1 /*
2  * Copyright (c) 2019,2020 Linaro Limited
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 #include <zephyr/kernel.h>
8 #include <stdio.h>
9 #include <zephyr/logging/log.h>
10 
11 #include "psa/initial_attestation.h"
12 #include "psa_attestation.h"
13 #include "util_app_log.h"
14 #include "util_sformat.h"
15 
16 LOG_MODULE_DECLARE(app, CONFIG_LOG_DEFAULT_LEVEL);
17 
att_get_pub_key(void)18 psa_status_t att_get_pub_key(void)
19 {
20 	psa_status_t err = PSA_SUCCESS;
21 
22 	/* TODO: How to retrieve this?!? */
23 
24 	/* Log any eventual errors via app_log */
25 	return err ? al_psa_status(err, __func__) : err;
26 }
27 
att_get_iat(uint8_t * ch_buffer,uint32_t ch_sz,uint8_t * token_buffer,uint32_t * token_sz)28 psa_status_t att_get_iat(uint8_t *ch_buffer, uint32_t ch_sz,
29 			 uint8_t *token_buffer, uint32_t *token_sz)
30 {
31 	psa_status_t err = PSA_SUCCESS;
32 	uint32_t sys_token_sz;
33 	size_t token_buf_size = ATT_MAX_TOKEN_SIZE;
34 
35 
36 	/* Call with with bigger challenge object than allowed */
37 
38 	/*
39 	 * First determine how large the token is on this system.
40 	 * We don't need to compare with the size of ATT_MAX_TOKEN_SIZE here
41 	 * since a check will be made in 'psa_initial_attest_get_token' and the
42 	 * error return code will indicate a mismatch.
43 	 */
44 	switch (ch_sz) {
45 	case 32:
46 		err = psa_initial_attest_get_token(
47 			ch_buffer,
48 			PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32,
49 			token_buffer,
50 			token_buf_size,
51 			&sys_token_sz);
52 		break;
53 	case 48:
54 		err = psa_initial_attest_get_token(
55 			ch_buffer,
56 			PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48,
57 			token_buffer,
58 			token_buf_size,
59 			&sys_token_sz);
60 		break;
61 	case 64:
62 		err = psa_initial_attest_get_token(
63 			ch_buffer,
64 			PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64,
65 			token_buffer,
66 			token_buf_size,
67 			&sys_token_sz);
68 		break;
69 	default:
70 		err = -EINVAL;
71 		break;
72 	}
73 	if (err) {
74 		goto err;
75 	}
76 
77 	LOG_INF("att: System IAT size is: %u bytes.", sys_token_sz);
78 
79 	/* Request the initial attestation token w/the challenge data. */
80 	LOG_INF("att: Requesting IAT with %u byte challenge.", ch_sz);
81 	err = psa_initial_attest_get_token(
82 		ch_buffer,      /* Challenge/nonce input buffer. */
83 		ch_sz,          /* Challenge size (32, 48 or 64). */
84 		token_buffer,   /* Token output buffer. */
85 		token_buf_size,
86 		token_sz        /* Post exec output token size. */
87 		);
88 	LOG_INF("att: IAT data received: %u bytes.", *token_sz);
89 
90 err:
91 	/* Log any eventual errors via app_log */
92 	return err ? al_psa_status(err, __func__) : err;
93 }
94 
att_test(void)95 psa_status_t att_test(void)
96 {
97 	psa_status_t err = PSA_SUCCESS;
98 
99 	/* 64-byte nonce/challenge, encrypted using the default public key;
100 	 *
101 	 * 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
102 	 * 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
103 	 * 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
104 	 * 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
105 	 */
106 	uint32_t nonce_sz = 64;
107 	uint8_t nonce_buf[ATT_MAX_TOKEN_SIZE] = {
108 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
109 		0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
110 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
111 		0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
112 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
113 		0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
114 		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
115 		0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
116 		0
117 	};
118 
119 	/* IAT response buffer. */
120 	uint32_t iat_sz = ATT_MAX_TOKEN_SIZE;
121 	uint8_t iat_buf[ATT_MAX_TOKEN_SIZE] = { 0 };
122 
123 	/* String format output config. */
124 	struct sf_hex_tbl_fmt fmt = {
125 		.ascii = true,
126 		.addr_label = true,
127 		.addr = 0
128 	};
129 
130 	/* Request the IAT from the initial attestation service. */
131 	err = att_get_iat(nonce_buf, nonce_sz, iat_buf, &iat_sz);
132 	if (err) {
133 		goto err;
134 	}
135 
136 	/* Display queued log messages before dumping the IAT. */
137 	al_dump_log();
138 
139 	/* Dump the IAT for debug purposes. */
140 	sf_hex_tabulate_16(&fmt, iat_buf, (size_t)iat_sz);
141 
142 err:
143 	return err;
144 }
145