Align to PSA Attestation API tests
Fixes psa-api-test/initial_attestation deployments for linux_pc
and arm-linux. Also includes changes to enable tests to obtain
the public IAK and fetch and verify attestation token. The
attestation psa arch test currently fails because of a
hard-coded expectation that the attestation token only
contains a single sw component. On Linux platforms, there
are multiple sw components. Other verification checks on
the attestation token pass.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I7b380b8d1478bc340b5a4b133799c231f64942ff
diff --git a/deployments/attestation/opteesp/CMakeLists.txt b/deployments/attestation/opteesp/CMakeLists.txt
index 5cd47d7..40578e3 100644
--- a/deployments/attestation/opteesp/CMakeLists.txt
+++ b/deployments/attestation/opteesp/CMakeLists.txt
@@ -56,6 +56,7 @@
"components/service/attestation/claims/sources/boot_seed_generator"
"components/service/attestation/claims/sources/null_lifecycle"
"components/service/attestation/claims/sources/instance_id"
+ "components/service/attestation/claims/sources/implementation_id"
"components/service/attestation/claims/sources/event_log"
"components/service/attestation/claims/sources/event_log/mock"
"components/service/attestation/reporter/local"
diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index 4973793..2cfff4c 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake
@@ -48,6 +48,7 @@
"components/service/attestation/claims/sources/boot_seed_generator"
"components/service/attestation/claims/sources/null_lifecycle"
"components/service/attestation/claims/sources/instance_id"
+ "components/service/attestation/claims/sources/implementation_id"
"components/service/attestation/claims/sources/event_log"
"components/service/attestation/claims/sources/event_log/mock"
"components/service/attestation/claims/sources/event_log/test"
diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index e2e1077..4b97a1a 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt
@@ -47,6 +47,7 @@
"components/service/attestation/claims/sources/boot_seed_generator"
"components/service/attestation/claims/sources/null_lifecycle"
"components/service/attestation/claims/sources/instance_id"
+ "components/service/attestation/claims/sources/implementation_id"
"components/service/attestation/claims/sources/event_log"
"components/service/attestation/claims/sources/event_log/mock"
"components/service/attestation/reporter/local"
diff --git a/deployments/psa-api-test/initial_attestation/arm-linux/CMakeLists.txt b/deployments/psa-api-test/initial_attestation/arm-linux/CMakeLists.txt
new file mode 100644
index 0000000..183f121
--- /dev/null
+++ b/deployments/psa-api-test/initial_attestation/arm-linux/CMakeLists.txt
@@ -0,0 +1,33 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+cmake_minimum_required(VERSION 3.16)
+include(../../../deployment.cmake REQUIRED)
+include(../../psa-api-test-config.cmake REQUIRED)
+
+#-------------------------------------------------------------------------------
+# The CMakeLists.txt for building the psa-api-test deployment for arm-linux
+#
+# Used for building and running psa arch tests on an Arm based Linux device
+#-------------------------------------------------------------------------------
+include(${TS_ROOT}/environments/arm-linux/env.cmake)
+project(trusted-services LANGUAGES CXX C)
+add_executable(psa-api-test)
+target_include_directories(psa-api-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
+
+#-------------------------------------------------------------------------------
+# Extend with components that are common across all deployments of
+# psa-api-test/initial_attestation
+#-------------------------------------------------------------------------------
+include(../iat-api-test.cmake REQUIRED)
+
+#-------------------------------------------------------------------------------
+# Linker option to enable repeated searches for undefined references.
+# Required to resolve dependencies between arch-test and mbedcrypto libraries.
+#-------------------------------------------------------------------------------
+target_link_options(psa-api-test PRIVATE
+ -Wl,--start-group
+ )
diff --git a/deployments/psa-api-test/initial_attestation/iat-api-test.cmake b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake
index 79655ff..55ecd4a 100644
--- a/deployments/psa-api-test/initial_attestation/iat-api-test.cmake
+++ b/deployments/psa-api-test/initial_attestation/iat-api-test.cmake
@@ -12,6 +12,20 @@
set(TS_ARCH_TEST_SUITE INITIAL_ATTESTATION CACHE STRING "Arch test suite")
#-------------------------------------------------------------------------------
+# Set additional defines needed for build.
+#-------------------------------------------------------------------------------
+set(TS_ARCH_TEST_EXTERNAL_DEFS
+ -DPSA_ALG_MD4=0x02000002
+ CACHE STRING "Arch test external defines")
+
+#-------------------------------------------------------------------------------
+# The arch test build system puts its build output under a test suite specific
+# subdirectory. The subdirectory name is different from the test suite name
+# so an additional define is needed to obtain the built library.
+#-------------------------------------------------------------------------------
+set(TS_ARCH_TEST_BUILD_SUBDIR initial_attestation CACHE STRING "Arch test build subdirectory")
+
+#-------------------------------------------------------------------------------
# Add attestation specific components.
#
#-------------------------------------------------------------------------------
@@ -21,6 +35,11 @@
COMPONENTS
"components/service/attestation/include"
"components/service/attestation/client/psa"
+ "components/service/attestation/client/provision"
+)
+
+target_sources(psa-api-test PRIVATE
+ ${TS_ROOT}/deployments/psa-api-test/initial_attestation/iat_locator.c
)
#-------------------------------------------------------------------------------
diff --git a/deployments/psa-api-test/initial_attestation/iat_locator.c b/deployments/psa-api-test/initial_attestation/iat_locator.c
new file mode 100644
index 0000000..3865cd7
--- /dev/null
+++ b/deployments/psa-api-test/initial_attestation/iat_locator.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+#include <service_locator.h>
+#include <service/attestation/client/psa/iat_client.h>
+#include <service/attestation/client/provision/attest_provision_client.h>
+#include <protocols/rpc/common/packed-c/encoding.h>
+#include "../service_under_test.h"
+
+/* RPC context */
+static rpc_session_handle session_handle = NULL;
+static struct service_context *crypto_service_context = NULL;
+
+int locate_service_under_test(struct logging_caller *call_logger)
+{
+ int status = -1;
+
+ if (!session_handle && !crypto_service_context) {
+
+ struct rpc_caller *caller;
+
+ crypto_service_context =
+ service_locator_query("sn:trustedfirmware.org:attestation:0", &status);
+
+ if (crypto_service_context) {
+
+ session_handle =
+ service_context_open(crypto_service_context, TS_RPC_ENCODING_PACKED_C, &caller);
+
+ if (session_handle) {
+
+ if (call_logger) {
+
+ struct rpc_caller *stacked_caller = logging_caller_attach(call_logger, caller);
+
+ psa_iat_client_init(stacked_caller);
+ attest_provision_client_init(stacked_caller);
+ }
+ else {
+
+ psa_iat_client_init(caller);
+ attest_provision_client_init(caller);
+ }
+
+ status = 0;
+ }
+ else {
+
+ status = -1;
+ relinquish_service_under_test();
+ }
+ }
+ }
+
+ return status;
+}
+
+void relinquish_service_under_test(void)
+{
+ psa_iat_client_deinit();
+ attest_provision_client_deinit();
+
+ if (crypto_service_context && session_handle) {
+
+ service_context_close(crypto_service_context, session_handle);
+ session_handle = NULL;
+ }
+
+ if (crypto_service_context) {
+
+ service_context_relinquish(crypto_service_context);
+ crypto_service_context = NULL;
+ }
+}
diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
index 2b87cba..cb34e26 100644
--- a/deployments/se-proxy/opteesp/CMakeLists.txt
+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
@@ -81,6 +81,7 @@
"components/service/attestation/claims/sources/boot_seed_generator"
"components/service/attestation/claims/sources/null_lifecycle"
"components/service/attestation/claims/sources/instance_id"
+ "components/service/attestation/claims/sources/implementation_id"
"components/service/attestation/claims/sources/event_log"
"components/service/attestation/claims/sources/event_log/mock"
"components/service/attestation/reporter/local"