1diff --git a/ports/demo/demo-discovery.c b/ports/demo/demo-discovery.c 2index aab117a..a7a0f5d 100644 3--- a/ports/demo/demo-discovery.c 4+++ b/ports/demo/demo-discovery.c 5@@ -88,24 +88,31 @@ 6 ED25519_VAL ED448_VAL SM2SM3_VAL HMAC_VAL CMAC_VAL 7 8 uint8_t discovery_template[] = { 9- // @+00 (6 bytes) psa_auth_version: 1.0 10- 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 11- // @+06 (6 bytes) vendor_id: {0x04, 0x3B} => 0x023B ("ARM Ltd.") 12- 0x02, 0x00, 0x02, 0x00, 0x04, 0x3B, 13- // @+12 (8 bytes) soc_class: [0x00, 0x00, 0x00, 0x00] 14- 0x03, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 15- // @+20 (20 bytes) soc_id: [0x00] * 16 16- 0x04, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 17- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 18+ // @+00 (12 bytes) psa_auth_version: 1.0 19+ 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 20+ 0x01, 0x00, 0x00, 0x00, 21+ // @+12 (12 bytes) vendor_id: {0x04, 0x3B} => 0x023B ("ARM Ltd.") 22+ 0x00, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 23+ 0x04, 0x3B, 0x00, 0x00, 24+ // @+24 (12 bytes) soc_class: [0x00, 0x00, 0x00, 0x00] 25+ 0x00, 0x00, 0x03, 0x00, 0x04, 0x00, 0x00, 0x00, 26 0x00, 0x00, 0x00, 0x00, 27- // @+40 (6 bytes) psa_lifecycle: PSA_LIFECYCLE_SECURED 28- 0x08, 0x00, 0x02, 0x00, 0x00, 0x30, 29- // @+46 (6 bytes) token_formats: [{0x00, 0x02} (token_psa_debug)] 30- 0x00, 0x01, 0x02, 0x00, 0x00, 0x02, 31- // @+52 (6 bytes) cert_formats: [{0x01, 0x02} (cert_psa_debug)] 32- 0x01, 0x01, 0x02, 0x00, 0x01, 0x02, 33- // @+58 (4 + X bytes) cryptosystems: [...] 34- 0x02, 0x01, CRYPTO_CNT, 0x00, CRYPTO_VALS 35+ // @+36 (24 bytes) soc_id: [0x00] * 16 36+ 0x00, 0x00, 0x04, 0x00, 0x10, 0x00, 0x00, 0x00, 37+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 38+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 39+ // @+60 (12 bytes) psa_lifecycle: PSA_LIFECYCLE_SECURED 40+ 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 41+ 0x00, 0x30, 0x00, 0x00, 42+ // @+72 (12 bytes) token_formats: [{0x00, 0x02} (token_psa_debug)] 43+ 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 44+ 0x00, 0x02, 0x00, 0x00, 45+ // @+84 (12 bytes) cert_formats: [{0x01, 0x02} (cert_psa_debug)] 46+ 0x00, 0x00, 0x01, 0x01, 0x02, 0x00, 0x00, 0x00, 47+ 0x01, 0x02, 0x00, 0x00, 48+ // @+96 (8 + X bytes) cryptosystems: [...] 49+ 0x00, 0x00, 0x02, 0x01, CRYPTO_CNT, 0x00, 0x00, 0x00, 50+ CRYPTO_VALS 51 }; 52 53 size_t discovery_template_len = sizeof(discovery_template); 54diff --git a/ports/platforms/transports/unix_socket.c b/ports/platforms/transports/unix_socket.c 55index 359a8c4..7ad11ff 100644 56--- a/ports/platforms/transports/unix_socket.c 57+++ b/ports/platforms/transports/unix_socket.c 58@@ -54,7 +54,7 @@ static int message_receive(int fd, uint8_t buffer[], size_t max, size_t *size) { 59 } 60 } 61 62- PSA_ADAC_LOG_DUMP("msg", "receive", buffer, 4 + p->data_count * 4); 63+ PSA_ADAC_LOG_DUMP("msg", "receive", buffer, sizeof(request_packet_t) + p->data_count * 4); 64 65 return 0; 66 } 67diff --git a/ports/targets/native/autotest.c b/ports/targets/native/autotest.c 68index 8817825..ad185d5 100644 69--- a/ports/targets/native/autotest.c 70+++ b/ports/targets/native/autotest.c 71@@ -111,7 +111,7 @@ void run_test(char *chain_file, char *key_file, uint8_t type) { 72 return; 73 } 74 psa_adac_sign_token(challenge->challenge_vector, sizeof(challenge->challenge_vector), 75- key_type, NULL, 0, &token, &token_size, handle, NULL, 0); 76+ key_type, NULL, 0, &token, &token_size, NULL, handle, NULL, 0); 77 psa_destroy_key(handle); 78 } else if ((type == CMAC_AES) || (type == HMAC_SHA256)) { 79 if (0 != load_secret_key(key_file, key_type, &key, &key_size)) { 80@@ -119,7 +119,7 @@ void run_test(char *chain_file, char *key_file, uint8_t type) { 81 return; 82 } 83 psa_adac_sign_token(challenge->challenge_vector, sizeof(challenge->challenge_vector), 84- key_type, NULL, 0, &token, &token_size, 0, key, key_size); 85+ key_type, NULL, 0, &token, &token_size, NULL, 0, key, key_size); 86 } 87 response_packet_release(response); 88 89diff --git a/ports/targets/native/client.c b/ports/targets/native/client.c 90index 2316a87..740be99 100755 91--- a/ports/targets/native/client.c 92+++ b/ports/targets/native/client.c 93@@ -135,7 +135,7 @@ int main(int argc, char *argv[]) { 94 95 96 if (PSA_SUCCESS == psa_adac_sign_token(challenge->challenge_vector, sizeof(challenge->challenge_vector), 97- key_type, NULL, 0, &token, &token_size, handle, key, key_size)) { 98+ key_type, NULL, 0, &token, &token_size, NULL, handle, key, key_size)) { 99 response_packet_release(response); 100 PSA_ADAC_LOG_DUMP("client", "token", token, token_size); 101 } else { 102diff --git a/ports/targets/native/psa_sdm.c b/ports/targets/native/psa_sdm.c 103index 2d775c1..d5e47ea 100755 104--- a/ports/targets/native/psa_sdm.c 105+++ b/ports/targets/native/psa_sdm.c 106@@ -178,7 +178,7 @@ SDM_EXTERN SDMReturnCode SDM_Authenticate(SDMHandle handle, const SDMAuthenticat 107 config->callbacks->updateProgress("signing token", 40, config->refcon); 108 109 if (PSA_SUCCESS == psa_adac_sign_token(challenge->challenge_vector, sizeof(challenge->challenge_vector), 110- key_type, NULL, 0, &token, &token_size, key_handle, NULL, 0)) { 111+ key_type, NULL, 0, &token, &token_size, NULL, key_handle, NULL, 0)) { 112 response_packet_release(response); 113 PSA_ADAC_LOG_DUMP("client", "token", token, token_size); 114 } else { 115diff --git a/ports/targets/native/selftest.c b/ports/targets/native/selftest.c 116index 14d09d1..a1084e9 100755 117--- a/ports/targets/native/selftest.c 118+++ b/ports/targets/native/selftest.c 119@@ -133,7 +133,7 @@ int main(int argc, char *argv[]) { 120 } 121 122 if (PSA_SUCCESS == psa_adac_sign_token(challenge.challenge_vector, sizeof(challenge.challenge_vector), 123- key_type, NULL, 0, &token, &token_size, handle, NULL, 0)) { 124+ key_type, NULL, 0, &token, &token_size, NULL, handle, NULL, 0)) { 125 // PSA_ADAC_LOG_DUMP("client", "token", token, token_size); 126 127 if (PSA_SUCCESS != psa_adac_verify_token_signature(token + 4, token_size - 4, 128diff --git a/psa-adac/core/include/psa_adac.h b/psa-adac/core/include/psa_adac.h 129index c965f76..0bf80be 100644 130--- a/psa-adac/core/include/psa_adac.h 131+++ b/psa-adac/core/include/psa_adac.h 132@@ -20,6 +20,17 @@ 133 134 #define ROUND_TO_WORD(x) (((size_t)x + 3) & ~0x03UL) 135 136+/** \brief Version 137+ * 138+ * Current version numbers for certificate and token format. 139+ */ 140+enum _adac_versions { 141+ SDP_CERT_MAJOR = 1, 142+ SDP_CERT_MINOR = 0, 143+ SDP_TOKEN_MAJOR = 1, 144+ SDP_TOKEN_MINOR = 0, 145+}; 146+ 147 /** \brief Key options 148 * 149 */ 150@@ -124,7 +135,7 @@ typedef struct { 151 uint8_t usage; 152 uint16_t _reserved; //!< Must be set to zero. 153 uint16_t lifecycle; 154- uint16_t custom_constraint; 155+ uint16_t oem_constraint; 156 uint32_t extensions_bytes; 157 uint32_t soc_class; 158 uint8_t soc_id[16]; 159@@ -144,6 +155,7 @@ typedef struct { 160 161 #define CHALLENGE_SIZE 32 162 #define MAX_EXTENSIONS 16 163+#define PERMISSION_BITS 128 164 165 /** \brief Authentication challenge 166 * 167diff --git a/psa-adac/sda/src/psa_adac_sda.c b/psa-adac/sda/src/psa_adac_sda.c 168index f57f65c..d5e030c 100644 169--- a/psa-adac/sda/src/psa_adac_sda.c 170+++ b/psa-adac/sda/src/psa_adac_sda.c 171@@ -365,7 +365,6 @@ int authentication_handle(authentication_context_t *auth_ctx) { 172 (void) authenticator_request_packet_release(auth_ctx, request); 173 response = authenticator_response_packet_build(auth_ctx, SDP_SUCCESS, NULL, 0); 174 ret = authenticator_send_response(auth_ctx, response); 175- done = 1; 176 break; 177 178 default: 179@@ -380,8 +379,12 @@ int authentication_handle(authentication_context_t *auth_ctx) { 180 PSA_ADAC_LOG_ERR("auth", "Error sending response: %04x\n", ret); 181 } 182 183- if ((auth_ctx->state == AUTH_SUCCESS) || (auth_ctx->state == AUTH_FAILURE)) { 184- done = 1; 185+ if ((auth_ctx->state == AUTH_SUCCESS)) { 186+ PSA_ADAC_LOG_INFO("auth", "Authentication is a success\n"); 187+ auth_ctx->state = AUTH_INIT; 188+ } else if (auth_ctx->state == AUTH_FAILURE) { 189+ PSA_ADAC_LOG_INFO("auth", "Authentication is a failure\n"); 190+ auth_ctx->state = AUTH_INIT; 191 } 192 } 193 194diff --git a/psa-adac/sdm/include/psa_adac_sdm.h b/psa-adac/sdm/include/psa_adac_sdm.h 195index b15c630..616ef62 100644 196--- a/psa-adac/sdm/include/psa_adac_sdm.h 197+++ b/psa-adac/sdm/include/psa_adac_sdm.h 198@@ -31,9 +31,9 @@ int load_trust_chain(const char *chain_file, uint8_t **chain, size_t *chain_size 199 int load_trust_rotpk(const char *chain_file, psa_algorithm_t alg, uint8_t *rotpk, 200 size_t buffer_size, size_t *rotpk_size, uint8_t *rotpk_type); 201 202-psa_status_t psa_adac_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type, uint8_t exts[], 203- size_t exts_size, uint8_t *fragment[], size_t *fragment_size, psa_key_handle_t handle, 204- uint8_t *key, size_t key_size); 205+psa_status_t psa_adac_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type, 206+ uint8_t exts[], size_t exts_size, uint8_t *fragment[], size_t *fragment_size, 207+ uint8_t *req_perms, psa_key_handle_t handle, uint8_t *key, size_t key_size); 208 209 /**@}*/ 210 211diff --git a/psa-adac/sdm/src/sdm_token.c b/psa-adac/sdm/src/sdm_token.c 212index 7d048d7..01df4f4 100644 213--- a/psa-adac/sdm/src/sdm_token.c 214+++ b/psa-adac/sdm/src/sdm_token.c 215@@ -82,9 +82,9 @@ psa_status_t psa_adac_mac_sign(psa_algorithm_t algo, const uint8_t *inputs[], si 216 return r; 217 } 218 219-psa_status_t psa_adac_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type, uint8_t exts[], 220- size_t exts_size, uint8_t *fragment[], size_t *fragment_size, psa_key_handle_t handle, 221- uint8_t *key, size_t key_size) { 222+psa_status_t psa_adac_sign_token(uint8_t challenge[], size_t challenge_size, uint8_t signature_type, 223+ uint8_t exts[], size_t exts_size, uint8_t *fragment[], size_t *fragment_size, 224+ uint8_t *req_perms, psa_key_handle_t handle, uint8_t *key, size_t key_size) { 225 uint8_t hash[PSA_HASH_MAX_SIZE], *sig, *ext_hash, *_fragment; 226 size_t token_size, hash_size, sig_size, body_size, tbs_size, ext_hash_size; 227 psa_algorithm_t hash_algo, sig_algo; 228@@ -243,8 +243,13 @@ psa_status_t psa_adac_sign_token(uint8_t challenge[], size_t challenge_size, uin 229 230 token_header_t *token = (token_header_t *) (_fragment + sizeof(psa_tlv_t)); 231 // memset(token, 0, token_size); 232+ token->format_version.minor = SDP_TOKEN_MINOR; 233+ token->format_version.major = SDP_TOKEN_MAJOR; 234 token->signature_type = signature_type; 235 token->extensions_bytes = exts_size; 236+ if(req_perms != NULL) 237+ memcpy((void*)(token->requested_permissions), req_perms, PERMISSION_BITS/8); 238+ 239 if (exts_size > 0) { 240 // FIXME: Support PSA_ALG_CMAC 241 psa_adac_hash(hash_algo, exts, exts_size, ext_hash, ext_hash_size, &hash_size); 242
