TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 09e55004d4f81ea890a551a787cfe16b0d32dec3 / . / components / service / attestation / provider / attest_provider.c
blob: 59406f250ad40263e15a045f7455ea29ad0757f0 [file] [log] [blame]
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]1/*
2 * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6#include <stdlib.h>
7#include <string.h>
8#include <protocols/service/attestation/packed-c/opcodes.h>
9#include <protocols/rpc/common/packed-c/status.h>
10#include <service/attestation/key_mngr/attest_key_mngr.h>
11#include <service/attestation/reporter/attest_report.h>
12#include <psa/initial_attestation.h>
13#include "attest_provider.h"
14
15/* Service request handlers */
16static rpc_status_t get_token_handler(void *context, struct call_req* req);
17static rpc_status_t get_token_size_handler(void *context, struct call_req* req);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]18static rpc_status_t export_iak_public_key_handler(void *context, struct call_req* req);
19static rpc_status_t import_iak_handler(void *context, struct call_req* req);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]20static rpc_status_t iak_exists_handler(void *context, struct call_req* req);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]21
22/* Handler mapping table for service */
23static const struct service_handler handler_table[] = {
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]24 {TS_ATTESTATION_OPCODE_GET_TOKEN, get_token_handler},
25 {TS_ATTESTATION_OPCODE_GET_TOKEN_SIZE, get_token_size_handler},
26 {TS_ATTESTATION_OPCODE_EXPORT_IAK_PUBLIC_KEY, export_iak_public_key_handler},
27 {TS_ATTESTATION_OPCODE_IMPORT_IAK, import_iak_handler},
28 {TS_ATTESTATION_OPCODE_IAK_EXISTS, iak_exists_handler}
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]29};
30
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]31struct rpc_interface *attest_provider_init(struct attest_provider *context)
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]32{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]33 struct rpc_interface *rpc_interface = NULL;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]34
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]35 if (context) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]36
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]37 for (size_t encoding = 0; encoding < TS_RPC_ENCODING_LIMIT; ++encoding)
38 context->serializers[encoding] = NULL;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]39
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]40 service_provider_init(&context->base_provider, context,
41 handler_table, sizeof(handler_table)/sizeof(struct service_handler));
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]42
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]43 rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
44 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]45
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]46 return rpc_interface;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]47}
48
49void attest_provider_deinit(struct attest_provider *context)
50{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]51 (void)context;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]52}
53
54void attest_provider_register_serializer(struct attest_provider *context,
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]55 unsigned int encoding, const struct attest_provider_serializer *serializer)
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]56{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]57 if (encoding < TS_RPC_ENCODING_LIMIT)
58 context->serializers[encoding] = serializer;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]59}
60
61static const struct attest_provider_serializer *get_attest_serializer(
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]62 struct attest_provider *context, const struct call_req *req)
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]63{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]64 const struct attest_provider_serializer *serializer = NULL;
65 unsigned int encoding = call_req_get_encoding(req);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]66
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]67 if (encoding < TS_RPC_ENCODING_LIMIT) serializer = context->serializers[encoding];
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]68
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]69 return serializer;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]70}
71
72static rpc_status_t get_token_handler(void *context, struct call_req* req)
73{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]74 struct attest_provider *this_instance = (struct attest_provider*)context;
75 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]76
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]77 uint8_t challenge[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64];
78 size_t challenge_len = sizeof(challenge);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]79
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]80 struct call_param_buf *req_buf = call_req_get_req_buf(req);
81 const struct attest_provider_serializer *serializer = get_attest_serializer(this_instance, req);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]82
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]83 if (serializer)
84 rpc_status = serializer->deserialize_get_token_req(req_buf, challenge, &challenge_len);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]85
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]86 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]87
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]88 const uint8_t *token = NULL;
89 size_t token_size = 0;
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]90
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]91 rpc_opstatus_t opstatus = attest_report_create((int32_t)call_req_get_caller_id(req),
92 challenge, challenge_len,
93 &token, &token_size);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]94
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]95 if (opstatus == PSA_SUCCESS) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]96
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]97 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
98 rpc_status = serializer->serialize_get_token_resp(resp_buf, token, token_size);
99 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]100
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]101 attest_report_destroy(token);
102 call_req_set_opstatus(req, opstatus);
103 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]104
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]105 return rpc_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]106}
107
108static rpc_status_t get_token_size_handler(void *context, struct call_req* req)
109{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]110 struct attest_provider *this_instance = (struct attest_provider*)context;
111 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]112
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]113 uint8_t challenge[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64];
114 size_t challenge_len = sizeof(challenge);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]115
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]116 struct call_param_buf *req_buf = call_req_get_req_buf(req);
117 const struct attest_provider_serializer *serializer = get_attest_serializer(this_instance, req);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]118
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]119 memset(challenge, 0, sizeof(challenge));
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]120
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]121 if (serializer)
122 rpc_status = serializer->deserialize_get_token_size_req(req_buf, &challenge_len);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]123
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]124 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]125
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]126 const uint8_t *token = NULL;
127 size_t token_size = 0;
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]128
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]129 rpc_opstatus_t opstatus = attest_report_create((int32_t)call_req_get_caller_id(req),
130 challenge, challenge_len,
131 &token, &token_size);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]132
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]133 if (opstatus == PSA_SUCCESS) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]134
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]135 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
136 rpc_status = serializer->serialize_get_token_size_resp(resp_buf, token_size);
137 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]138
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]139 attest_report_destroy(token);
140 call_req_set_opstatus(req, opstatus);
141 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]142
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]143 return rpc_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]144}
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]145
146static rpc_status_t export_iak_public_key_handler(void *context, struct call_req* req)
147{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]148 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
149 struct call_param_buf *req_buf = call_req_get_req_buf(req);
150 const struct attest_provider_serializer *serializer = get_attest_serializer(context, req);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]151
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]152 if (serializer) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]153
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]154 size_t max_key_size = attest_key_mngr_max_iak_export_size();
155 uint8_t *key_buffer = malloc(max_key_size);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]156
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]157 if (key_buffer) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]158
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]159 size_t export_size = 0;
160 rpc_opstatus_t opstatus =
161 attest_key_mngr_export_iak_public_key(key_buffer, max_key_size, &export_size);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]162
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]163 rpc_status = TS_RPC_CALL_ACCEPTED;
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]164
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]165 if (opstatus == PSA_SUCCESS) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]166
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]167 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
168 rpc_status =
169 serializer->serialize_export_iak_public_key_resp(resp_buf,
170 key_buffer, export_size);
171 }
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]172
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]173 free(key_buffer);
174 call_req_set_opstatus(req, opstatus);
175 }
176 else {
177 /* Failed to allocate key buffer */
178 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
179 }
180 }
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]181
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]182 return rpc_status;
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]183}
184
185static rpc_status_t import_iak_handler(void *context, struct call_req* req)
186{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]187 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
188 struct call_param_buf *req_buf = call_req_get_req_buf(req);
189 const struct attest_provider_serializer *serializer = get_attest_serializer(context, req);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]190
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]191 if (serializer) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]192
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]193 size_t key_data_len = attest_key_mngr_max_iak_import_size();
194 uint8_t *key_buffer = malloc(key_data_len);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]195
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]196 if (key_buffer) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]197
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]198 rpc_status =
199 serializer->deserialize_import_iak_req(req_buf, key_buffer, &key_data_len);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]200
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]201 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]202
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]203 rpc_opstatus_t opstatus;
204 opstatus = attest_key_mngr_import_iak(key_buffer, key_data_len);
205 call_req_set_opstatus(req, opstatus);
206 }
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]207
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]208 free(key_buffer);
209 }
210 else {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]211
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]212 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
213 }
214 }
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]215
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]216 return rpc_status;
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]217}
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]218
219static rpc_status_t iak_exists_handler(void *context, struct call_req* req)
220{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]221 rpc_opstatus_t opstatus = PSA_ERROR_DOES_NOT_EXIST;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]222
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]223 if (attest_key_mngr_iak_exists()) {
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]224
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]225 opstatus = PSA_SUCCESS;
226 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]227
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]228 call_req_set_opstatus(req, opstatus);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]229
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]230 return TS_RPC_CALL_ACCEPTED;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]231}