-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PSA Initial Attestation service #9668
Changes from 43 commits
9a4ea3d
5f45b0a
e2ea743
1d2351d
22437fc
a994499
8fc9c8f
0a0bb04
636753b
080f4f4
4101ee9
2117a26
70a14b2
773fa44
5211a92
e0c5df5
715305a
bd7061e
b3c6f70
f8e4626
07520c7
2720b5a
e12f5ee
e60af99
aa5b79a
d40c25d
d9b22da
d3c9860
de3ee8e
41bd381
2e7738b
92a9b3f
f02f6e3
661e2f9
2810d36
c97cecc
2cccfa1
25fa5a6
ec5c3c1
a268b81
7dd58b9
e819b23
89ac107
47f59b1
6e3d238
4a2b06e
97a9652
b847138
e4c7144
8447463
49c6a1c
bca8091
6346442
2b8621a
116e14a
83d084a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,153 @@ | ||
/* | ||
* Copyright (c) 2019 ARM Limited. All rights reserved. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the License); you may | ||
* not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an AS IS BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
#if ((!defined(TARGET_PSA)) || (!defined(MBEDTLS_PSA_CRYPTO_C))) | ||
#error [NOT_SUPPORTED] Mbed Crypto is OFF - skipping. | ||
#endif // TARGET_PSA | ||
|
||
#include "greentea-client/test_env.h" | ||
#include "unity/unity.h" | ||
#include "utest/utest.h" | ||
#include "psa_initial_attestation_api.h" | ||
#include "psa_attest_inject_key.h" | ||
#include <string.h> | ||
#include <stdlib.h> | ||
|
||
#include "entropy.h" | ||
#include "entropy_poll.h" | ||
|
||
/* MAX value support macro */ | ||
#if !defined(MAX) | ||
#define MAX(a,b) (((a)>(b))?(a):(b)) | ||
#endif | ||
|
||
#define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE \ | ||
MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE) | ||
|
||
using namespace utest::v1; | ||
|
||
utest::v1::status_t greentea_test_setup(const size_t number_of_cases) | ||
{ | ||
#ifndef NO_GREENTEA | ||
GREENTEA_SETUP(60, "default_auto"); | ||
#endif | ||
return greentea_test_setup_handler(number_of_cases); | ||
} | ||
|
||
#define PSA_ATTESTATION_PRIVATE_KEY_ID 17 | ||
|
||
static const uint8_t private_key_data[] = { | ||
0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, | ||
0x38, 0xc4, 0x31, 0xcf, 0x1d, 0xf1, 0xc9, 0x94, | ||
0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, | ||
0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee | ||
}; | ||
|
||
static const uint8_t public_key_data[] = { | ||
0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39, | ||
0x92, 0x79, 0xd5, 0xe1, 0xf1, 0x78, 0x1f, 0xac, | ||
0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3, | ||
0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b, | ||
0x57, 0x25, 0x90, 0xcd, 0xaf, 0x8f, 0x76, 0x93, | ||
0x61, 0xbc, 0xf3, 0x4a, 0xcf, 0xc1, 0x1e, 0x5e, | ||
0x07, 0x4e, 0x84, 0x26, 0xbd, 0xde, 0x04, 0xbe, | ||
0x6e, 0x65, 0x39, 0x45, 0x44, 0x96, 0x17, 0xde, | ||
0x45 | ||
}; | ||
|
||
#define TEST_TOKEN_SIZE (0x200) | ||
#define TEST_CHALLENGE_OBJ_SIZE (32u) | ||
|
||
#define CHALLENGE_FOR_TEST 0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, \ | ||
0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, \ | ||
0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, \ | ||
0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF | ||
|
||
static uint8_t token_buffer[TEST_TOKEN_SIZE]; | ||
static uint8_t challenge_buffer[TEST_CHALLENGE_OBJ_SIZE] = {CHALLENGE_FOR_TEST}; | ||
|
||
static void check_initial_attestation_get_token() | ||
{ | ||
psa_status_t status = PSA_SUCCESS; | ||
size_t exported_length; | ||
uint8_t exported[sizeof(public_key_data)]; | ||
enum psa_attest_err_t attest_err = PSA_ATTEST_ERR_SUCCESS; | ||
uint32_t token_size; | ||
|
||
status = psa_crypto_init(); | ||
TEST_ASSERT_EQUAL(status, PSA_SUCCESS); | ||
status = psa_attestation_inject_key(private_key_data, | ||
sizeof(private_key_data), | ||
PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1), | ||
exported, | ||
sizeof(exported), | ||
&exported_length); | ||
|
||
TEST_ASSERT_EQUAL(status, PSA_SUCCESS); | ||
TEST_ASSERT_EQUAL(sizeof(public_key_data), exported_length); | ||
TEST_ASSERT_EQUAL(memcmp(public_key_data, exported, exported_length), 0); | ||
|
||
attest_err = psa_initial_attest_get_token_size(TEST_CHALLENGE_OBJ_SIZE, | ||
&token_size); | ||
|
||
TEST_ASSERT_EQUAL(attest_err, PSA_ATTEST_ERR_SUCCESS); | ||
|
||
attest_err = psa_initial_attest_get_token(challenge_buffer, | ||
TEST_CHALLENGE_OBJ_SIZE, | ||
token_buffer, | ||
&token_size); | ||
|
||
TEST_ASSERT_EQUAL(attest_err, PSA_ATTEST_ERR_SUCCESS); | ||
} | ||
/***************************************************************************************/ | ||
|
||
utest::v1::status_t case_teardown_handler(const Case *const source, const size_t passed, const size_t failed, const failure_t reason) | ||
{ | ||
const psa_key_id_t key_id = PSA_ATTESTATION_PRIVATE_KEY_ID; | ||
psa_key_handle_t handle = 0; | ||
psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); | ||
psa_destroy_key(handle); | ||
mbedtls_psa_crypto_free(); | ||
return greentea_case_teardown_handler(source, passed, failed, reason); | ||
} | ||
|
||
utest::v1::status_t case_setup_handler(const Case *const source, const size_t index_of_case) | ||
{ | ||
return greentea_case_setup_handler(source, index_of_case); | ||
} | ||
|
||
Case cases[] = { | ||
Case("PSA attestation get token", check_initial_attestation_get_token, case_teardown_handler), | ||
}; | ||
|
||
Specification specification(greentea_test_setup, cases); | ||
|
||
int main() | ||
{ | ||
#if (defined(COMPONENT_PSA_SRV_IPC) || defined(MBEDTLS_ENTROPY_NV_SEED)) | ||
uint8_t seed[MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE] = {0}; | ||
/* inject some seed for test*/ | ||
for (int i = 0; i < MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE; ++i) { | ||
seed[i] = i; | ||
} | ||
|
||
/* don't really care if this succeeds this is just to make crypto init pass*/ | ||
mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE); | ||
#endif | ||
return !Harness::run(specification); | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -28,14 +28,16 @@ | |
#include "handles_manager.h" | ||
#include "cmsis.h" | ||
#include "psa_client_tests_part1_partition.h" | ||
#include "psa_attest_srv_partition.h" | ||
#include "psa_crypto_srv_partition.h" | ||
#include "psa_platform_partition.h" | ||
#include "psa_its_partition.h" | ||
|
||
extern const uint32_t attest_srv_external_sids[7]; | ||
extern const uint32_t crypto_srv_external_sids[4]; | ||
extern const uint32_t platform_external_sids[1]; | ||
|
||
spm_partition_t g_partitions[4] = { | ||
spm_partition_t g_partitions[5] = { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why not in define? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. psa_setup is generated file by calling 'tools/psa/generate_tfm_partition_code.py' script There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That script could just omit the size, if only to avoid such comments. |
||
{ | ||
.partition_id = CLIENT_TESTS_PART1_ID, | ||
.thread_id = 0, | ||
|
@@ -47,6 +49,17 @@ spm_partition_t g_partitions[4] = { | |
.extern_sids_count = CLIENT_TESTS_PART1_EXT_ROT_SRV_COUNT, | ||
.irq_mapper = NULL, | ||
}, | ||
{ | ||
.partition_id = ATTEST_SRV_ID, | ||
.thread_id = 0, | ||
.flags_rot_srv = ATTEST_SRV_WAIT_ANY_SID_MSK, | ||
.flags_interrupts = 0, | ||
.rot_services = NULL, | ||
.rot_services_count = ATTEST_SRV_ROT_SRV_COUNT, | ||
.extern_sids = attest_srv_external_sids, | ||
.extern_sids_count = ATTEST_SRV_EXT_ROT_SRV_COUNT, | ||
.irq_mapper = NULL, | ||
}, | ||
{ | ||
.partition_id = CRYPTO_SRV_ID, | ||
.thread_id = 0, | ||
|
@@ -91,6 +104,7 @@ const uint32_t mem_region_count = 0; | |
|
||
// forward declaration of partition initializers | ||
void client_tests_part1_init(spm_partition_t *partition); | ||
void attest_srv_init(spm_partition_t *partition); | ||
void crypto_srv_init(spm_partition_t *partition); | ||
void platform_init(spm_partition_t *partition); | ||
void its_init(spm_partition_t *partition); | ||
|
@@ -102,11 +116,12 @@ uint32_t init_partitions(spm_partition_t **partitions) | |
} | ||
|
||
client_tests_part1_init(&(g_partitions[0])); | ||
crypto_srv_init(&(g_partitions[1])); | ||
platform_init(&(g_partitions[2])); | ||
its_init(&(g_partitions[3])); | ||
attest_srv_init(&(g_partitions[1])); | ||
crypto_srv_init(&(g_partitions[2])); | ||
platform_init(&(g_partitions[3])); | ||
its_init(&(g_partitions[4])); | ||
|
||
*partitions = g_partitions; | ||
return 4; | ||
return 5; | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,15 +29,17 @@ | |
#include "cmsis.h" | ||
#include "psa_server_test_part1_partition.h" | ||
#include "psa_server_test_part2_partition.h" | ||
#include "psa_attest_srv_partition.h" | ||
#include "psa_crypto_srv_partition.h" | ||
#include "psa_platform_partition.h" | ||
#include "psa_its_partition.h" | ||
|
||
extern const uint32_t server_test_part1_external_sids[2]; | ||
extern const uint32_t attest_srv_external_sids[7]; | ||
extern const uint32_t crypto_srv_external_sids[4]; | ||
extern const uint32_t platform_external_sids[1]; | ||
|
||
spm_partition_t g_partitions[5] = { | ||
spm_partition_t g_partitions[6] = { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. def There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. psa_setup is generated file by calling 'tools/psa/generate_tfm_partition_code.py' script |
||
{ | ||
.partition_id = SERVER_TEST_PART1_ID, | ||
.thread_id = 0, | ||
|
@@ -60,6 +62,17 @@ spm_partition_t g_partitions[5] = { | |
.extern_sids_count = SERVER_TEST_PART2_EXT_ROT_SRV_COUNT, | ||
.irq_mapper = NULL, | ||
}, | ||
{ | ||
.partition_id = ATTEST_SRV_ID, | ||
.thread_id = 0, | ||
.flags_rot_srv = ATTEST_SRV_WAIT_ANY_SID_MSK, | ||
.flags_interrupts = 0, | ||
.rot_services = NULL, | ||
.rot_services_count = ATTEST_SRV_ROT_SRV_COUNT, | ||
.extern_sids = attest_srv_external_sids, | ||
.extern_sids_count = ATTEST_SRV_EXT_ROT_SRV_COUNT, | ||
.irq_mapper = NULL, | ||
}, | ||
{ | ||
.partition_id = CRYPTO_SRV_ID, | ||
.thread_id = 0, | ||
|
@@ -105,6 +118,7 @@ const uint32_t mem_region_count = 0; | |
// forward declaration of partition initializers | ||
void server_test_part1_init(spm_partition_t *partition); | ||
void server_test_part2_init(spm_partition_t *partition); | ||
void attest_srv_init(spm_partition_t *partition); | ||
void crypto_srv_init(spm_partition_t *partition); | ||
void platform_init(spm_partition_t *partition); | ||
void its_init(spm_partition_t *partition); | ||
|
@@ -117,11 +131,12 @@ uint32_t init_partitions(spm_partition_t **partitions) | |
|
||
server_test_part1_init(&(g_partitions[0])); | ||
server_test_part2_init(&(g_partitions[1])); | ||
crypto_srv_init(&(g_partitions[2])); | ||
platform_init(&(g_partitions[3])); | ||
its_init(&(g_partitions[4])); | ||
attest_srv_init(&(g_partitions[2])); | ||
crypto_srv_init(&(g_partitions[3])); | ||
platform_init(&(g_partitions[4])); | ||
its_init(&(g_partitions[5])); | ||
|
||
*partitions = g_partitions; | ||
return 5; | ||
return 6; | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -28,14 +28,16 @@ | |
#include "handles_manager.h" | ||
#include "cmsis.h" | ||
#include "psa_smoke_test_part1_partition.h" | ||
#include "psa_attest_srv_partition.h" | ||
#include "psa_crypto_srv_partition.h" | ||
#include "psa_platform_partition.h" | ||
#include "psa_its_partition.h" | ||
|
||
extern const uint32_t attest_srv_external_sids[7]; | ||
extern const uint32_t crypto_srv_external_sids[4]; | ||
extern const uint32_t platform_external_sids[1]; | ||
|
||
spm_partition_t g_partitions[4] = { | ||
spm_partition_t g_partitions[5] = { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. def There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. psa_setup is generated file by calling 'tools/psa/generate_tfm_partition_code.py' script |
||
{ | ||
.partition_id = SMOKE_TEST_PART1_ID, | ||
.thread_id = 0, | ||
|
@@ -47,6 +49,17 @@ spm_partition_t g_partitions[4] = { | |
.extern_sids_count = SMOKE_TEST_PART1_EXT_ROT_SRV_COUNT, | ||
.irq_mapper = NULL, | ||
}, | ||
{ | ||
.partition_id = ATTEST_SRV_ID, | ||
.thread_id = 0, | ||
.flags_rot_srv = ATTEST_SRV_WAIT_ANY_SID_MSK, | ||
.flags_interrupts = 0, | ||
.rot_services = NULL, | ||
.rot_services_count = ATTEST_SRV_ROT_SRV_COUNT, | ||
.extern_sids = attest_srv_external_sids, | ||
.extern_sids_count = ATTEST_SRV_EXT_ROT_SRV_COUNT, | ||
.irq_mapper = NULL, | ||
}, | ||
{ | ||
.partition_id = CRYPTO_SRV_ID, | ||
.thread_id = 0, | ||
|
@@ -91,6 +104,7 @@ const uint32_t mem_region_count = 0; | |
|
||
// forward declaration of partition initializers | ||
void smoke_test_part1_init(spm_partition_t *partition); | ||
void attest_srv_init(spm_partition_t *partition); | ||
void crypto_srv_init(spm_partition_t *partition); | ||
void platform_init(spm_partition_t *partition); | ||
void its_init(spm_partition_t *partition); | ||
|
@@ -102,11 +116,12 @@ uint32_t init_partitions(spm_partition_t **partitions) | |
} | ||
|
||
smoke_test_part1_init(&(g_partitions[0])); | ||
crypto_srv_init(&(g_partitions[1])); | ||
platform_init(&(g_partitions[2])); | ||
its_init(&(g_partitions[3])); | ||
attest_srv_init(&(g_partitions[1])); | ||
crypto_srv_init(&(g_partitions[2])); | ||
platform_init(&(g_partitions[3])); | ||
its_init(&(g_partitions[4])); | ||
|
||
*partitions = g_partitions; | ||
return 4; | ||
return 5; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. def There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. psa_setup is generated file by calling 'tools/psa/generate_tfm_partition_code.py' script |
||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 for the commit comment about this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One note: please revert file permissions changes
100644 → 100755
?