diff options
author | Tamas Ban <tamas.ban@arm.com> | 2022-06-22 14:23:52 +0200 |
---|---|---|
committer | Anton Komlev <Anton.Komlev@arm.com> | 2022-07-27 23:10:24 +0200 |
commit | fc318d7f644b52c1231cb51382c49ac981b6cbe4 (patch) | |
tree | a65687dc8651d30d9d4a6b01b6894b059c0e3532 /secure_fw/partitions | |
parent | df28e9f0289565ddb14d0094c6b087abceb97be6 (diff) | |
download | trusted-firmware-m-fc318d7f644b52c1231cb51382c49ac981b6cbe4.tar.gz |
Attest: Rename claims according to latest spec version
Latest spec:
https://www.ietf.org/archive/id/draft-tschofenig-rats-psa-token-09.html
Rename the following claims and related code (functions and variables, etc):
- UEID -> Instance ID
- Origination -> Verification Service Indicator
- Hardware Version -> Certification Reference
- Challenge -> Nonce
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I4342d18893f81f4cd9163fca5e9ea9a08f1b8b6e
Diffstat (limited to 'secure_fw/partitions')
-rw-r--r-- | secure_fw/partitions/initial_attestation/attest_core.c | 43 | ||||
-rw-r--r-- | secure_fw/partitions/initial_attestation/attest_iat_defines.h | 8 |
2 files changed, 26 insertions, 25 deletions
diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c index 84e456175e..4a74950c42 100644 --- a/secure_fw/partitions/initial_attestation/attest_core.c +++ b/secure_fw/partitions/initial_attestation/attest_core.c @@ -402,7 +402,7 @@ attest_add_instance_id_claim(struct attest_token_encode_ctx *token_ctx) } attest_token_encode_add_bstr(token_ctx, - IAT_UEID, + IAT_INSTANCE_ID, &claim_value); return PSA_ATTEST_ERR_SUCCESS; @@ -512,20 +512,20 @@ attest_add_security_lifecycle_claim(struct attest_token_encode_ctx *token_ctx) } /*! - * \brief Static function to add challenge claim to attestation token. + * \brief Static function to add the nonce claim to attestation token. * * \param[in] token_ctx Token encoding context - * \param[in] challenge Pointer to buffer which stores the challenge + * \param[in] nonce Pointer to buffer which stores the challenge * * \return Returns error code as specified in \ref psa_attest_err_t */ static enum psa_attest_err_t -attest_add_challenge_claim(struct attest_token_encode_ctx *token_ctx, - const struct q_useful_buf_c *challenge) +attest_add_nonce_claim(struct attest_token_encode_ctx *token_ctx, + const struct q_useful_buf_c *nonce) { attest_token_encode_add_bstr(token_ctx, - IAT_CHALLENGE, - challenge); + IAT_NONCE, + nonce); return PSA_ATTEST_ERR_SUCCESS; } @@ -555,7 +555,7 @@ attest_add_verification_service(struct attest_token_encode_ctx *token_ctx) service.ptr = &buf; service.len = size; attest_token_encode_add_tstr(token_ctx, - IAT_ORIGINATION, + IAT_VERIFICATION_SERVICE, &service); return PSA_ATTEST_ERR_SUCCESS; @@ -591,27 +591,28 @@ attest_add_profile_definition(struct attest_token_encode_ctx *token_ctx) } /*! - * \brief Static function to add hardware version claim to attestation token. + * \brief Static function to add certification reference claim to attestation + * token. * * \param[in] token_ctx Token encoding context * * \return Returns error code as specified in \ref psa_attest_err_t */ static enum psa_attest_err_t -attest_add_hw_version_claim(struct attest_token_encode_ctx *token_ctx) +attest_add_cert_ref_claim(struct attest_token_encode_ctx *token_ctx) { - uint8_t hw_version[HW_VERSION_MAX_SIZE]; + uint8_t buf[CERTIFICATION_REF_MAX_SIZE]; enum tfm_plat_err_t res_plat; - uint32_t size = sizeof(hw_version); + uint32_t size = sizeof(buf); struct q_useful_buf_c claim_value = {0}; uint16_t tlv_len; uint8_t *tlv_ptr = NULL; int32_t found = 0; - /* First look up HW version in boot status, it might comes - * from bootloader + /* First look up the certification reference in the boot status, it might + * comes from the bootloader. */ - found = attest_get_tlv_by_id(HW_VERSION, &tlv_len, &tlv_ptr); + found = attest_get_tlv_by_id(CERT_REF, &tlv_len, &tlv_ptr); if (found == 1) { claim_value.ptr = tlv_ptr + SHARED_DATA_ENTRY_HEADER_SIZE; claim_value.len = tlv_len; @@ -619,16 +620,16 @@ attest_add_hw_version_claim(struct attest_token_encode_ctx *token_ctx) /* If not found in boot status then use callback function to get it * from runtime SW */ - res_plat = tfm_plat_get_hw_version(&size, hw_version); + res_plat = tfm_plat_get_cert_ref(&size, buf); if (res_plat != TFM_PLAT_ERR_SUCCESS) { return PSA_ATTEST_ERR_CLAIM_UNAVAILABLE; } - claim_value.ptr = hw_version; + claim_value.ptr = buf; claim_value.len = size; } attest_token_encode_add_tstr(token_ctx, - IAT_HW_VERSION, + IAT_CERTIFICATION_REFERENCE, &claim_value); return PSA_ATTEST_ERR_SUCCESS; @@ -758,8 +759,8 @@ attest_create_token(struct q_useful_buf_c *challenge, goto error; } - attest_err = attest_add_challenge_claim(&attest_token_ctx, - challenge); + attest_err = attest_add_nonce_claim(&attest_token_ctx, + challenge); if (attest_err != PSA_ATTEST_ERR_SUCCESS) { goto error; } @@ -808,7 +809,7 @@ attest_create_token(struct q_useful_buf_c *challenge, goto error; } - attest_err = attest_add_hw_version_claim(&attest_token_ctx); + attest_err = attest_add_cert_ref_claim(&attest_token_ctx); if (attest_err != PSA_ATTEST_ERR_SUCCESS) { goto error; } diff --git a/secure_fw/partitions/initial_attestation/attest_iat_defines.h b/secure_fw/partitions/initial_attestation/attest_iat_defines.h index ef25cb48ba..45eb601974 100644 --- a/secure_fw/partitions/initial_attestation/attest_iat_defines.h +++ b/secure_fw/partitions/initial_attestation/attest_iat_defines.h @@ -18,12 +18,12 @@ extern "C" { #define IAT_SECURITY_LIFECYCLE (IAT_ARM_RANGE_BASE - 2) #define IAT_IMPLEMENTATION_ID (IAT_ARM_RANGE_BASE - 3) #define IAT_BOOT_SEED (IAT_ARM_RANGE_BASE - 4) -#define IAT_HW_VERSION (IAT_ARM_RANGE_BASE - 5) +#define IAT_CERTIFICATION_REFERENCE (IAT_ARM_RANGE_BASE - 5) #define IAT_SW_COMPONENTS (IAT_ARM_RANGE_BASE - 6) #define IAT_NO_SW_COMPONENTS (IAT_ARM_RANGE_BASE - 7) -#define IAT_CHALLENGE (IAT_ARM_RANGE_BASE - 8) -#define IAT_UEID (IAT_ARM_RANGE_BASE - 9) -#define IAT_ORIGINATION (IAT_ARM_RANGE_BASE - 10) +#define IAT_NONCE (IAT_ARM_RANGE_BASE - 8) +#define IAT_INSTANCE_ID (IAT_ARM_RANGE_BASE - 9) +#define IAT_VERIFICATION_SERVICE (IAT_ARM_RANGE_BASE - 10) #define IAT_SW_COMPONENT_MEASUREMENT_TYPE (1) #define IAT_SW_COMPONENT_MEASUREMENT_VALUE (2) |