Attest: Implement get token size API
Extend the attestation API with the implementation of
psa_initial_attest_get_token_size() function. It is
meant for retrieving the exact size of the initial
attestation token, but current version just returns
a hard coded value.
Replacement of handwritten veneers to the auto-generated
veneers.
Change-Id: Ibc91c6cdaeecec59c4e1f18576783cb55723e9ec
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/secure_fw/ns_callable/CMakeLists.inc b/secure_fw/ns_callable/CMakeLists.inc
index 80561db..a09ff13 100644
--- a/secure_fw/ns_callable/CMakeLists.inc
+++ b/secure_fw/ns_callable/CMakeLists.inc
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+# Copyright (c) 2017-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -27,8 +27,7 @@
"${CMAKE_CURRENT_LIST_DIR}/tfm_sst_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_audit_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_crypto_veneers.c"
- "${CMAKE_CURRENT_LIST_DIR}/tfm_platform_veneers.c"
- "${CMAKE_CURRENT_LIST_DIR}/tfm_initial_attestation_veneers.c")
+ "${CMAKE_CURRENT_LIST_DIR}/tfm_platform_veneers.c")
#Append all our source files to global lists.
list(APPEND ALL_SRC_C ${SS_NS_CALLABLE_C_SRC})
diff --git a/secure_fw/ns_callable/tfm_initial_attestation_veneers.c b/secure_fw/ns_callable/tfm_initial_attestation_veneers.c
deleted file mode 100644
index df154d4..0000000
--- a/secure_fw/ns_callable/tfm_initial_attestation_veneers.c
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "tfm_initial_attestation_veneers.h"
-#include "secure_fw/services/initial_attestation/attestation.h"
-#include "tfm_secure_api.h"
-#include "tfm_api.h"
-#include "spm_partition_defs.h"
-#include "psa_client.h"
-
-__tfm_secure_gateway_attributes__
-enum psa_attest_err_t
-tfm_attest_veneer_get_token(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec)
-{
- TFM_CORE_SFN_REQUEST(TFM_SP_INITIAL_ATTESTATION_ID,
- initial_attest_get_token,
- in_vec, num_invec,
- out_vec, num_outvec);
-}
diff --git a/secure_fw/ns_callable/tfm_veneers.c b/secure_fw/ns_callable/tfm_veneers.c
index c87fe30..ed69b94 100644
--- a/secure_fw/ns_callable/tfm_veneers.c
+++ b/secure_fw/ns_callable/tfm_veneers.c
@@ -47,6 +47,7 @@
/******** TFM_SP_INITIAL_ATTESTATION ********/
psa_status_t initial_attest_get_token(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+psa_status_t initial_attest_get_token_size(struct psa_invec *, size_t, struct psa_outvec *, size_t);
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
@@ -117,6 +118,7 @@
/******** TFM_SP_INITIAL_ATTESTATION ********/
TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_token)
+TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_token_size)
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
diff --git a/secure_fw/services/initial_attestation/attestation.h b/secure_fw/services/initial_attestation/attestation.h
index 10c5a92..78b74ac 100644
--- a/secure_fw/services/initial_attestation/attestation.h
+++ b/secure_fw/services/initial_attestation/attestation.h
@@ -49,7 +49,21 @@
initial_attest_get_token(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec);
-
+/**
+ * \brief Get the size of the initial attestation token
+ *
+ * \param[in] in_vec Pointer to in_vec array, which contains input data
+ * to attestation service
+ * \param[in] num_invec Number of elements in in_vec array
+ * \param[out] out_vec Pointer to out_vec array, which contains pointer
+ * where to store the output data
+ * \param[in] num_outvec Number of elements in out_vec array
+ *
+ * \return Returns error code as specified in \ref psa_attest_err_t
+ */
+enum psa_attest_err_t
+initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
+ psa_outvec *out_vec, uint32_t num_outvec);
#ifdef __cplusplus
}
#endif
diff --git a/secure_fw/services/initial_attestation/attestation_core.c b/secure_fw/services/initial_attestation/attestation_core.c
index 3d33543..fe75674 100644
--- a/secure_fw/services/initial_attestation/attestation_core.c
+++ b/secure_fw/services/initial_attestation/attestation_core.c
@@ -594,3 +594,19 @@
error:
return attest_err;
}
+
+/* Initial implementation, just returns with hard coded value */
+enum psa_attest_err_t
+initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
+ psa_outvec *out_vec, uint32_t num_outvec)
+{
+ uint32_t *token_buf_size = (uint32_t *)out_vec[0].base;
+
+ if (out_vec[0].len < sizeof(uint32_t)) {
+ return PSA_ATTEST_ERR_INVALID_INPUT;
+ }
+
+ *token_buf_size = PSA_INITIAL_ATTEST_TOKEN_SIZE;
+
+ return PSA_ATTEST_ERR_SUCCESS;
+}
diff --git a/secure_fw/services/initial_attestation/manifest.yaml b/secure_fw/services/initial_attestation/manifest.yaml
index bd9889b..b3cf73d 100644
--- a/secure_fw/services/initial_attestation/manifest.yaml
+++ b/secure_fw/services/initial_attestation/manifest.yaml
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -24,6 +24,14 @@
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "strict"
+ },
+ {
+ "sfid": "TFM_ATTEST_GET_TOKEN_SIZE_SFID",
+ "signal": "TFM_ATTEST_GET_TOKEN_SIZE",
+ "tfm_symbol": "initial_attest_get_token_size",
+ "non_secure_clients": true,
+ "minor_version": 1,
+ "minor_policy": "strict"
}
],
"source_files": [
diff --git a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
index 0943de0..4b71974 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
@@ -1,12 +1,12 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include "psa_initial_attestation_api.h"
-#include "tfm_initial_attestation_veneers.h"
+#include "tfm_veneers.h"
#include "secure_utilities.h"
#include "psa_client.h"
#include "tfm_secure_api.h"
@@ -57,7 +57,7 @@
out_vec[0].base = token_buff;
out_vec[0].len = *token_size;
- err = tfm_attest_veneer_get_token(in_vec, 1, out_vec, 1);
+ err = tfm_initial_attest_get_token_veneer(in_vec, 1, out_vec, 1);
if (err != PSA_ATTEST_ERR_SUCCESS) {
return err;
}
@@ -68,3 +68,43 @@
return err;
}
+
+__attribute__((section("SFN")))
+enum psa_attest_err_t
+psa_initial_attest_get_token_size(uint32_t challenge_size,
+ uint32_t *token_size)
+{
+ enum psa_attest_err_t err;
+ struct paramters_t {
+ psa_invec in_vec;
+ uint32_t challenge_size;
+ psa_outvec out_vec;
+ uint32_t token_size;
+ };
+
+ if (tfm_core_set_buffer_area(TFM_BUFFER_SHARE_SCRATCH) != TFM_SUCCESS) {
+ return PSA_ATTEST_ERR_GENERAL;
+ }
+
+ struct paramters_t *param = (struct paramters_t *)tfm_scratch_area;
+ /*
+ * Scratch area layout
+ * ------------------------------------------------------
+ * |in_vec[0] | challenge_size | out_vec[0] | token_size|
+ * ------------------------------------------------------
+ */
+ param->challenge_size = challenge_size;
+ param->in_vec.base = ¶m->challenge_size;
+ param->in_vec.len = sizeof(uint32_t);
+ param->out_vec.base = ¶m->token_size;
+ param->out_vec.len = sizeof(uint32_t);
+
+ err = tfm_initial_attest_get_token_size_veneer(¶m->in_vec, 1,
+ ¶m->out_vec, 1);
+ if (err != PSA_ATTEST_ERR_SUCCESS) {
+ return err;
+ }
+ *token_size = param->token_size;
+
+ return err;
+}
diff --git a/secure_fw/services/tfm_sfid_list.inc b/secure_fw/services/tfm_sfid_list.inc
index 4cc6b0a..8f833bf 100644
--- a/secure_fw/services/tfm_sfid_list.inc
+++ b/secure_fw/services/tfm_sfid_list.inc
@@ -62,6 +62,7 @@
/******** TFM_SP_INITIAL_ATTESTATION ********/
{initial_attest_get_token, TFM_ATTEST_GET_TOKEN_SFID},
+ {initial_attest_get_token_size, TFM_ATTEST_GET_TOKEN_SIZE_SFID},
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/