1 /*
2 * Copyright (c) 2019,2020 Linaro Limited
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <zephyr/kernel.h>
8 #include <stdio.h>
9 #include <zephyr/logging/log.h>
10
11 #include "psa/initial_attestation.h"
12 #include "psa_attestation.h"
13 #include "util_app_log.h"
14 #include "util_sformat.h"
15
16 LOG_MODULE_DECLARE(app, CONFIG_LOG_DEFAULT_LEVEL);
17
att_get_pub_key(void)18 psa_status_t att_get_pub_key(void)
19 {
20 psa_status_t err = PSA_SUCCESS;
21
22 /* TODO: How to retrieve this?!? */
23
24 /* Log any eventual errors via app_log */
25 return err ? al_psa_status(err, __func__) : err;
26 }
27
att_get_iat(uint8_t * ch_buffer,uint32_t ch_sz,uint8_t * token_buffer,uint32_t * token_sz)28 psa_status_t att_get_iat(uint8_t *ch_buffer, uint32_t ch_sz,
29 uint8_t *token_buffer, uint32_t *token_sz)
30 {
31 psa_status_t err = PSA_SUCCESS;
32 uint32_t sys_token_sz;
33 size_t token_buf_size = ATT_MAX_TOKEN_SIZE;
34
35
36 /* Call with with bigger challenge object than allowed */
37
38 /*
39 * First determine how large the token is on this system.
40 * We don't need to compare with the size of ATT_MAX_TOKEN_SIZE here
41 * since a check will be made in 'psa_initial_attest_get_token' and the
42 * error return code will indicate a mismatch.
43 */
44 switch (ch_sz) {
45 case 32:
46 err = psa_initial_attest_get_token(
47 ch_buffer,
48 PSA_INITIAL_ATTEST_CHALLENGE_SIZE_32,
49 token_buffer,
50 token_buf_size,
51 &sys_token_sz);
52 break;
53 case 48:
54 err = psa_initial_attest_get_token(
55 ch_buffer,
56 PSA_INITIAL_ATTEST_CHALLENGE_SIZE_48,
57 token_buffer,
58 token_buf_size,
59 &sys_token_sz);
60 break;
61 case 64:
62 err = psa_initial_attest_get_token(
63 ch_buffer,
64 PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64,
65 token_buffer,
66 token_buf_size,
67 &sys_token_sz);
68 break;
69 default:
70 err = -EINVAL;
71 break;
72 }
73 if (err) {
74 goto err;
75 }
76
77 LOG_INF("att: System IAT size is: %u bytes.", sys_token_sz);
78
79 /* Request the initial attestation token w/the challenge data. */
80 LOG_INF("att: Requesting IAT with %u byte challenge.", ch_sz);
81 err = psa_initial_attest_get_token(
82 ch_buffer, /* Challenge/nonce input buffer. */
83 ch_sz, /* Challenge size (32, 48 or 64). */
84 token_buffer, /* Token output buffer. */
85 token_buf_size,
86 token_sz /* Post exec output token size. */
87 );
88 LOG_INF("att: IAT data received: %u bytes.", *token_sz);
89
90 err:
91 /* Log any eventual errors via app_log */
92 return err ? al_psa_status(err, __func__) : err;
93 }
94
att_test(void)95 psa_status_t att_test(void)
96 {
97 psa_status_t err = PSA_SUCCESS;
98
99 /* 64-byte nonce/challenge, encrypted using the default public key;
100 *
101 * 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
102 * 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
103 * 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
104 * 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
105 */
106 uint32_t nonce_sz = 64;
107 uint8_t nonce_buf[ATT_MAX_TOKEN_SIZE] = {
108 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
109 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
110 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
111 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
112 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
113 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
114 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
115 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
116 0
117 };
118
119 /* IAT response buffer. */
120 uint32_t iat_sz = ATT_MAX_TOKEN_SIZE;
121 uint8_t iat_buf[ATT_MAX_TOKEN_SIZE] = { 0 };
122
123 /* String format output config. */
124 struct sf_hex_tbl_fmt fmt = {
125 .ascii = true,
126 .addr_label = true,
127 .addr = 0
128 };
129
130 /* Request the IAT from the initial attestation service. */
131 err = att_get_iat(nonce_buf, nonce_sz, iat_buf, &iat_sz);
132 if (err) {
133 goto err;
134 }
135
136 /* Display queued log messages before dumping the IAT. */
137 al_dump_log();
138
139 /* Dump the IAT for debug purposes. */
140 sf_hex_tabulate_16(&fmt, iat_buf, (size_t)iat_sz);
141
142 err:
143 return err;
144 }
145
