ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #12823 from SeppoTakalo/generate_devicekey 

Allow Devicekey::generate_root_of_trust() to define key size.
pull/12914/head
Martin Kojtal 2020-04-30 15:59:07 +02:00 committed by GitHub
parent 08a09200a6 fc9e75bddc
commit 930ef84662
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
features/device_key/source/DeviceKey.cpp
View File

@ -245,7 +245,7 @@ finish:
return DEVICEKEY_SUCCESS; return DEVICEKEY_SUCCESS;
} }
int DeviceKey::generate_root_of_trust() int DeviceKey::generate_root_of_trust(size_t key_size)
{ {
int ret = DEVICEKEY_GENERATE_RANDOM_ERROR; int ret = DEVICEKEY_GENERATE_RANDOM_ERROR;
uint32_t key_buff[DEVICE_KEY_32BYTE / sizeof(uint32_t)]; uint32_t key_buff[DEVICE_KEY_32BYTE / sizeof(uint32_t)];
@ -255,12 +255,16 @@ int DeviceKey::generate_root_of_trust()
return DEVICEKEY_ALREADY_EXIST; return DEVICEKEY_ALREADY_EXIST;
} }
if (key_size != DEVICE_KEY_32BYTE && key_size != DEVICE_KEY_16BYTE) {
return DEVICEKEY_INVALID_KEY_SIZE;
}
#if defined(DEVICE_TRNG) || defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) #if defined(DEVICE_TRNG) || defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
mbedtls_entropy_context *entropy = new mbedtls_entropy_context; mbedtls_entropy_context *entropy = new mbedtls_entropy_context;
mbedtls_entropy_init(entropy); mbedtls_entropy_init(entropy);
memset(key_buff, 0, actual_size); memset(key_buff, 0, key_size);
ret = mbedtls_entropy_func(entropy, (unsigned char *)key_buff, actual_size); ret = mbedtls_entropy_func(entropy, (unsigned char *)key_buff, key_size);
if (ret != MBED_SUCCESS) { if (ret != MBED_SUCCESS) {
ret = DEVICEKEY_GENERATE_RANDOM_ERROR; ret = DEVICEKEY_GENERATE_RANDOM_ERROR;
} else { } else {
@ -271,7 +275,7 @@ int DeviceKey::generate_root_of_trust()
delete entropy; delete entropy;
if (ret == DEVICEKEY_SUCCESS) { if (ret == DEVICEKEY_SUCCESS) {
ret = device_inject_root_of_trust(key_buff, actual_size); ret = device_inject_root_of_trust(key_buff, key_size);
} }
#endif #endif

13
features/device_key/source/DeviceKey.h
View File

@ -110,12 +110,15 @@ public:
* Uses TRNG or various other entropy sources to generate random device key and * Uses TRNG or various other entropy sources to generate random device key and
* inject it into device's KVStore. Device Key can only be generated once. * inject it into device's KVStore. Device Key can only be generated once.
* *
* \return DEVICEKEY_SUCCESS, when device key successfully generated and injected. * @param key_size Size of key in bytes to generate. Must be 16 bytes or 32 bytes. Default is 16 bytes.
* \return DEVICEKEY_ALREADY_EXIST, if the key has already been written. *
* \return DEVICEKEY_GENERATE_RANDOM_ERROR if this device does not contain entropy sources and cannot generate a key. * @return DEVICEKEY_SUCCESS, when device key successfully generated and injected.
* \return error codes on other failures. * @return DEVICEKEY_ALREADY_EXIST, if the key has already been written.
* @return DEVICEKEY_GENERATE_RANDOM_ERROR if this device does not contain entropy sources and cannot generate a key.
* @return DEVICEKEY_INVALID_KEY_SIZE if key_size is not 32 or 16 bytes.
* @return error codes on other failures.
*/ */
int generate_root_of_trust(); int generate_root_of_trust(size_t key_size = DEVICE_KEY_16BYTE);
private: private:
// Private constructor, as class is a singleton // Private constructor, as class is a singleton