)
 	cp -d ${O}/libasteec/libasteec.so* $(DESTDIR)$(libdir)
 	cp -d ${O}/libasteec/libasteec.a $(DESTDIR)$(libdir)
+endif

libasteec/include/asteec.h

@@ -23,8 +23,12 @@ extern "C" {
  *                      TEEC_LOGIN_GROUP_APPLICATION methods
  * @param plain         Pointer to plain secret
  * @param plain_len     Byte length of plain secret
- * @param sealed        Pointer to buffer to receive sealed secret datablob
- * @param sealed_len    Byte length of buffer @sealed, updated with actual size
+ * @param sealed        Pointer to buffer to receive sealed secret datablob.
+ *                      May be NULL when *sealed_len is 0 to query the
+ *                      required output size.
+ * @param sealed_len    On input, byte length of buffer @sealed. On output,
+ *                      updated with the actual size on success or the required
+ *                      size when TEEC_ERROR_SHORT_BUFFER is returned.
  *
  * @return TEEC_SUCCESS on success, TEEC_ERROR_* on failure
  */
@@ -40,8 +44,12 @@ TEEC_Result asteec_seal(uint32_t login_method, gid_t login_gid,
  *                      TEEC_LOGIN_GROUP_APPLICATION methods
  * @param sealed        Pointer to sealed secret datablob
  * @param sealed_len    Byte length of sealed secret datablob
- * @param plain         Pointer to buffer to receive plain secret
- * @param plain_len     Byte length of buffer @plain, updated with actual size
+ * @param plain         Pointer to buffer to receive plain secret.
+ *                      May be NULL when *plain_len is 0 to query the
+ *                      required output size.
+ * @param plain_len     On input, byte length of buffer @plain. On output,
+ *                      updated with the actual size on success or the required
+ *                      size when TEEC_ERROR_SHORT_BUFFER is returned.
  *
  * @return TEEC_SUCCESS on success, TEEC_ERROR_* on failure
  */

libasteec/src/asteec.c

@@ -44,7 +44,10 @@ TEEC_Result asteec_seal(uint32_t login_method, gid_t login_gid,
 	TEEC_Operation op = { 0 };
 	TEEC_Result res = TEEC_ERROR_GENERIC;
 
-	if (!plain || plain_len == 0 || !sealed_len)
+	if (!plain || !plain_len || !sealed_len)
+		return TEEC_ERROR_BAD_PARAMETERS;
+
+	if (!sealed && *sealed_len)
 		return TEEC_ERROR_BAD_PARAMETERS;
 
 	res = TEEC_InitializeContext(NULL, &ctx);
@@ -86,7 +89,10 @@ TEEC_Result asteec_unseal(uint32_t login_method, gid_t login_gid,
 	TEEC_Operation op = { 0 };
 	TEEC_Result res = TEEC_ERROR_GENERIC;
 
-	if (!sealed || !plain_len)
+	if (!sealed || !sealed_len || !plain_len)
+		return TEEC_ERROR_BAD_PARAMETERS;
+
+	if (!plain && *plain_len)
 		return TEEC_ERROR_BAD_PARAMETERS;
 
 	res = TEEC_InitializeContext(NULL, &ctx);