Add components for attestation service
In preparation for implementing the attestation service provider,
building block components have been add. This includes the
service access protocol definition, an external cbor library,
generic claim model and a concrete claim source for extracting
claims from a TCG event log.
This commit contains derived work, the following files are copied
from other projects:
components/service/attestation/claims/sources/event_log/tcg.h
Origin:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git
include/drivers/measured_boot/tcg.h
#a5394205e94b70faf7ddd34841528ec631711d1a
components/service/attestation/include/psa/initial_attestation.h
Origin:
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git
interface/include/psa/initial_attestation.h
#9280ae9d898bffbb889e4796e51aab35a392ef82
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I5ed3e4ef7111a19b29643538ef3c47b3b6e1dd5c
diff --git a/protocols/service/attestation/packed-c/eat.h b/protocols/service/attestation/packed-c/eat.h
new file mode 100644
index 0000000..a5ed312
--- /dev/null
+++ b/protocols/service/attestation/packed-c/eat.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/**
+ * EAT (Entity Attestion Token) definitions used in the PSA attestation
+ * report.
+ */
+
+#ifndef PROTOCOLS_ATTESTATION_EAT
+#define PROTOCOLS_ATTESTATION_EAT
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * PSA custom EAT claim IDs
+ */
+#define EAT_ARM_PSA_CLAIM_ID_BASE (-75000)
+#define EAT_ARM_PSA_CLAIM_ID_PROFILE_DEFINITION (EAT_ARM_PSA_CLAIM_ID_BASE - 0)
+#define EAT_ARM_PSA_CLAIM_ID_CLIENT_ID (EAT_ARM_PSA_CLAIM_ID_BASE - 1)
+#define EAT_ARM_PSA_CLAIM_ID_SECURITY_LIFECYCLE (EAT_ARM_PSA_CLAIM_ID_BASE - 2)
+#define EAT_ARM_PSA_CLAIM_ID_IMPLEMENTATION_ID (EAT_ARM_PSA_CLAIM_ID_BASE - 3)
+#define EAT_ARM_PSA_CLAIM_ID_BOOT_SEED (EAT_ARM_PSA_CLAIM_ID_BASE - 4)
+#define EAT_ARM_PSA_CLAIM_ID_HW_VERSION (EAT_ARM_PSA_CLAIM_ID_BASE - 5)
+#define EAT_ARM_PSA_CLAIM_ID_SW_COMPONENTS (EAT_ARM_PSA_CLAIM_ID_BASE - 6)
+#define EAT_ARM_PSA_CLAIM_ID_NO_SW_COMPONENTS (EAT_ARM_PSA_CLAIM_ID_BASE - 7)
+#define EAT_ARM_PSA_CLAIM_ID_CHALLENGE (EAT_ARM_PSA_CLAIM_ID_BASE - 8)
+#define EAT_ARM_PSA_CLAIM_ID_UEID (EAT_ARM_PSA_CLAIM_ID_BASE - 9)
+#define EAT_ARM_PSA_CLAIM_ID_ORIGINATION (EAT_ARM_PSA_CLAIM_ID_BASE - 10)
+
+/**
+ * SW component EAT claim IDs
+ */
+#define EAT_SW_COMPONENT_CLAIM_ID_MEASUREMENT_TYPE (1)
+#define EAT_SW_COMPONENT_CLAIM_ID_MEASUREMENT_VALUE (2)
+#define EAT_SW_COMPONENT_CLAIM_ID_RESERVED (3)
+#define EAT_SW_COMPONENT_CLAIM_ID_VERSION (4)
+#define EAT_SW_COMPONENT_CLAIM_ID_SIGNER_ID (5)
+#define EAT_SW_COMPONENT_CLAIM_ID_MEASUREMENT_DESC (6)
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PROTOCOLS_ATTESTATION_EAT */
diff --git a/protocols/service/attestation/packed-c/get_token.h b/protocols/service/attestation/packed-c/get_token.h
new file mode 100644
index 0000000..e02ed1e
--- /dev/null
+++ b/protocols/service/attestation/packed-c/get_token.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TS_ATTESTATION_GET_TOKEN_H
+#define TS_ATTESTATION_GET_TOKEN_H
+
+/* Variable length input parameter tags */
+enum
+{
+ /* TLV tag to identify the auth_challenge
+ * input parameter.
+ */
+ TS_ATTESTATION_GET_TOKEN_IN_TAG_AUTH_CHALLENGE = 1,
+};
+
+/* Variable length output parameter tags */
+enum
+{
+ /* TLV tag to identify the signed token
+ * output parameter.
+ */
+ TS_ATTESTATION_GET_TOKEN_OUT_TAG_TOKEN = 1
+};
+
+#endif /* TS_ATTESTATION_GET_TOKEN_H */
diff --git a/protocols/service/attestation/packed-c/get_token_size.h b/protocols/service/attestation/packed-c/get_token_size.h
new file mode 100644
index 0000000..c342541
--- /dev/null
+++ b/protocols/service/attestation/packed-c/get_token_size.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TS_ATTESTATION_GET_TOKEN_SIZE_H
+#define TS_ATTESTATION_GET_TOKEN_SIZE_H
+
+#include <stdint.h>
+
+/* Mandatory fixed sized input parameters */
+struct __attribute__ ((__packed__)) ts_attestation_get_token_size_in
+{
+ /* The size of the challenge (nonce) that a client
+ * intends to provide when requesting a new token.
+ */
+ uint32_t challenge_size;
+};
+
+/* Mandatory fixed sized output parameters */
+struct __attribute__ ((__packed__)) ts_attestation_get_token_size_out
+{
+ /* The calculated size of the token that would be
+ * returned.
+ */
+ uint32_t token_size;
+};
+
+#endif /* TS_ATTESTATION_GET_TOKEN_SIZE_H */
diff --git a/protocols/service/attestation/packed-c/opcodes.h b/protocols/service/attestation/packed-c/opcodes.h
new file mode 100644
index 0000000..62a7617
--- /dev/null
+++ b/protocols/service/attestation/packed-c/opcodes.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TS_ATTESTATION_OPCODES_H
+#define TS_ATTESTATION_OPCODES_H
+
+/* C/C++ definition of attestation service opcodes
+ */
+#define TS_ATTESTATION_OPCODE_NOP (0x0000)
+#define TS_ATTESTATION_OPCODE_GET_TOKEN (0x0001)
+#define TS_ATTESTATION_OPCODE_GET_TOKEN_SIZE (0x0002)
+
+#endif /* TS_ATTESTATION_OPCODES_H */