From 178887362ae97acfd0f30653f15ac7e3f18b1e36 Mon Sep 17 00:00:00 2001
From: Jens Wiklander <jens.wiklander@linaro.org>
Date: Thu, 25 Apr 2019 15:59:17 +0200
Subject: core: introduce CFG_CORE_HUK_SUBKEY_COMPAT

Adds CFG_CORE_HUK_SUBKEY_COMPAT which if set to 'y' makes
huk_subkey_derive() produce RPMB and SSK keys identical to the legacy
code.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 core/kernel/huk_subkey.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 mk/config.mk             |  2 ++
 2 files changed, 49 insertions(+)

diff --git a/core/kernel/huk_subkey.c b/core/kernel/huk_subkey.c
index 7d6e5bf4..67027f39 100644
--- a/core/kernel/huk_subkey.c
+++ b/core/kernel/huk_subkey.c
@@ -6,6 +6,7 @@
 #include <crypto/crypto.h>
 #include <kernel/huk_subkey.h>
 #include <kernel/tee_common_otp.h>
+#include <tee/tee_fs_key_manager.h>
 
 static TEE_Result mac_usage(void *ctx, uint32_t usage)
 {
@@ -13,6 +14,48 @@ static TEE_Result mac_usage(void *ctx, uint32_t usage)
 				 (const void *)&usage, sizeof(usage));
 }
 
+#ifdef CFG_CORE_HUK_SUBKEY_COMPAT
+/*
+ * This gives the result of the default tee_otp_get_die_id()
+ * implementation.
+ */
+static void get_dummy_die_id(uint8_t *buffer, size_t len)
+{
+	static const char pattern[4] = { 'B', 'E', 'E', 'F' };
+	size_t i;
+
+	for (i = 0; i < len; i++)
+		buffer[i] = pattern[i % 4];
+}
+
+/*
+ * This does special treatment for RPMB and SSK key derivations to give
+ * the same result as when huk_subkey_derive() wasn't used.
+ */
+static TEE_Result huk_compat(void *ctx, enum huk_subkey_usage usage)
+{
+	TEE_Result res = TEE_SUCCESS;
+	uint8_t chip_id[TEE_FS_KM_CHIP_ID_LENGTH] = { 0 };
+	static uint8_t ssk_str[] = "ONLY_FOR_tee_fs_ssk";
+
+	switch (usage) {
+	case HUK_SUBKEY_RPMB:
+		return TEE_SUCCESS;
+	case HUK_SUBKEY_SSK:
+		get_dummy_die_id(chip_id, sizeof(chip_id));
+		res = crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256,
+					chip_id, sizeof(chip_id));
+		if (res)
+			return res;
+		return crypto_mac_update(ctx, TEE_ALG_HMAC_SHA256,
+					 ssk_str, sizeof(ssk_str));
+	default:
+		return mac_usage(ctx, usage);
+	}
+
+}
+#endif /*CFG_CORE_HUK_SUBKEY_COMPAT*/
+
 TEE_Result huk_subkey_derive(enum huk_subkey_usage usage,
 			     const void *const_data, size_t const_data_len,
 			     uint8_t *subkey, size_t subkey_len)
@@ -39,7 +82,11 @@ TEE_Result huk_subkey_derive(enum huk_subkey_usage usage,
 	if (res)
 		goto out;
 
+#ifdef CFG_CORE_HUK_SUBKEY_COMPAT
+	res = huk_compat(ctx, usage);
+#else
 	res = mac_usage(ctx, usage);
+#endif
 	if (res)
 		goto out;
 
diff --git a/mk/config.mk b/mk/config.mk
index 6196b39f..7ac4ba47 100644
--- a/mk/config.mk
+++ b/mk/config.mk
@@ -463,3 +463,5 @@ $(call force,CFG_CORE_RWDATA_NOEXEC,y)
 CFG_VIRT_GUEST_COUNT ?= 2
 endif
 
+# Enables backwards compatible derivation of RPMB and SSK keys
+CFG_CORE_HUK_SUBKEY_COMPAT ?= y
-- 
cgit v1.2.3