From d45375f417400a4ea7a2ffa0e8263753824854bd Mon Sep 17 00:00:00 2001 From: Jay Date: Thu, 18 Jan 2024 11:43:41 +0000 Subject: [PATCH] Add RPCs for reading the witness identity counter. --- trusted_os/rpc.go | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/trusted_os/rpc.go b/trusted_os/rpc.go index da87577..1908878 100644 --- a/trusted_os/rpc.go +++ b/trusted_os/rpc.go @@ -15,8 +15,10 @@ package main import ( + "bytes" "crypto/aes" "crypto/sha256" + "encoding/binary" "errors" "log" "net" @@ -156,6 +158,26 @@ func (r *RPC) Read(xfer rpc.Read, out *[]byte) (err error) { return } +// ReadIdentityCounterStorage reads data from the storage media sector +// containing the witness identity counter. +func (r *RPC) ReadIdentityCounterStorage(_ any, counter *uint32) error { + if r.Storage == nil { + return errors.New("missing Storage") + } + + b, err := r.Storage.Read(mmcIdentityCounter, 1) + if err != nil { + return err + } + + buf := bytes.NewReader(b) + if err := binary.Read(buf, binary.BigEndian, *counter); err != nil { + return err + } + + return err +} + // WriteRPMB performs an authenticated data transfer to the card RPMB partition // sector allocated to the Trusted Applet. The input buffer can contain up to // 256 bytes of data, n can be passed to retrieve the partition write counter. @@ -171,6 +193,19 @@ func (r *RPC) ReadRPMB(buf []byte, n *uint32) error { return r.RPMB.transfer(taUserSector, buf, n, false) } +// ReadIdentityCounterRPMB performs an authenticated data transfer from the card RPMB +// partition sector allocated to the witness identity counter. It returns the +// value stored in this area. +func (r *RPC) ReadIdentityCounterRPMB(_ any, counter *uint32) error { + buf := make([]byte, witnessIdentityCounterLength) + if err := r.RPMB.transfer(rpmbWitnessIdentityCounter, buf, nil, false); err != nil { + return err + } + + *counter = binary.BigEndian.Uint32(buf) + return nil +} + // DeriveKey derives a hardware unique key in a manner equivalent to PKCS#11 // C_DeriveKey with CKM_AES_CBC_ENCRYPT_DATA. //