TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / c64890c202018f76d138d84f5560b4018c20c360 / . / components / service / attestation / client / psa / iat_client.c
blob: 407572b353ac968cfd94afe3860a5102a12208d9 [file] [log] [blame]
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]1/*
Julian Hall6e02acf2022-02-22 16:25:03 +0000[diff] [blame]2 * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <stddef.h>
8#include <string.h>
9#include "iat_client.h"
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]10#include "rpc_caller_session.h"
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]11#include <common/tlv/tlv.h>
12#include <psa/initial_attestation.h>
Julian Hall99a57e32021-07-28 14:18:50 +0100[diff] [blame]13#include <service/common/client/service_client.h>
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]14#include <protocols/service/attestation/packed-c/get_token.h>
15#include <protocols/service/attestation/packed-c/get_token_size.h>
16#include <protocols/service/attestation/packed-c/opcodes.h>
17#include <protocols/rpc/common/packed-c/status.h>
18
19/**
20 * @brief The singleton psa_iat_client instance
21 *
Julian Hall99a57e32021-07-28 14:18:50 +0100[diff] [blame]22 * The psa attestation C API assumes a single backend service provider.
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]23 */
Julian Hall99a57e32021-07-28 14:18:50 +0100[diff] [blame]24static struct service_client instance;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]25
26
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]27psa_status_t psa_iat_client_init(struct rpc_caller_session *session)
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]28{
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]29 return service_client_init(&instance, session);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]30}
31
32void psa_iat_client_deinit(void)
33{
Julian Hall99a57e32021-07-28 14:18:50 +0100[diff] [blame]34 service_client_deinit(&instance);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]35}
36
37int psa_iat_client_rpc_status(void)
38{
39 return instance.rpc_status;
40}
41
42psa_status_t psa_initial_attest_get_token(
43 const uint8_t *auth_challenge, size_t challenge_size,
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]44 uint8_t *token_buf, size_t token_buf_size, size_t *token_size)
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]45{
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]46 psa_status_t psa_status = PSA_ERROR_INVALID_ARGUMENT;
47 size_t req_len = tlv_required_space(challenge_size);
48 struct tlv_record challenge_record = { 0 };
49 rpc_call_handle call_handle;
50 uint8_t *req_buf;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]51
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]52 if (!token_buf || !token_buf_size)
53 return PSA_ERROR_INVALID_ARGUMENT;
Julian Hallb7db5802021-07-26 16:20:40 +0100[diff] [blame]54
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]55 challenge_record.tag = TS_ATTESTATION_GET_TOKEN_IN_TAG_AUTH_CHALLENGE;
56 challenge_record.length = challenge_size;
57 challenge_record.value = auth_challenge;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]58
59 *token_size = 0;
60
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]61 call_handle = rpc_caller_session_begin(instance.session, &req_buf, req_len,
62 tlv_required_space(token_buf_size));
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]63
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]64 if (call_handle) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]65
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]66 uint8_t *resp_buf;
67 size_t resp_len;
68 service_status_t service_status;
69 struct tlv_iterator req_iter;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]70
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]71 tlv_iterator_begin(&req_iter, req_buf, req_len);
72 tlv_encode(&req_iter, &challenge_record);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]73
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]74 instance.rpc_status =
75 rpc_caller_session_invoke(call_handle, TS_ATTESTATION_OPCODE_GET_TOKEN,
76 &resp_buf, &resp_len, &service_status);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]77
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]78 if (instance.rpc_status == RPC_SUCCESS) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]79
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]80 psa_status = service_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]81
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]82 if (psa_status == PSA_SUCCESS) {
83 struct tlv_const_iterator resp_iter;
84 struct tlv_record decoded_record;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]85
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]86 tlv_const_iterator_begin(&resp_iter, resp_buf, resp_len);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]87
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]88 if (tlv_find_decode(&resp_iter,
89 TS_ATTESTATION_GET_TOKEN_OUT_TAG_TOKEN, &decoded_record)) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]90
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]91 if (decoded_record.length <= token_buf_size) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]92
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]93 memcpy(token_buf, decoded_record.value,
94 decoded_record.length);
95 *token_size = decoded_record.length;
96 } else {
97 /* Provided buffer is too small */
98 psa_status = PSA_ERROR_BUFFER_TOO_SMALL;
99 }
100 } else {
101 /* Mandatory response parameter missing */
102 psa_status = PSA_ERROR_GENERIC_ERROR;
103 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]104 }
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]105 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]106
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]107 rpc_caller_session_end(call_handle);
108 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]109
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]110 return psa_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]111}
112
113psa_status_t psa_initial_attest_get_token_size(
114 size_t challenge_size, size_t *token_size)
115{
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]116 psa_status_t psa_status = PSA_ERROR_INVALID_ARGUMENT;
117 struct ts_attestation_get_token_size_in req_msg;
118 size_t req_len = sizeof(struct ts_attestation_get_token_size_in);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]119
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]120 *token_size = 0; /* For failure case */
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]121
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]122 req_msg.challenge_size = challenge_size;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]123
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]124 rpc_call_handle call_handle;
125 uint8_t *req_buf;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]126
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]127 call_handle = rpc_caller_session_begin(instance.session, &req_buf, req_len,
128 sizeof(struct ts_attestation_get_token_size_out));
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]129
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]130 if (call_handle) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]131
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]132 uint8_t *resp_buf;
133 size_t resp_len;
134 service_status_t service_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]135
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]136 memcpy(req_buf, &req_msg, req_len);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]137
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]138 instance.rpc_status =
139 rpc_caller_session_invoke(call_handle, TS_ATTESTATION_OPCODE_GET_TOKEN_SIZE,
140 &resp_buf, &resp_len, &service_status);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]141
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]142 if (instance.rpc_status == RPC_SUCCESS) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]143
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]144 psa_status = service_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]145
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]146 if (psa_status == PSA_SUCCESS) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]147
148 if (resp_len >= sizeof(struct ts_attestation_get_token_size_out)) {
149
150 struct ts_attestation_get_token_size_out resp_msg;
151 memcpy(&resp_msg, resp_buf, sizeof(struct ts_attestation_get_token_size_out));
152 *token_size = resp_msg.token_size;
153 }
154 else {
155 /* Failed to decode response message */
156 psa_status = PSA_ERROR_GENERIC_ERROR;
157 }
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]158 }
159 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]160
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]161 rpc_caller_session_end(call_handle);
162 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]163
Imre Kisd5d16022023-07-04 13:28:18 +0200[diff] [blame]164 return psa_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]165}