Attest: Update challenge size verification
Challenge is defined as hash of input data, therefore only
challenge objects with discrete size (32, 48, 64 bytes)
is allowed.
Change-Id: I0fe1b352849e6689313625ca3d397c58dddbced2
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/interface/include/psa_initial_attestation_api.h b/interface/include/psa_initial_attestation_api.h
index 9c0c162..f4c9599 100644
--- a/interface/include/psa_initial_attestation_api.h
+++ b/interface/include/psa_initial_attestation_api.h
@@ -69,8 +69,6 @@
#define PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48 (48u)
#define PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64 (64u)
-#define PSA_INITIAL_ATTEST_MAX_CHALLENGE_SIZE (64u)
-
/**
* The list of fixed claims in the initial attestation token is still evolving,
* you can expect slight changes in the future.
diff --git a/secure_fw/services/initial_attestation/attestation_core.c b/secure_fw/services/initial_attestation/attestation_core.c
index b2cc98e..c167342 100644
--- a/secure_fw/services/initial_attestation/attestation_core.c
+++ b/secure_fw/services/initial_attestation/attestation_core.c
@@ -548,6 +548,30 @@
return tlv_header->tlv_tot_len;
}
+/*!
+ * \brief Static function to verify the input challenge size
+ *
+ * Only discrete sizes are accepted.
+ *
+ * \param[in] challenge_size Size of challenge object in bytes.
+ *
+ * \retval PSA_ATTEST_ERR_SUCCESS
+ * \retval PSA_ATTEST_ERR_INVALID_INPUT
+ */
+static enum psa_attest_err_t attest_verify_challenge_size(size_t challenge_size)
+{
+ switch (challenge_size) {
+ /* Intentional fall through */
+ case PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32:
+ case PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48:
+ case PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64:
+ case (PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32 + 4): /* Test purpose */
+ return PSA_ATTEST_ERR_SUCCESS;
+ }
+
+ return PSA_ATTEST_ERR_INVALID_INPUT;
+}
+
/* Initial implementation of attestation service:
* - data is TLV encoded
* - token is not signed yet
@@ -566,18 +590,17 @@
uint8_t *token_buf = (uint8_t *)out_vec[0].base;
size_t *token_buf_size = &(out_vec[0].len);
- if (challenge_buf_size > PSA_INITIAL_ATTEST_MAX_CHALLENGE_SIZE) {
- return PSA_ATTEST_ERR_INVALID_INPUT;
+ attest_err = attest_verify_challenge_size(challenge_buf_size);
+ if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
+ goto error;
}
- if (challenge_buf_size > 0) {
- tfm_err = tfm_core_memory_permission_check((void *)challenge_buf,
- challenge_buf_size,
- TFM_MEMORY_ACCESS_RO);
- if (tfm_err != TFM_SUCCESS) {
- attest_err = PSA_ATTEST_ERR_INVALID_INPUT;
- goto error;
- }
+ tfm_err = tfm_core_memory_permission_check((void *)challenge_buf,
+ challenge_buf_size,
+ TFM_MEMORY_ACCESS_RO);
+ if (tfm_err != TFM_SUCCESS) {
+ attest_err = PSA_ATTEST_ERR_INVALID_INPUT;
+ goto error;
}
tfm_err = tfm_core_memory_permission_check(token_buf,
@@ -624,14 +647,12 @@
}
#endif
- if (challenge_buf_size > 0) {
- attest_err = attest_add_challenge_claim(challenge_buf_size,
- challenge_buf,
- *token_buf_size,
- token_buf);
- if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
- goto error;
- }
+ attest_err = attest_add_challenge_claim(challenge_buf_size,
+ challenge_buf,
+ *token_buf_size,
+ token_buf);
+ if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
+ goto error;
}
attest_err = attest_add_caller_id_claim(*token_buf_size, token_buf);
@@ -658,13 +679,22 @@
initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec)
{
+ enum psa_attest_err_t attest_err = PSA_ATTEST_ERR_SUCCESS;
+ uint32_t challenge_size = *(uint32_t *)in_vec[0].base;
uint32_t *token_buf_size = (uint32_t *)out_vec[0].base;
if (out_vec[0].len < sizeof(uint32_t)) {
- return PSA_ATTEST_ERR_INVALID_INPUT;
+ attest_err = PSA_ATTEST_ERR_INVALID_INPUT;
+ goto error;
+ }
+
+ attest_err = attest_verify_challenge_size(challenge_size);
+ if (attest_err != PSA_ATTEST_ERR_SUCCESS) {
+ goto error;
}
*token_buf_size = PSA_INITIAL_ATTEST_TOKEN_SIZE;
- return PSA_ATTEST_ERR_SUCCESS;
+error:
+ return attest_err;
}
diff --git a/test/suites/attestation/attestation_tests_common.h b/test/suites/attestation/attestation_tests_common.h
index d9f03ff..be85a69 100644
--- a/test/suites/attestation/attestation_tests_common.h
+++ b/test/suites/attestation/attestation_tests_common.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -34,14 +34,14 @@
*
* \brief Size of challenge object in bytes used for test.
*/
-#define TEST_CHALLENGE_OBJ_SIZE (16u)
+#define TEST_CHALLENGE_OBJ_SIZE (32u)
/*!
- * \def TOO_BIG_CHALLENGE_OBJECT
+ * \def INVALID_CHALLENGE_OBJECT_SIZE
*
- * \brief Size of challenge object that is bigger than it is allowed.
+ * \brief Size of challenge object that is
*/
-#define TOO_BIG_CHALLENGE_OBJECT (PSA_INITIAL_ATTEST_MAX_CHALLENGE_SIZE + 1)
+#define INVALID_CHALLENGE_OBJECT_SIZE (PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32 + 1)
/*!
* \def CHALLENGE_FOR_TEST
@@ -50,9 +50,9 @@
* generation is not supported on secure side.
*/
#define CHALLENGE_FOR_TEST 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, \
- 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF
-
-
+ 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, \
+ 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, \
+ 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xEE, 0xEE, 0xEF,
#ifdef __cplusplus
}
diff --git a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
index f09e5e4..81ca06a 100644
--- a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
+++ b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
@@ -300,7 +300,7 @@
/* Call with with bigger challenge object than allowed */
err = psa_initial_attest_get_token(challenge_buffer,
- TOO_BIG_CHALLENGE_OBJECT,
+ INVALID_CHALLENGE_OBJECT_SIZE,
token_buffer,
&token_size);