Add Application Secrets TEE client library#413
Conversation
jforissier
left a comment
jforissier
left a comment
There was a problem hiding this comment.
Hi @tusal-vaisala,
Thanks for the PR. This looks like a useful feature and easy to use. Please see my comments below.
| TEEC_Operation op = { 0 }; | ||
| TEEC_Result res = TEEC_ERROR_GENERIC; | ||
|
|
||
| if (!plain || plain_len == 0 || !sealed_len) |
There was a problem hiding this comment.
Style: !plain_len
To implement the contract in the proposed API documentation update above, we would need to add:
if (!sealed && *sealed_len)
return TEEC_ERROR_BAD_PARAMETERS;
| if (!sealed || !plain_len) | ||
| return TEEC_ERROR_BAD_PARAMETERS; |
There was a problem hiding this comment.
Assuming the proposed API update and for consistency with asteec_seal():
| if (!sealed || !plain_len) | |
| return TEEC_ERROR_BAD_PARAMETERS; | |
| if (!sealed || !sealed_len || !plain_len) | |
| return TEEC_ERROR_BAD_PARAMETERS; | |
| if (!plain && *plain_len) | |
| return TEEC_ERROR_BAD_PARAMETERS; |
| VERSION 1.0.0 | ||
| LANGUAGES C | ||
| ) | ||
|
|
There was a problem hiding this comment.
I suggest making the build of this library optional like for libteecacl:
option(WITH_ASTEEC "Build libasteec" TRUE)
| * @param sealed Pointer to buffer to receive sealed secret datablob | ||
| * @param sealed_len Byte length of buffer @sealed, updated with actual size |
There was a problem hiding this comment.
I recommend being explicit bout output size querying:
| * @param sealed Pointer to buffer to receive sealed secret datablob | |
| * @param sealed_len Byte length of buffer @sealed, updated with actual size | |
| * @param sealed Pointer to buffer to receive sealed secret datablob. | |
| * May be NULL when *sealed_len is 0 to query the | |
| * required output size. | |
| * @param sealed_len On input, byte length of buffer @sealed. On output, | |
| * updated with the actual size on success or the required | |
| * size when TEEC_ERROR_SHORT_BUFFER is returned. |
I have not checked if this would require changes in the TA implementation though
There was a problem hiding this comment.
Thanks for the review! Added a fixup with all proposed changes. The TA already supports querying the output buffer size, so no changes needed there regarding this.
| * @param plain Pointer to buffer to receive plain secret | ||
| * @param plain_len Byte length of buffer @plain, updated with actual size |
There was a problem hiding this comment.
And here:
| * @param plain Pointer to buffer to receive plain secret | |
| * @param plain_len Byte length of buffer @plain, updated with actual size | |
| * @param plain Pointer to buffer to receive plain secret. | |
| * May be NULL when *plain_len is 0 to query the | |
| * required output size. | |
| * @param plain_len On input, byte length of buffer @plain. On output, | |
| * updated with the actual size on success or the required | |
| * size when TEEC_ERROR_SHORT_BUFFER is returned. |
|
|
for accessing Application Secrets TA Co-developed-by: Katariina Lounento <katariina.lounento@vaisala.com> Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com> Co-developed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Tuomas Salokanto <tuomas.salokanto@vaisala.com> Reviewed-by: Jerome Forissier <jerome.forissier@arm.com>
tusal-vaisala
force-pushed
the
appsecrets-upstream-pr
branch
from
d7821b2 to
095fd4a
Compare
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
|
keep-alive |
2 participants
Related optee_os PR: OP-TEE/optee_os#7769
Addresses issue: OP-TEE/optee_os#7768