From 18cb07ae87fa1a4abdaab970e4414285a5df2960 Mon Sep 17 00:00:00 2001
From: leezhenxiang <1172294056@qq.com>
Date: Sat, 14 Oct 2023 15:55:29 +0800
Subject: [PATCH] Synchronize missing changes in KCML.

---
 attestation/tee/kcml/kcml.c | 49 ++++++++++++++++++++++++++++---------
 attestation/tee/kcml/kcml.h | 33 +++++++++++++++++++------
 2 files changed, 63 insertions(+), 19 deletions(-)

diff --git a/attestation/tee/kcml/kcml.c b/attestation/tee/kcml/kcml.c
index ca69fc7..0f41b6e 100644
--- a/attestation/tee/kcml/kcml.c
+++ b/attestation/tee/kcml/kcml.c
@@ -39,13 +39,16 @@ void cmd_copy(CmdNode *cmdnode, TEE_UUID *uuid, uint8_t *account, uint8_t *passw
 }
 
 TEE_Result generate_key(TEE_UUID *uuid, uint8_t *account,
-        uint8_t *password, TEE_UUID *masterkey) {
+        uint8_t *password, TEE_UUID *masterkey, char *mem_hash, char *img_hash) {
     TEE_Result ret;
     CmdNode *cmdnode = TEE_Malloc(sizeof(CmdNode), 0);
     TEE_TASessionHandle session = {0};
     TEE_Param params[4] = {0};
     uint32_t retOrigin = 0;
     uint32_t command_param_type = 0;
+    HashValue hash = {0};
+    strncpy_s(hash.mem_hash, HASH_SIZE, mem_hash, strlen(mem_hash));
+    strncpy_s(hash.img_hash, HASH_SIZE, img_hash, strlen(img_hash));
 
     ret = TEE_OpenTASession(&ktauuid, TIMEOUT, session_param_type, NULL, &session, &retOrigin);
     if(ret != TEE_SUCCESS) {
@@ -55,7 +58,7 @@ TEE_Result generate_key(TEE_UUID *uuid, uint8_t *account,
     cmd_copy(cmdnode, uuid, account, password, NULL, masterkey);
     cmdnode->cmd = CMD_KEY_GENETARE;
     command_param_type = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
-        TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE);
+        TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_MEMREF_INPUT);
     params[PARAMETER_FRIST].memref.buffer = cmdnode;
     params[PARAMETER_FRIST].memref.size = sizeof(CmdNode);
     params[PARAMETER_THIRD].value.a = VALUE_INIT;
@@ -82,14 +85,17 @@ TEE_Result generate_key(TEE_UUID *uuid, uint8_t *account,
     return TEE_SUCCESS;
 }
 
-TEE_Result search_key(TEE_UUID *uuid, uint8_t *account,
-        uint8_t *password, TEE_UUID *keyid, TEE_UUID *masterkey , uint8_t *keyvalue, uint32_t *flag) {
+TEE_Result search_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_UUID *keyid,
+        TEE_UUID *masterkey, uint8_t *keyvalue, uint32_t *flag, char *mem_hash, char *img_hash) {
     TEE_Result ret;
     CmdNode *cmdnode = TEE_Malloc(sizeof(CmdNode), 0);
     TEE_TASessionHandle session = {0};
     TEE_Param params[4] = {0};
     uint32_t retOrigin = 0;
     uint32_t command_param_type = 0;
+    HashValue hash = {0};
+    strncpy_s(hash.mem_hash, HASH_SIZE, mem_hash, strlen(mem_hash));
+    strncpy_s(hash.img_hash, HASH_SIZE, img_hash, strlen(img_hash));
 
     ret = TEE_OpenTASession(&ktauuid, TIMEOUT, session_param_type, NULL, &session, &retOrigin);
     if(ret != TEE_SUCCESS) {
@@ -99,13 +105,15 @@ TEE_Result search_key(TEE_UUID *uuid, uint8_t *account,
     cmd_copy(cmdnode, uuid, account, password, keyid, masterkey);
     cmdnode->cmd = CMD_KEY_SEARCH;
     command_param_type = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
-        TEE_PARAM_TYPE_MEMREF_OUTPUT, TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE);
+        TEE_PARAM_TYPE_MEMREF_OUTPUT, TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_MEMREF_INPUT);
     params[PARAMETER_FRIST].memref.buffer = cmdnode;
     params[PARAMETER_FRIST].memref.size = sizeof(CmdNode);
     params[PARAMETER_SECOND].memref.buffer = keyvalue;
     params[PARAMETER_SECOND].memref.size = KEY_SIZE;
     params[PARAMETER_THIRD].value.a = VALUE_INIT;
     params[PARAMETER_THIRD].value.b = VALUE_INIT;
+    params[PARAMETER_FOURTH].memref.buffer = &hash;
+    params[PARAMETER_FOURTH].memref.size = sizeof(hash);
 
     ret = TEE_InvokeTACommand(session, TIMEOUT, CMD_KEY_SEARCH, command_param_type, params, &retOrigin);
     if(ret != TEE_SUCCESS) {
@@ -132,13 +140,17 @@ TEE_Result search_key(TEE_UUID *uuid, uint8_t *account,
     return TEE_SUCCESS;
 }
 
-TEE_Result delete_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_UUID *keyid) {
+TEE_Result delete_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_UUID *keyid,
+        char *mem_hash, char *img_hash) {
     TEE_Result ret;
     CmdNode *cmdnode = TEE_Malloc(sizeof(CmdNode), 0);
     TEE_TASessionHandle session = {0};
     TEE_Param params[4] = {0};
     uint32_t retOrigin = 0;
     uint32_t command_param_type = 0;
+    HashValue hash = {0};
+    strncpy_s(hash.mem_hash, HASH_SIZE, mem_hash, strlen(mem_hash));
+    strncpy_s(hash.img_hash, HASH_SIZE, img_hash, strlen(img_hash));
 
     ret = TEE_OpenTASession(&ktauuid, TIMEOUT, session_param_type, NULL, &session, &retOrigin);
     if(ret != TEE_SUCCESS) {
@@ -148,13 +160,15 @@ TEE_Result delete_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_U
     cmd_copy(cmdnode, uuid, account, password, keyid, NULL);
     cmdnode->cmd = CMD_KEY_DELETE;
     command_param_type = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
-        TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE);
+        TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_MEMREF_INPUT);
     params[PARAMETER_FRIST].memref.buffer = cmdnode;
     params[PARAMETER_FRIST].memref.size = sizeof(CmdNode);
     params[PARAMETER_SECOND].value.a = VALUE_INIT;
     params[PARAMETER_SECOND].value.b = VALUE_INIT;
     params[PARAMETER_THIRD].value.a = VALUE_INIT;
     params[PARAMETER_THIRD].value.b = VALUE_INIT;
+    params[PARAMETER_FOURTH].memref.buffer = &hash;
+    params[PARAMETER_FOURTH].memref.size = sizeof(hash);
 
     ret = TEE_InvokeTACommand(session, TIMEOUT, CMD_KEY_DELETE, command_param_type, params, &retOrigin);
     if(ret != TEE_SUCCESS) {
@@ -182,13 +196,17 @@ TEE_Result delete_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_U
     return TEE_SUCCESS;
 }
 
-TEE_Result clear_cache(TEE_UUID *uuid, uint8_t *account, uint8_t *password) {
+TEE_Result clear_cache(TEE_UUID *uuid, uint8_t *account, uint8_t *password,
+        char *mem_hash, char *img_hash) {
     TEE_Result ret;
     CmdNode *cmdnode = TEE_Malloc(sizeof(CmdNode), 0);
     TEE_TASessionHandle session = {0};
     TEE_Param params[4] = {0};
     uint32_t retOrigin = 0;
     uint32_t command_param_type = 0;
+    HashValue hash = {0};
+    strncpy_s(hash.mem_hash, HASH_SIZE, mem_hash, strlen(mem_hash));
+    strncpy_s(hash.img_hash, HASH_SIZE, img_hash, strlen(img_hash));
 
     ret = TEE_OpenTASession(&ktauuid, TIMEOUT, session_param_type, NULL, &session, &retOrigin);
     if(ret != TEE_SUCCESS) {
@@ -200,11 +218,13 @@ TEE_Result clear_cache(TEE_UUID *uuid, uint8_t *account, uint8_t *password) {
     cmd_copy(cmdnode, uuid, account, password, NULL, NULL);
     cmdnode->cmd = CMD_CLEAR_CACHE;
     command_param_type = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
-        TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE);
+        TEE_PARAM_TYPE_VALUE_OUTPUT, TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_MEMREF_INPUT);
     params[PARAMETER_FRIST].memref.buffer = cmdnode;
     params[PARAMETER_FRIST].memref.size = sizeof(CmdNode);
     params[PARAMETER_SECOND].value.a = VALUE_INIT;
     params[PARAMETER_SECOND].value.b = VALUE_INIT;
+    params[PARAMETER_FOURTH].memref.buffer = &hash;
+    params[PARAMETER_FOURTH].memref.size = sizeof(hash);
     ret = TEE_InvokeTACommand(session, TIMEOUT, CMD_CLEAR_CACHE, command_param_type, params, &retOrigin);
     if(ret != TEE_SUCCESS) {
         tloge("invoke command clear cache failed, origin=0x%x, codes=0x%x\n", retOrigin, ret);
@@ -225,8 +245,8 @@ TEE_Result clear_cache(TEE_UUID *uuid, uint8_t *account, uint8_t *password) {
     return TEE_SUCCESS;
 }
 
-TEE_Result get_kcm_reply(TEE_UUID *uuid, uint8_t *account,
-        uint8_t *password, TEE_UUID *keyid, uint8_t *keyvalue) {
+TEE_Result get_kcm_reply(TEE_UUID *uuid, uint8_t *account, uint8_t *password,
+        TEE_UUID *keyid, uint8_t *keyvalue, char *mem_hash, char *img_hash) {
     TEE_Result ret;
     CmdNode *cmdnode = TEE_Malloc(sizeof(CmdNode), 0);
     ReplyNode *replynode = TEE_Malloc(sizeof(ReplyNode), 0);
@@ -234,6 +254,9 @@ TEE_Result get_kcm_reply(TEE_UUID *uuid, uint8_t *account,
     TEE_Param params[4] = {0};
     uint32_t retOrigin = 0;
     uint32_t command_param_type = 0;
+    HashValue hash = {0};
+    strncpy_s(hash.mem_hash, HASH_SIZE, mem_hash, strlen(mem_hash));
+    strncpy_s(hash.img_hash, HASH_SIZE, img_hash, strlen(img_hash));
 
     ret = TEE_OpenTASession(&ktauuid, TIMEOUT, session_param_type, NULL, &session, &retOrigin);
     if(ret != TEE_SUCCESS) {
@@ -245,11 +268,13 @@ TEE_Result get_kcm_reply(TEE_UUID *uuid, uint8_t *account,
     cmd_copy(cmdnode, uuid, account, password, NULL, NULL);
     cmdnode->cmd = CMD_KCM_REPLY;
     command_param_type = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
-        TEE_PARAM_TYPE_MEMREF_OUTPUT, TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE);   
+        TEE_PARAM_TYPE_MEMREF_OUTPUT, TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_MEMREF_INPUT);
     params[PARAMETER_FRIST].memref.buffer = cmdnode;
     params[PARAMETER_FRIST].memref.size = sizeof(CmdNode);
     params[PARAMETER_SECOND].memref.buffer = replynode;
     params[PARAMETER_SECOND].memref.size = sizeof(ReplyNode);
+    params[PARAMETER_FOURTH].memref.buffer = &hash;
+    params[PARAMETER_FOURTH].memref.size = sizeof(hash);
     ret = TEE_InvokeTACommand(session, TIMEOUT, CMD_KCM_REPLY, command_param_type, params, &retOrigin);
     if(ret != TEE_SUCCESS) {
         tloge("invoke command get kcm reply failed, origin=0x%x, codes=0x%x\n", retOrigin, ret);
diff --git a/attestation/tee/kcml/kcml.h b/attestation/tee/kcml/kcml.h
index 24e16f8..d940a97 100644
--- a/attestation/tee/kcml/kcml.h
+++ b/attestation/tee/kcml/kcml.h
@@ -16,6 +16,7 @@ See the Mulan PSL v2 for more details.
 
 #define MAX_STR_LEN 64
 #define KEY_SIZE 4096
+#define HASH_SIZE 65
 #define PARAMETER_FRIST 0
 #define PARAMETER_SECOND 1
 #define PARAMETER_THIRD 2
@@ -49,6 +50,11 @@ typedef struct _tagReplyNode{
     int32_t next;   // -1: empty; 0~MAX_TA_NUM: next reply for search operation.
 } ReplyNode;
 
+typedef struct _tagHashValues{
+    char mem_hash[HASH_SIZE];
+    char img_hash[HASH_SIZE];
+} HashValue;
+
 /*
  * Generate a key using KCMS
  *
@@ -56,8 +62,11 @@ typedef struct _tagReplyNode{
  * @param account [IN] ta's account in KMS
  * @param password [IN] ta's password in KMS
  * @param masterkey [IN] the uuid of ta's master key in KMS
+ * @param mem_hash [IN] the mem_hash of current ta
+ * @param img_hash [IN] the img_hash of current ta
  */
-TEE_Result generate_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_UUID *masterkey);
+TEE_Result generate_key(TEE_UUID *uuid, uint8_t *account,
+        uint8_t *password, TEE_UUID *masterkey, char *mem_hash, char *img_hash);
 
 /*
  * Search the key corresponding to the keyid using KCMS
@@ -69,9 +78,11 @@ TEE_Result generate_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE
  * @param masterkey [IN] the uuid of ta's master key in KMS
  * @param keyvalue [OUT] the value of the key
  * @param flag [OUT] a flag, whether need to search again
+ * @param mem_hash [IN] the mem_hash of current ta
+ * @param img_hash [IN] the img_hash of current ta
  */
-TEE_Result search_key(TEE_UUID *uuid, uint8_t *account,
-        uint8_t *password, TEE_UUID *keyid, TEE_UUID *masterkey, uint8_t *keyvalue, uint32_t *flag);
+TEE_Result search_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_UUID *keyid,
+        TEE_UUID *masterkey, uint8_t *keyvalue, uint32_t *flag, char *mem_hash, char *img_hash);
 
 /*
  * Delete the key corresponding to the keyid in KMS using KCMS
@@ -80,8 +91,11 @@ TEE_Result search_key(TEE_UUID *uuid, uint8_t *account,
  * @param account [IN] ta's account in KMS
  * @param password [IN] ta's password in KMS
  * @param keyid [IN] the id of the key to be searched for
+ * @param mem_hash [IN] the mem_hash of current ta
+ * @param img_hash [IN] the img_hash of current ta
  */
-TEE_Result delete_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_UUID *keyid);
+TEE_Result delete_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_UUID *keyid,
+        char *mem_hash, char *img_hash);
 
 /*
  * Clear all of current ta's data in KTA
@@ -89,8 +103,11 @@ TEE_Result delete_key(TEE_UUID *uuid, uint8_t *account, uint8_t *password, TEE_U
  * @param uuid [IN] the uuid of ta which needs the key
  * @param account [IN] ta's account in KMS
  * @param password [IN] ta's password in KMS
+ * @param mem_hash [IN] the mem_hash of current ta
+ * @param img_hash [IN] the img_hash of current ta
  */
-TEE_Result clear_cache(TEE_UUID *uuid, uint8_t *account, uint8_t *password);
+TEE_Result clear_cache(TEE_UUID *uuid, uint8_t *account, uint8_t *password,
+        char *mem_hash, char *img_hash);
 
 /*
  * Get the reply of generating a key using KCMS
@@ -100,7 +117,9 @@ TEE_Result clear_cache(TEE_UUID *uuid, uint8_t *account, uint8_t *password);
  * @param password [IN] ta's password in KMS
  * @param keyid [IN] the id of the key to be searched for
  * @param keyvalue [OUT] the value of the key generated
+ * @param mem_hash [IN] the mem_hash of current ta
+ * @param img_hash [IN] the img_hash of current ta
  */
-TEE_Result get_kcm_reply(TEE_UUID *uuid, uint8_t *account,
-        uint8_t *password, TEE_UUID *keyid, uint8_t *keyvalue);
+TEE_Result get_kcm_reply(TEE_UUID *uuid, uint8_t *account, uint8_t *password,
+        TEE_UUID *keyid, uint8_t *keyvalue, char *mem_hash, char *img_hash);
 #endif // __KCML_H__
-- 
Gitee