Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / 4004475e7fbc93f9e845eca7d4bdf36599260d6c / . / samples / tfm_integration / psa_crypto / src / psa_attestation.c
blob: ac116b04a2b3f95d30a19cf457b11abcfa0d48f6 [file] [log] [blame]
/*
* Copyright (c) 2019,2020 Linaro Limited
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr/zephyr.h>
#include <stdio.h>
#include <zephyr/logging/log.h>
#include "psa/initial_attestation.h"
#include "psa_attestation.h"
#include "util_app_log.h"
#include "util_sformat.h"
LOG_MODULE_DECLARE(app, CONFIG_LOG_DEFAULT_LEVEL);
psa_status_t att_get_pub_key(void)
{
psa_status_t err = PSA_SUCCESS;
/* TODO: How to retrieve this?!? */
/* Log any eventual errors via app_log */
return err ? al_psa_status(err, __func__) : err;
}
psa_status_t att_get_iat(uint8_t *ch_buffer, uint32_t ch_sz,
uint8_t *token_buffer, uint32_t *token_sz)
{
psa_status_t err = PSA_SUCCESS;
uint32_t sys_token_sz;
size_t token_buf_size = ATT_MAX_TOKEN_SIZE;
/* Call with with bigger challenge object than allowed */
/*
* First determine how large the token is on this system.
* We don't need to compare with the size of ATT_MAX_TOKEN_SIZE here
* since a check will be made in 'psa_initial_attest_get_token' and the
* error return code will indicate a mismatch.
*/
switch (ch_sz) {
case 32:
err = psa_initial_attest_get_token(
ch_buffer,
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32,
token_buffer,
token_buf_size,
&sys_token_sz);
break;
case 48:
err = psa_initial_attest_get_token(
ch_buffer,
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48,
token_buffer,
token_buf_size,
&sys_token_sz);
break;
case 64:
err = psa_initial_attest_get_token(
ch_buffer,
PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64,
token_buffer,
token_buf_size,
&sys_token_sz);
break;
default:
err = -EINVAL;
break;
}
if (err) {
goto err;
}
LOG_INF("att: System IAT size is: %u bytes.", sys_token_sz);
/* Request the initial attestation token w/the challenge data. */
LOG_INF("att: Requesting IAT with %u byte challenge.", ch_sz);
err = psa_initial_attest_get_token(
ch_buffer, /* Challenge/nonce input buffer. */
ch_sz, /* Challenge size (32, 48 or 64). */
token_buffer, /* Token output buffer. */
token_buf_size,
token_sz /* Post exec output token size. */
);
LOG_INF("att: IAT data received: %u bytes.", *token_sz);
err:
/* Log any eventual errors via app_log */
return err ? al_psa_status(err, __func__) : err;
}
psa_status_t att_test(void)
{
psa_status_t err = PSA_SUCCESS;
/* 64-byte nonce/challenge, encrypted using the default public key;
*
* 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
* 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
* 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
* 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
*/
uint32_t nonce_sz = 64;
uint8_t nonce_buf[ATT_MAX_TOKEN_SIZE] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0
};
/* IAT response buffer. */
uint32_t iat_sz = ATT_MAX_TOKEN_SIZE;
uint8_t iat_buf[ATT_MAX_TOKEN_SIZE] = { 0 };
/* String format output config. */
struct sf_hex_tbl_fmt fmt = {
.ascii = true,
.addr_label = true,
.addr = 0
};
/* Request the IAT from the initial attestation service. */
err = att_get_iat(nonce_buf, nonce_sz, iat_buf, &iat_sz);
if (err) {
goto err;
}
/* Display queued log messages before dumping the IAT. */
al_dump_log();
/* Dump the IAT for debug purposes. */
sf_hex_tabulate_16(&fmt, iat_buf, (size_t)iat_sz);
err:
return err;
}