aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Hall <julian.hall@arm.com>2021-05-11 11:31:37 +0100
committerGyorgy Szing <Gyorgy.Szing@arm.com>2021-07-05 12:43:45 +0200
commit827d4474a109ee1a72173c5bfdf039fb361667f1 (patch)
tree77d26af7b1da16314e64051473e076cad0d12797
parent1d31302bc4a299648e331a024d24d524cc71e62a (diff)
downloadtrusted-services-827d4474a109ee1a72173c5bfdf039fb361667f1.tar.gz
Add t_cose library as external component
To support signing of cbor encoded attestation reports, the t_cose library has been added as an external component. To verify the external component, it has been included in the component-test build. Signed-off-by: Julian Hall <julian.hall@arm.com> Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com> Change-Id: I1cff695b1efd01090be1e51b769f7615703d5184
-rw-r--r--components/service/attestation/reporter/attestation_report.h2
-rw-r--r--components/service/attestation/reporter/psa/attestation_report.c4
-rw-r--r--deployments/component-test/component-test.cmake4
-rw-r--r--external/MbedTLS/MbedTLS.cmake3
-rw-r--r--external/t_cose/0001-add-install-definition.patch37
-rw-r--r--external/t_cose/t_cose.cmake84
6 files changed, 131 insertions, 3 deletions
diff --git a/components/service/attestation/reporter/attestation_report.h b/components/service/attestation/reporter/attestation_report.h
index aa70b59..3b51af2 100644
--- a/components/service/attestation/reporter/attestation_report.h
+++ b/components/service/attestation/reporter/attestation_report.h
@@ -21,7 +21,7 @@ extern "C" {
* Using the view of the security state of the device provided by
* the claims_register, a signed attestation report is created. On
* success, a buffer is allocated for the serialized report. The buffer
- * must be freed by calling attestation_reporter_destroy().
+ * must be freed by calling attestation_report_destroy().
*
* \param[in] client_id The requesting client id
* \param[in] auth_challenge_data The auth challenge from the requester
diff --git a/components/service/attestation/reporter/psa/attestation_report.c b/components/service/attestation/reporter/psa/attestation_report.c
index 87454a6..ed34307 100644
--- a/components/service/attestation/reporter/psa/attestation_report.c
+++ b/components/service/attestation/reporter/psa/attestation_report.c
@@ -6,8 +6,8 @@
/**
* An attestation reporter that creates PSA compliant attestation
- * reports. The report content is specified by theh PSA Attestation
- * specification. Reports are serialized usingg CBOR and signed using
+ * reports. The report content is specified by the PSA Attestation
+ * specification. Reports are serialized using CBOR and signed using
* COSE.
*/
diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index e731538..8f5610b 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake
@@ -104,6 +104,10 @@ target_link_libraries(component-test PRIVATE mbedcrypto)
include(${TS_ROOT}/external/qcbor/qcbor.cmake)
target_link_libraries(component-test PRIVATE qcbor)
+# t_cose
+include(${TS_ROOT}/external/t_cose/t_cose.cmake)
+target_link_libraries(component-test PRIVATE t_cose)
+
#-------------------------------------------------------------------------------
# Define install content.
#
diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
index 369b2d1..6e86e84 100644
--- a/external/MbedTLS/MbedTLS.cmake
+++ b/external/MbedTLS/MbedTLS.cmake
@@ -45,6 +45,9 @@ endif()
#Configure Mbed TLS to build only mbedcrypto lib
execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${mbedtls_SOURCE_DIR})
+# Advertise Mbed TLS as the provider of the psa crypto API
+set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_PATH}/include" CACHE STRING "PSA Crypto API include path")
+
#Configure the library
if(NOT CMAKE_CROSSCOMPILING)
execute_process(COMMAND
diff --git a/external/t_cose/0001-add-install-definition.patch b/external/t_cose/0001-add-install-definition.patch
new file mode 100644
index 0000000..fcff3b0
--- /dev/null
+++ b/external/t_cose/0001-add-install-definition.patch
@@ -0,0 +1,37 @@
+From 908eee07cd6b27fd69ac7dc969950e6c5b36c14d Mon Sep 17 00:00:00 2001
+From: Gyorgy Szing <Gyorgy.Szing@arm.com>
+Date: Mon, 5 Jul 2021 00:33:59 +0000
+Subject: [PATCH 1/1] Add install definition
++
++Add install() calls to define stable way to access build artifacts.
+
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+---
+ CMakeLists.txt | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 0b01d8b..343b325 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -31,4 +31,17 @@ else()
+
+ endif()
+
++file(GLOB_RECURSE _t_cose_headers LIST_DIRECTORIES false "${CMAKE_CURRENT_SOURCE_DIR}/inc/*.h")
++set_property(TARGET t_cose APPEND PROPERTY PUBLIC_HEADER ${_t_cose_headers})
++
++install(
++ TARGETS
++ t_cose
++ ARCHIVE DESTINATION
++ lib
++ PUBLIC_HEADER DESTINATION
++ include/t_cose
++ COMPONENT
++ t_cose
++)
+
+--
+2.17.1
+
diff --git a/external/t_cose/t_cose.cmake b/external/t_cose/t_cose.cmake
new file mode 100644
index 0000000..3fd8061
--- /dev/null
+++ b/external/t_cose/t_cose.cmake
@@ -0,0 +1,84 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+# t_cose is a library for signing CBOR tokens using COSE_Sign1
+#-------------------------------------------------------------------------------
+
+# External component details
+set(T_COSE_URL "https://github.com/laurencelundblade/t_cose.git" CACHE STRING "t_cose repository URL")
+set(T_COSE_REFSPEC "master" CACHE STRING "t_cose git refspec")
+set(T_COSE_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/t_cose_install" CACHE PATH "t_cose installation directory")
+set(T_COSE_PACKAGE_PATH "${T_COSE_INSTALL_PATH}/libt_cose/cmake" CACHE PATH "t_cose CMake package directory")
+
+include(FetchContent)
+
+# Checking git
+find_program(GIT_COMMAND "git")
+if (NOT GIT_COMMAND)
+ message(FATAL_ERROR "Please install git")
+endif()
+
+# Fetching t_cose
+FetchContent_Declare(
+ t_cose
+ GIT_REPOSITORY ${T_COSE_URL}
+ GIT_TAG ${T_COSE_REFSPEC}
+ GIT_SHALLOW TRUE
+
+ PATCH_COMMAND git stash
+ COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-add-install-definition.patch
+ COMMAND git reset HEAD~1
+
+)
+
+# FetchContent_GetProperties exports t_cose_SOURCE_DIR and t_cose_BINARY_DIR variables
+FetchContent_GetProperties(t_cose)
+if(NOT t_cose_POPULATED)
+ message(STATUS "Fetching t_cose")
+ FetchContent_Populate(t_cose)
+endif()
+
+# Prepare include paths for dependencie that t_codse has on external components
+get_target_property(_qcbor_inc qcbor INTERFACE_INCLUDE_DIRECTORIES)
+set(_ext_inc_paths
+ ${_qcbor_inc}
+ ${PSA_CRYPTO_API_INCLUDE})
+
+string(REPLACE ";" "\\;" _ext_inc_paths "${_ext_inc_paths}")
+
+# Configure the t_cose library
+execute_process(COMMAND
+${CMAKE_COMMAND}
+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
+ -Dthirdparty_inc=${_ext_inc_paths}
+ -DCMAKE_INSTALL_PREFIX=${T_COSE_INSTALL_PATH}
+ -DMBEDTLS=On
+ -GUnix\ Makefiles
+ ${t_cose_SOURCE_DIR}
+WORKING_DIRECTORY
+ ${t_cose_BINARY_DIR}
+)
+
+# Build the library
+execute_process(COMMAND
+ ${CMAKE_COMMAND} --build ${t_cose_BINARY_DIR} -j8
+ RESULT_VARIABLE _exec_error
+ )
+if (_exec_error)
+ message(FATAL_ERROR "Build step of t_cose failed with ${_exec_error}.")
+endif()
+
+execute_process(COMMAND
+ ${CMAKE_COMMAND} --install ${t_cose_BINARY_DIR}
+ RESULT_VARIABLE _exec_error
+ )
+if (_exec_error)
+ message(FATAL_ERROR "Build step of t_cose failed with ${_exec_error}.")
+endif()
+
+# Create an imported target to have clean abstraction in the build-system.
+add_library(t_cose STATIC IMPORTED)
+set_property(TARGET t_cose PROPERTY IMPORTED_LOCATION "${T_COSE_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}t_cose${CMAKE_STATIC_LIBRARY_SUFFIX}")
+set_property(TARGET t_cose PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${T_COSE_INSTALL_PATH}/include")