aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2020-03-25 15:48:53 +0800
committerDavid Hu <david.hu@arm.com>2020-06-22 02:33:00 +0000
commit6d2bc65f3fbc215eae6116228902c9c4e65e5a43 (patch)
tree95d60336905dcdb2ed35120ee430c968f701b202
parentaa342d5b4b70703cf9ad5f72752caa757f322ea3 (diff)
downloadtrusted-firmware-m-6d2bc65f3fbc215eae6116228902c9c4e65e5a43.tar.gz
Attest: Support kid parameter in COSE_Mac0 structure header
Add a HAL API tfm_plat_get_symmetric_iak_id() to fetch kid from platform. Implement an example of this HAL API. Add attest_get_symmetric_iak_id() to pass the kid value to token generation of symmetric key algorithm based Initial Attestation. Change-Id: I642f7a03f1738c8fe77f11fc2ae91652fc01df29 Signed-off-by: David Hu <david.hu@arm.com>
-rw-r--r--platform/ext/common/template/crypto_keys.c22
-rw-r--r--platform/ext/common/template/tfm_initial_attestation_key_material.c3
-rw-r--r--platform/include/tfm_plat_crypto_keys.h19
-rw-r--r--secure_fw/partitions/initial_attestation/attest_symmetric_key.c56
-rw-r--r--secure_fw/partitions/initial_attestation/attest_token.c8
-rw-r--r--secure_fw/partitions/initial_attestation/attestation_key.h21
6 files changed, 124 insertions, 5 deletions
diff --git a/platform/ext/common/template/crypto_keys.c b/platform/ext/common/template/crypto_keys.c
index e00520517..d4d755c6c 100644
--- a/platform/ext/common/template/crypto_keys.c
+++ b/platform/ext/common/template/crypto_keys.c
@@ -14,9 +14,11 @@
* limitations under the License.
*/
-#include "tfm_plat_crypto_keys.h"
#include <stddef.h>
+#include <string.h>
+
#include "psa/crypto_types.h"
+#include "tfm_plat_crypto_keys.h"
/* FIXME: Functions in this file should be implemented by platform vendor. For
* the security of the storage system, it is critical to use a hardware unique
@@ -34,6 +36,7 @@ static const uint8_t sample_tfm_key[TFM_KEY_LEN_BYTES] =
extern const psa_algorithm_t tfm_attest_hmac_sign_alg;
extern const uint8_t initial_attestation_hmac_sha256_key[];
extern const size_t initial_attestation_hmac_sha256_key_size;
+extern const char *initial_attestation_kid;
#else /* SYMMETRIC_INITIAL_ATTESTATION */
extern const psa_ecc_curve_t initial_attestation_curve_type;
extern const uint8_t initial_attestation_private_key[];
@@ -109,6 +112,23 @@ enum tfm_plat_err_t tfm_plat_get_symmetric_iak(uint8_t *key_buf,
return TFM_PLAT_ERR_SUCCESS;
}
+
+enum tfm_plat_err_t tfm_plat_get_symmetric_iak_id(void *kid_buf,
+ size_t buf_len,
+ size_t *kid_len)
+{
+ /* kid is string in this example. '\0' is ignore. */
+ size_t len = strlen(initial_attestation_kid);
+
+ if (!kid_buf || !kid_len || (buf_len < len)) {
+ return TFM_PLAT_ERR_INVALID_INPUT;
+ }
+
+ copy_key(kid_buf, (const uint8_t *)initial_attestation_kid, len);
+ *kid_len = len;
+
+ return TFM_PLAT_ERR_SUCCESS;
+}
#else /* SYMMETRIC_INITIAL_ATTESTATION */
enum tfm_plat_err_t
tfm_plat_get_initial_attest_key(uint8_t *key_buf,
diff --git a/platform/ext/common/template/tfm_initial_attestation_key_material.c b/platform/ext/common/template/tfm_initial_attestation_key_material.c
index 25dec5cce..c7ba7fbe1 100644
--- a/platform/ext/common/template/tfm_initial_attestation_key_material.c
+++ b/platform/ext/common/template/tfm_initial_attestation_key_material.c
@@ -42,6 +42,9 @@ const uint8_t initial_attestation_hmac_sha256_key[] =
TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
const size_t initial_attestation_hmac_sha256_key_size =
sizeof(initial_attestation_hmac_sha256_key);
+
+TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_INITIAL_ATTESTATION")
+const char *initial_attestation_kid = "kid@trustedfirmware.example";
#else /* SYMMETRIC_INITIAL_ATTESTATION */
/*
* This file contains the hard coded version of the ECDSA P-256 secret key in:
diff --git a/platform/include/tfm_plat_crypto_keys.h b/platform/include/tfm_plat_crypto_keys.h
index f9934cdff..035fd3830 100644
--- a/platform/include/tfm_plat_crypto_keys.h
+++ b/platform/include/tfm_plat_crypto_keys.h
@@ -104,6 +104,25 @@ enum tfm_plat_err_t tfm_plat_get_symmetric_iak(uint8_t *key_buf,
size_t buf_len,
size_t *key_len,
psa_algorithm_t *key_alg);
+
+#ifdef INCLUDE_COSE_KEY_ID
+/**
+ * \brief Get the key identifier of the symmetric Initial Attestation Key as the
+ * 'kid' parameter in COSE Header.
+ *
+ * \note This `kid` parameter is included in COSE Header. Please don't confuse
+ * it with that `kid` in COSE_Key structure.
+ *
+ * \param[out] kid_buf The buffer to be written with key id
+ * \param[in] buf_len The length of kid_buf
+ * \param[out] kid_len The length of key id
+ *
+ * \return Returns error code specified in \ref tfm_plat_err_t.
+ */
+enum tfm_plat_err_t tfm_plat_get_symmetric_iak_id(void *kid_buf,
+ size_t buf_len,
+ size_t *kid_len);
+#endif
#else /* SYMMETRIC_INITIAL_ATTESTATION */
/**
* \brief Get the initial attestation key
diff --git a/secure_fw/partitions/initial_attestation/attest_symmetric_key.c b/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
index 599a46ae5..cdc8a3e68 100644
--- a/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
@@ -20,6 +20,9 @@
/* Hash algorithm for calculating Instance ID */
#define INSTANCE_ID_HASH_ALG PSA_ALG_SHA_256
+/* Length of kid buffer */
+#define KID_BUF_LEN 32
+
/* Symmetric IAK handle */
static psa_key_handle_t symmetric_iak_handle = 0;
@@ -27,6 +30,13 @@ static psa_key_handle_t symmetric_iak_handle = 0;
static uint8_t instance_id_buf[PSA_HASH_SIZE(INSTANCE_ID_HASH_ALG) + 1];
static size_t instance_id_len = 0;
+#ifdef INCLUDE_COSE_KEY_ID
+/* kid buffer */
+static uint8_t kid_buf[KID_BUF_LEN];
+/* Actual kid length */
+static size_t kid_len = 0;
+#endif
+
static psa_status_t destroy_iak(psa_key_handle_t *iak_handle)
{
psa_status_t res;
@@ -206,6 +216,11 @@ enum psa_attest_err_t attest_unregister_initial_attestation_key(void)
/* Invalidate the Instance ID as well */
instance_id_len = 0;
+#ifdef INCLUDE_COSE_KEY_ID
+ /* Invalidate the corresponding kid as well */
+ kid_len = 0;
+#endif
+
return PSA_ATTEST_ERR_SUCCESS;
}
@@ -237,3 +252,44 @@ attest_get_instance_id(struct q_useful_buf_c *id_buf)
return PSA_ATTEST_ERR_SUCCESS;
}
+
+#ifdef INCLUDE_COSE_KEY_ID
+enum psa_attest_err_t
+attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id)
+{
+ enum tfm_plat_err_t plat_res;
+
+ if (!attest_key_id) {
+ return PSA_ATTEST_ERR_GENERAL;
+ }
+
+ /* The kid has not been fetched previously */
+ if (!kid_len) {
+ plat_res = tfm_plat_get_symmetric_iak_id(kid_buf,
+ sizeof(kid_buf),
+ &kid_len);
+ /* In case the buffer size was not checked, although unlikely */
+ if (sizeof(kid_buf) < kid_len) {
+ /*
+ * Something critical following kid_buf may be overwritten.
+ * Directly jump into fatal error handling.
+ *
+ * TODO: Should be replaced by a call to psa_panic() when it
+ * becomes available.
+ */
+ while (1) {
+ ;
+ }
+ }
+
+ if (plat_res != TFM_PLAT_ERR_SUCCESS) {
+ return PSA_ATTEST_ERR_GENERAL;
+ }
+ }
+
+ attest_key_id->ptr = (const void *)&kid_buf;
+ attest_key_id->len = kid_len;
+
+ return PSA_ATTEST_ERR_SUCCESS;
+}
+#endif /* INCLUDE_COSE_KEY_ID */
diff --git a/secure_fw/partitions/initial_attestation/attest_token.c b/secure_fw/partitions/initial_attestation/attest_token.c
index 6e2762e11..43547e6a2 100644
--- a/secure_fw/partitions/initial_attestation/attest_token.c
+++ b/secure_fw/partitions/initial_attestation/attest_token.c
@@ -120,6 +120,14 @@ enum attest_token_err_t attest_token_start(struct attest_token_ctx *me,
attest_key.crypto_lib = T_COSE_CRYPTO_LIB_PSA;
attest_key.k.key_handle = (uint64_t)key_handle;
+ attest_ret = attest_get_initial_attestation_key_id(&attest_key_id);
+ if (attest_ret != PSA_ATTEST_ERR_SUCCESS) {
+ return ATTEST_TOKEN_ERR_GENERAL;
+ } else if (!attest_key_id.ptr || !attest_key_id.len) {
+ /* In case kid value is invalid, set it to NULL */
+ attest_key_id = NULL_Q_USEFUL_BUF_C;
+ }
+
t_cose_mac0_set_signing_key(&(me->mac_ctx),
attest_key,
attest_key_id);
diff --git a/secure_fw/partitions/initial_attestation/attestation_key.h b/secure_fw/partitions/initial_attestation/attestation_key.h
index ba9e8128a..c0881fe28 100644
--- a/secure_fw/partitions/initial_attestation/attestation_key.h
+++ b/secure_fw/partitions/initial_attestation/attestation_key.h
@@ -85,18 +85,31 @@ attest_get_initial_attestation_public_key(uint8_t **public_key,
size_t *public_key_len,
psa_ecc_curve_t *public_key_curve);
+#ifdef INCLUDE_COSE_KEY_ID
/**
- * \brief Get the attestation key ID. It is the hash (SHA256) of the COSE_Key
- * encoded attestation public key.
+ * \brief Get the attestation key ID.
+ * In asymmetric key algorithm based Initial Attestation, it is the hash
+ * (SHA256) of the COSE_Key encoded attestation public key.
+ * In symmetric key algorithm based Initial Attestation, the key ID raw
+ * data is fetched from from device.
*
* \param[out] attest_key_id Pointer and length of the key id.
*
- * \retval PSA_ATTEST_ERR_SUCCESS Key id calculated successfully.
- * \retval PSA_ATTEST_ERR_GENERAL Key id calculation failed.
+ * \retval PSA_ATTEST_ERR_SUCCESS Got key id successfully.
+ * \retval PSA_ATTEST_ERR_GENERAL Failed to get key id.
*/
enum psa_attest_err_t
attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id);
+#else /* INCLUDE_COSE_KEY_ID */
+static inline enum psa_attest_err_t
+attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id)
+{
+ (void)attest_key_id;
+
+ return PSA_ATTEST_ERR_SUCCESS;
+}
+#endif /* INCLUDE_COSE_KEY_ID */
#ifdef __cplusplus
}