Attest: Implement get token size API
Extend the attestation API with the implementation of
psa_initial_attest_get_token_size() function. It is
meant for retrieving the exact size of the initial
attestation token, but current version just returns
a hard coded value.
Replacement of handwritten veneers to the auto-generated
veneers.
Change-Id: Ibc91c6cdaeecec59c4e1f18576783cb55723e9ec
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/interface/include/tfm_initial_attestation_veneers.h b/interface/include/tfm_initial_attestation_veneers.h
deleted file mode 100644
index 502ab3e..0000000
--- a/interface/include/tfm_initial_attestation_veneers.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __TFM_INITIAL_ATTESTATION_VENEERS_H__
-#define __TFM_INITIAL_ATTESTATION_VENEERS_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "psa_client.h"
-
-/**
- * \brief Get initial attestation token
- *
- * \param[in] in_vec Pointer to in_vec array, which contains input data
- * to attestation service
- * \param[in] num_invec Number of elements in in_vec array
- * \param[in/out] out_vec Pointer out_vec array, which contains output data
- * to attestation service
- * \param[in] num_outvec Number of elements in out_vec array
- *
- * \return Returns error code as specified in \ref psa_attest_err_t
- */
-enum psa_attest_err_t
-tfm_attest_veneer_get_token(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __TFM_INITIAL_ATTESTATION_VENEERS_H__ */
diff --git a/interface/include/tfm_veneers.h b/interface/include/tfm_veneers.h
index 1e03e08..c238b35 100644
--- a/interface/include/tfm_veneers.h
+++ b/interface/include/tfm_veneers.h
@@ -52,6 +52,7 @@
/******** TFM_SP_INITIAL_ATTESTATION ********/
psa_status_t tfm_initial_attest_get_token_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_initial_attest_get_token_size_veneer(struct psa_invec *in_vec, size_t in_len, struct psa_outvec *out_vec, size_t out_len);
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
diff --git a/interface/src/tfm_initial_attestation_api.c b/interface/src/tfm_initial_attestation_api.c
index b935f34..ae58701 100644
--- a/interface/src/tfm_initial_attestation_api.c
+++ b/interface/src/tfm_initial_attestation_api.c
@@ -1,12 +1,12 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include "psa_initial_attestation_api.h"
-#include "tfm_initial_attestation_veneers.h"
+#include "tfm_veneers.h"
#include "tfm_ns_lock.h"
#include "psa_client.h"
@@ -18,6 +18,7 @@
{
psa_invec in_vec[1];
psa_outvec out_vec[1];
+ uint32_t res;
in_vec[0].base = challenge_obj;
in_vec[0].len = challenge_size;
@@ -25,7 +26,30 @@
out_vec[0].base = token;
out_vec[0].len = *token_size;
- return tfm_ns_lock_dispatch((veneer_fn)tfm_attest_veneer_get_token,
+ res = tfm_ns_lock_dispatch((veneer_fn)tfm_initial_attest_get_token_veneer,
+ (uint32_t)in_vec, 1,
+ (uint32_t)out_vec, 1);
+
+ *token_size = out_vec[0].len;
+
+ return res;
+}
+
+enum psa_attest_err_t
+psa_initial_attest_get_token_size(uint32_t challenge_size,
+ uint32_t *token_size)
+{
+ psa_invec in_vec[1];
+ psa_outvec out_vec[1];
+
+ in_vec[0].base = &challenge_size;
+ in_vec[0].len = sizeof(uint32_t);
+
+ out_vec[0].base = token_size;
+ out_vec[0].len = sizeof(uint32_t);
+
+ return tfm_ns_lock_dispatch((veneer_fn) \
+ tfm_initial_attest_get_token_size_veneer,
(uint32_t)in_vec, 1,
(uint32_t)out_vec, 1);
}
diff --git a/secure_fw/ns_callable/CMakeLists.inc b/secure_fw/ns_callable/CMakeLists.inc
index 80561db..a09ff13 100644
--- a/secure_fw/ns_callable/CMakeLists.inc
+++ b/secure_fw/ns_callable/CMakeLists.inc
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2017-2018, Arm Limited. All rights reserved.
+# Copyright (c) 2017-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -27,8 +27,7 @@
"${CMAKE_CURRENT_LIST_DIR}/tfm_sst_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_audit_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_crypto_veneers.c"
- "${CMAKE_CURRENT_LIST_DIR}/tfm_platform_veneers.c"
- "${CMAKE_CURRENT_LIST_DIR}/tfm_initial_attestation_veneers.c")
+ "${CMAKE_CURRENT_LIST_DIR}/tfm_platform_veneers.c")
#Append all our source files to global lists.
list(APPEND ALL_SRC_C ${SS_NS_CALLABLE_C_SRC})
diff --git a/secure_fw/ns_callable/tfm_initial_attestation_veneers.c b/secure_fw/ns_callable/tfm_initial_attestation_veneers.c
deleted file mode 100644
index df154d4..0000000
--- a/secure_fw/ns_callable/tfm_initial_attestation_veneers.c
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#include "tfm_initial_attestation_veneers.h"
-#include "secure_fw/services/initial_attestation/attestation.h"
-#include "tfm_secure_api.h"
-#include "tfm_api.h"
-#include "spm_partition_defs.h"
-#include "psa_client.h"
-
-__tfm_secure_gateway_attributes__
-enum psa_attest_err_t
-tfm_attest_veneer_get_token(const psa_invec *in_vec, uint32_t num_invec,
- psa_outvec *out_vec, uint32_t num_outvec)
-{
- TFM_CORE_SFN_REQUEST(TFM_SP_INITIAL_ATTESTATION_ID,
- initial_attest_get_token,
- in_vec, num_invec,
- out_vec, num_outvec);
-}
diff --git a/secure_fw/ns_callable/tfm_veneers.c b/secure_fw/ns_callable/tfm_veneers.c
index c87fe30..ed69b94 100644
--- a/secure_fw/ns_callable/tfm_veneers.c
+++ b/secure_fw/ns_callable/tfm_veneers.c
@@ -47,6 +47,7 @@
/******** TFM_SP_INITIAL_ATTESTATION ********/
psa_status_t initial_attest_get_token(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+psa_status_t initial_attest_get_token_size(struct psa_invec *, size_t, struct psa_outvec *, size_t);
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
@@ -117,6 +118,7 @@
/******** TFM_SP_INITIAL_ATTESTATION ********/
TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_token)
+TFM_VENEER_FUNCTION(TFM_SP_INITIAL_ATTESTATION, initial_attest_get_token_size)
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
diff --git a/secure_fw/services/initial_attestation/attestation.h b/secure_fw/services/initial_attestation/attestation.h
index 10c5a92..78b74ac 100644
--- a/secure_fw/services/initial_attestation/attestation.h
+++ b/secure_fw/services/initial_attestation/attestation.h
@@ -49,7 +49,21 @@
initial_attest_get_token(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec);
-
+/**
+ * \brief Get the size of the initial attestation token
+ *
+ * \param[in] in_vec Pointer to in_vec array, which contains input data
+ * to attestation service
+ * \param[in] num_invec Number of elements in in_vec array
+ * \param[out] out_vec Pointer to out_vec array, which contains pointer
+ * where to store the output data
+ * \param[in] num_outvec Number of elements in out_vec array
+ *
+ * \return Returns error code as specified in \ref psa_attest_err_t
+ */
+enum psa_attest_err_t
+initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
+ psa_outvec *out_vec, uint32_t num_outvec);
#ifdef __cplusplus
}
#endif
diff --git a/secure_fw/services/initial_attestation/attestation_core.c b/secure_fw/services/initial_attestation/attestation_core.c
index 3d33543..fe75674 100644
--- a/secure_fw/services/initial_attestation/attestation_core.c
+++ b/secure_fw/services/initial_attestation/attestation_core.c
@@ -594,3 +594,19 @@
error:
return attest_err;
}
+
+/* Initial implementation, just returns with hard coded value */
+enum psa_attest_err_t
+initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
+ psa_outvec *out_vec, uint32_t num_outvec)
+{
+ uint32_t *token_buf_size = (uint32_t *)out_vec[0].base;
+
+ if (out_vec[0].len < sizeof(uint32_t)) {
+ return PSA_ATTEST_ERR_INVALID_INPUT;
+ }
+
+ *token_buf_size = PSA_INITIAL_ATTEST_TOKEN_SIZE;
+
+ return PSA_ATTEST_ERR_SUCCESS;
+}
diff --git a/secure_fw/services/initial_attestation/manifest.yaml b/secure_fw/services/initial_attestation/manifest.yaml
index bd9889b..b3cf73d 100644
--- a/secure_fw/services/initial_attestation/manifest.yaml
+++ b/secure_fw/services/initial_attestation/manifest.yaml
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -24,6 +24,14 @@
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "strict"
+ },
+ {
+ "sfid": "TFM_ATTEST_GET_TOKEN_SIZE_SFID",
+ "signal": "TFM_ATTEST_GET_TOKEN_SIZE",
+ "tfm_symbol": "initial_attest_get_token_size",
+ "non_secure_clients": true,
+ "minor_version": 1,
+ "minor_policy": "strict"
}
],
"source_files": [
diff --git a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
index 0943de0..4b71974 100644
--- a/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
+++ b/secure_fw/services/initial_attestation/tfm_attestation_secure_api.c
@@ -1,12 +1,12 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include "psa_initial_attestation_api.h"
-#include "tfm_initial_attestation_veneers.h"
+#include "tfm_veneers.h"
#include "secure_utilities.h"
#include "psa_client.h"
#include "tfm_secure_api.h"
@@ -57,7 +57,7 @@
out_vec[0].base = token_buff;
out_vec[0].len = *token_size;
- err = tfm_attest_veneer_get_token(in_vec, 1, out_vec, 1);
+ err = tfm_initial_attest_get_token_veneer(in_vec, 1, out_vec, 1);
if (err != PSA_ATTEST_ERR_SUCCESS) {
return err;
}
@@ -68,3 +68,43 @@
return err;
}
+
+__attribute__((section("SFN")))
+enum psa_attest_err_t
+psa_initial_attest_get_token_size(uint32_t challenge_size,
+ uint32_t *token_size)
+{
+ enum psa_attest_err_t err;
+ struct paramters_t {
+ psa_invec in_vec;
+ uint32_t challenge_size;
+ psa_outvec out_vec;
+ uint32_t token_size;
+ };
+
+ if (tfm_core_set_buffer_area(TFM_BUFFER_SHARE_SCRATCH) != TFM_SUCCESS) {
+ return PSA_ATTEST_ERR_GENERAL;
+ }
+
+ struct paramters_t *param = (struct paramters_t *)tfm_scratch_area;
+ /*
+ * Scratch area layout
+ * ------------------------------------------------------
+ * |in_vec[0] | challenge_size | out_vec[0] | token_size|
+ * ------------------------------------------------------
+ */
+ param->challenge_size = challenge_size;
+ param->in_vec.base = ¶m->challenge_size;
+ param->in_vec.len = sizeof(uint32_t);
+ param->out_vec.base = ¶m->token_size;
+ param->out_vec.len = sizeof(uint32_t);
+
+ err = tfm_initial_attest_get_token_size_veneer(¶m->in_vec, 1,
+ ¶m->out_vec, 1);
+ if (err != PSA_ATTEST_ERR_SUCCESS) {
+ return err;
+ }
+ *token_size = param->token_size;
+
+ return err;
+}
diff --git a/secure_fw/services/tfm_sfid_list.inc b/secure_fw/services/tfm_sfid_list.inc
index 4cc6b0a..8f833bf 100644
--- a/secure_fw/services/tfm_sfid_list.inc
+++ b/secure_fw/services/tfm_sfid_list.inc
@@ -62,6 +62,7 @@
/******** TFM_SP_INITIAL_ATTESTATION ********/
{initial_attest_get_token, TFM_ATTEST_GET_TOKEN_SFID},
+ {initial_attest_get_token_size, TFM_ATTEST_GET_TOKEN_SIZE_SFID},
#ifdef TFM_PARTITION_TEST_CORE
/******** TFM_SP_CORE_TEST ********/
diff --git a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
index 69ac958..1615327 100644
--- a/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
+++ b/test/suites/attestation/non_secure/attestation_ns_interface_testsuite.c
@@ -138,7 +138,7 @@
static void tfm_attest_test_1001(struct test_result_t *ret)
{
enum psa_attest_err_t err;
- uint32_t token_size = TEST_TOKEN_SIZE;
+ uint32_t token_size;
uint8_t boot_seed_buffer[BOOT_SEED_SIZE];
uint8_t *tlv_data_ptr;
int32_t caller_id;
@@ -146,6 +146,19 @@
generate_challenge(TEST_CHALLENGE_OBJ_SIZE, challenge_buffer);
+ /* Get attestation token size */
+ err = psa_initial_attest_get_token_size(TEST_CHALLENGE_OBJ_SIZE,
+ &token_size);
+ if (err != PSA_ATTEST_ERR_SUCCESS) {
+ TEST_FAIL("Get token size failed");
+ return;
+ }
+
+ if (token_size != PSA_INITIAL_ATTEST_TOKEN_SIZE) {
+ TEST_FAIL("Token size is faulty");
+ return;
+ }
+
/* Get attestation token */
err = psa_initial_attest_get_token(challenge_buffer,
TEST_CHALLENGE_OBJ_SIZE,
diff --git a/test/suites/attestation/secure/attestation_s_interface_testsuite.c b/test/suites/attestation/secure/attestation_s_interface_testsuite.c
index a0004c0..2a6f906 100644
--- a/test/suites/attestation/secure/attestation_s_interface_testsuite.c
+++ b/test/suites/attestation/secure/attestation_s_interface_testsuite.c
@@ -174,12 +174,25 @@
static void tfm_attest_test_1001(struct test_result_t *ret)
{
enum psa_attest_err_t err;
- uint32_t token_size = TEST_TOKEN_SIZE;
+ uint32_t token_size;
uint8_t boot_seed_buffer[BOOT_SEED_SIZE];
uint8_t *tlv_data_ptr;
int32_t caller_id;
uint32_t res;
+ /* Get attestation token size */
+ err = psa_initial_attest_get_token_size(TEST_CHALLENGE_OBJ_SIZE,
+ &token_size);
+ if (err != PSA_ATTEST_ERR_SUCCESS) {
+ TEST_FAIL("Get token size failed");
+ return;
+ }
+
+ if (token_size != PSA_INITIAL_ATTEST_TOKEN_SIZE) {
+ TEST_FAIL("Token size is faulty");
+ return;
+ }
+
/* Get attestation token
* FixMe: Hard coded challenge is used, because currently there is no
* support for random source(RNG, rand(), etc.) on secure side.