Platform: Rename device ID to be aligned with PSA SM
Details:
- Rename device ID to instance ID to be aligned with PSA
Security Model (PSA SM)
- Modify dummy implementation to use the hash of attestation
public key as instance ID
- Update relevant functions and defines in initial
attestation service and in its test suite
Change-Id: Icd7f3666b7ee02e4890736441fc4b233987b9979
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/platform/ext/target/mps2/an519/dummy_device_id.c b/platform/ext/target/mps2/an519/dummy_device_id.c
index f7bbfe0..9faf71d 100644
--- a/platform/ext/target/mps2/an519/dummy_device_id.c
+++ b/platform/ext/target/mps2/an519/dummy_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 ARM Limited
+ * Copyright (c) 2018-2019 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,41 +15,56 @@
*/
#include "platform/include/tfm_plat_device_id.h"
-
-/*!
- * \def DEVICE_ID_SIZE
- *
- * \brief Size of device ID in bytes
+#include <stddef.h>
+/*
+ * NOTE: Functions in this file must be ported per target platform.
*/
-#define DEVICE_ID_SIZE (16)
-/*!
- * \def DEVICE_ID
+extern const uint8_t initial_attestation_raw_public_key_hash[];
+extern const uint32_t initial_attestation_raw_public_key_hash_size;
+
+
+/**
+ * \brief Copy the device specific ID to the destination buffer
*
- * \brief Fixed value for device ID.
+ * \param[out] p_dst Pointer to buffer where to store ID
+ * \param[in] p_src Pointer to the ID
+ * \param[in] size Length of the ID
*/
-#define DEVICE_ID 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, \
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-
-static const uint8_t device_id[DEVICE_ID_SIZE] = {DEVICE_ID};
-
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf)
+static inline void copy_id(uint8_t *p_dst, const uint8_t *p_src, size_t size)
{
- /* FixMe: This getter function must be ported per target platform. */
-
uint32_t i;
- uint8_t *p_dst = buf;
- const uint8_t *p_src = device_id;
- if (size < DEVICE_ID_SIZE) {
- return -1;
- }
-
- for (i = DEVICE_ID_SIZE; i > 0; i--) {
+ for (i = size; i > 0; i--) {
*p_dst = *p_src;
p_src++;
p_dst++;
}
+}
- return DEVICE_ID_SIZE;
+/**
+ * Instance ID is mapped to EAT Universal Entity ID (UEID)
+ * This implementation creates the instance ID as follows:
+ * - byte 0: 0x01 indicates the type of UEID to be GUID
+ * - byte 1-32: Hash of attestation public key. Public key is hashed in raw
+ * format without any encoding.
+ */
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf)
+{
+ uint8_t *p_dst;
+ const uint8_t *p_src = initial_attestation_raw_public_key_hash;
+
+ if (*size < INSTANCE_ID_MAX_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ buf[0] = 0x01; /* First byte is type byte: 0x01 indicates GUID */
+ p_dst = &buf[1];
+
+ copy_id(p_dst, p_src, initial_attestation_raw_public_key_hash_size);
+
+ /* Instance ID size: 1 type byte + size of public key hash */
+ *size = initial_attestation_raw_public_key_hash_size + 1;
+
+ return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/ext/target/mps2/an521/dummy_device_id.c b/platform/ext/target/mps2/an521/dummy_device_id.c
index f7bbfe0..9faf71d 100644
--- a/platform/ext/target/mps2/an521/dummy_device_id.c
+++ b/platform/ext/target/mps2/an521/dummy_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 ARM Limited
+ * Copyright (c) 2018-2019 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,41 +15,56 @@
*/
#include "platform/include/tfm_plat_device_id.h"
-
-/*!
- * \def DEVICE_ID_SIZE
- *
- * \brief Size of device ID in bytes
+#include <stddef.h>
+/*
+ * NOTE: Functions in this file must be ported per target platform.
*/
-#define DEVICE_ID_SIZE (16)
-/*!
- * \def DEVICE_ID
+extern const uint8_t initial_attestation_raw_public_key_hash[];
+extern const uint32_t initial_attestation_raw_public_key_hash_size;
+
+
+/**
+ * \brief Copy the device specific ID to the destination buffer
*
- * \brief Fixed value for device ID.
+ * \param[out] p_dst Pointer to buffer where to store ID
+ * \param[in] p_src Pointer to the ID
+ * \param[in] size Length of the ID
*/
-#define DEVICE_ID 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, \
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-
-static const uint8_t device_id[DEVICE_ID_SIZE] = {DEVICE_ID};
-
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf)
+static inline void copy_id(uint8_t *p_dst, const uint8_t *p_src, size_t size)
{
- /* FixMe: This getter function must be ported per target platform. */
-
uint32_t i;
- uint8_t *p_dst = buf;
- const uint8_t *p_src = device_id;
- if (size < DEVICE_ID_SIZE) {
- return -1;
- }
-
- for (i = DEVICE_ID_SIZE; i > 0; i--) {
+ for (i = size; i > 0; i--) {
*p_dst = *p_src;
p_src++;
p_dst++;
}
+}
- return DEVICE_ID_SIZE;
+/**
+ * Instance ID is mapped to EAT Universal Entity ID (UEID)
+ * This implementation creates the instance ID as follows:
+ * - byte 0: 0x01 indicates the type of UEID to be GUID
+ * - byte 1-32: Hash of attestation public key. Public key is hashed in raw
+ * format without any encoding.
+ */
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf)
+{
+ uint8_t *p_dst;
+ const uint8_t *p_src = initial_attestation_raw_public_key_hash;
+
+ if (*size < INSTANCE_ID_MAX_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ buf[0] = 0x01; /* First byte is type byte: 0x01 indicates GUID */
+ p_dst = &buf[1];
+
+ copy_id(p_dst, p_src, initial_attestation_raw_public_key_hash_size);
+
+ /* Instance ID size: 1 type byte + size of public key hash */
+ *size = initial_attestation_raw_public_key_hash_size + 1;
+
+ return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/ext/target/musca_a/dummy_device_id.c b/platform/ext/target/musca_a/dummy_device_id.c
index f7bbfe0..9faf71d 100644
--- a/platform/ext/target/musca_a/dummy_device_id.c
+++ b/platform/ext/target/musca_a/dummy_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 ARM Limited
+ * Copyright (c) 2018-2019 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,41 +15,56 @@
*/
#include "platform/include/tfm_plat_device_id.h"
-
-/*!
- * \def DEVICE_ID_SIZE
- *
- * \brief Size of device ID in bytes
+#include <stddef.h>
+/*
+ * NOTE: Functions in this file must be ported per target platform.
*/
-#define DEVICE_ID_SIZE (16)
-/*!
- * \def DEVICE_ID
+extern const uint8_t initial_attestation_raw_public_key_hash[];
+extern const uint32_t initial_attestation_raw_public_key_hash_size;
+
+
+/**
+ * \brief Copy the device specific ID to the destination buffer
*
- * \brief Fixed value for device ID.
+ * \param[out] p_dst Pointer to buffer where to store ID
+ * \param[in] p_src Pointer to the ID
+ * \param[in] size Length of the ID
*/
-#define DEVICE_ID 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, \
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-
-static const uint8_t device_id[DEVICE_ID_SIZE] = {DEVICE_ID};
-
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf)
+static inline void copy_id(uint8_t *p_dst, const uint8_t *p_src, size_t size)
{
- /* FixMe: This getter function must be ported per target platform. */
-
uint32_t i;
- uint8_t *p_dst = buf;
- const uint8_t *p_src = device_id;
- if (size < DEVICE_ID_SIZE) {
- return -1;
- }
-
- for (i = DEVICE_ID_SIZE; i > 0; i--) {
+ for (i = size; i > 0; i--) {
*p_dst = *p_src;
p_src++;
p_dst++;
}
+}
- return DEVICE_ID_SIZE;
+/**
+ * Instance ID is mapped to EAT Universal Entity ID (UEID)
+ * This implementation creates the instance ID as follows:
+ * - byte 0: 0x01 indicates the type of UEID to be GUID
+ * - byte 1-32: Hash of attestation public key. Public key is hashed in raw
+ * format without any encoding.
+ */
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf)
+{
+ uint8_t *p_dst;
+ const uint8_t *p_src = initial_attestation_raw_public_key_hash;
+
+ if (*size < INSTANCE_ID_MAX_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ buf[0] = 0x01; /* First byte is type byte: 0x01 indicates GUID */
+ p_dst = &buf[1];
+
+ copy_id(p_dst, p_src, initial_attestation_raw_public_key_hash_size);
+
+ /* Instance ID size: 1 type byte + size of public key hash */
+ *size = initial_attestation_raw_public_key_hash_size + 1;
+
+ return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/ext/target/musca_b1/dummy_device_id.c b/platform/ext/target/musca_b1/dummy_device_id.c
index f7bbfe0..9faf71d 100644
--- a/platform/ext/target/musca_b1/dummy_device_id.c
+++ b/platform/ext/target/musca_b1/dummy_device_id.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 ARM Limited
+ * Copyright (c) 2018-2019 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,41 +15,56 @@
*/
#include "platform/include/tfm_plat_device_id.h"
-
-/*!
- * \def DEVICE_ID_SIZE
- *
- * \brief Size of device ID in bytes
+#include <stddef.h>
+/*
+ * NOTE: Functions in this file must be ported per target platform.
*/
-#define DEVICE_ID_SIZE (16)
-/*!
- * \def DEVICE_ID
+extern const uint8_t initial_attestation_raw_public_key_hash[];
+extern const uint32_t initial_attestation_raw_public_key_hash_size;
+
+
+/**
+ * \brief Copy the device specific ID to the destination buffer
*
- * \brief Fixed value for device ID.
+ * \param[out] p_dst Pointer to buffer where to store ID
+ * \param[in] p_src Pointer to the ID
+ * \param[in] size Length of the ID
*/
-#define DEVICE_ID 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, \
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-
-static const uint8_t device_id[DEVICE_ID_SIZE] = {DEVICE_ID};
-
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf)
+static inline void copy_id(uint8_t *p_dst, const uint8_t *p_src, size_t size)
{
- /* FixMe: This getter function must be ported per target platform. */
-
uint32_t i;
- uint8_t *p_dst = buf;
- const uint8_t *p_src = device_id;
- if (size < DEVICE_ID_SIZE) {
- return -1;
- }
-
- for (i = DEVICE_ID_SIZE; i > 0; i--) {
+ for (i = size; i > 0; i--) {
*p_dst = *p_src;
p_src++;
p_dst++;
}
+}
- return DEVICE_ID_SIZE;
+/**
+ * Instance ID is mapped to EAT Universal Entity ID (UEID)
+ * This implementation creates the instance ID as follows:
+ * - byte 0: 0x01 indicates the type of UEID to be GUID
+ * - byte 1-32: Hash of attestation public key. Public key is hashed in raw
+ * format without any encoding.
+ */
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf)
+{
+ uint8_t *p_dst;
+ const uint8_t *p_src = initial_attestation_raw_public_key_hash;
+
+ if (*size < INSTANCE_ID_MAX_SIZE) {
+ return TFM_PLAT_ERR_SYSTEM_ERR;
+ }
+
+ buf[0] = 0x01; /* First byte is type byte: 0x01 indicates GUID */
+ p_dst = &buf[1];
+
+ copy_id(p_dst, p_src, initial_attestation_raw_public_key_hash_size);
+
+ /* Instance ID size: 1 type byte + size of public key hash */
+ *size = initial_attestation_raw_public_key_hash_size + 1;
+
+ return TFM_PLAT_ERR_SUCCESS;
}
diff --git a/platform/include/tfm_plat_device_id.h b/platform/include/tfm_plat_device_id.h
index eb7d1ba..cbf8338 100644
--- a/platform/include/tfm_plat_device_id.h
+++ b/platform/include/tfm_plat_device_id.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -9,10 +9,10 @@
#define __TFM_PLAT_DEVICE_ID_H__
/**
* \file tfm_plat_device_id.h
- * Provide the Universal Entity ID (UEID) of the device.
- * It identifies the entire device or a submodule or subsystem. Must be
- * universally and globally unique and immutable. Variable length with a
- * maximum size of 33 bytes: 1 type byte and 256 bits.
+ *
+ * The interfaces defined in this file are meant to provide the following
+ * attributes of the device:
+ * - Instance ID: Unique identifier of the device.
*/
/**
@@ -28,22 +28,30 @@
#endif
/**
- * \def DEVICE_ID_MAX_SIZE
+ * \def INSTANCE_ID_MAX_SIZE
*
- * \brief Maximum size of device ID in bytes
+ * \brief Maximum size of instance ID in bytes
*/
-#define DEVICE_ID_MAX_SIZE (33u)
+#define INSTANCE_ID_MAX_SIZE (33u)
/**
* \brief Get the UEID of the device.
*
- * \param[in] size The size of the buffer in bytes to store the UEID
- * \param[out] buf Pointer to the buffer to store the UEID
+ * This mandatory claim represents the unique identifier of the instance.
+ * In the PSA definition is a hash of the public attestation key of the
+ * instance. The claim will be represented by the EAT standard claim UEID
+ * of type GUID. The EAT definition of a GUID type is that it will be between
+ * 128 & 256 bits but this implementation will use the full 256 bits to
+ * accommodate a hash result.
*
- * \return The size of device ID in bytes, if buffer big enough to store the
- * ID, otherwise -1.
+ * \param[in/out] size As an input value it indicates the size of the caller
+ * allocated buffer (in bytes) to store the UEID. At return
+ * its value is updated with the exact size of the UEID.
+ * \param[out] buf Pointer to the buffer to store the UEID
+ *
+ * \return Returns error code specified in \ref tfm_plat_err_t
*/
-int32_t tfm_plat_get_device_id(uint32_t size, uint8_t *buf);
+enum tfm_plat_err_t tfm_plat_get_instance_id(uint32_t *size, uint8_t *buf);
#ifdef __cplusplus
}