diff --git a/TESTS/psa/attestation/main.cpp b/TESTS/psa/attestation/main.cpp index c75a137b6e..7bf382624c 100755 --- a/TESTS/psa/attestation/main.cpp +++ b/TESTS/psa/attestation/main.cpp @@ -1,5 +1,5 @@ /* -* Copyright (c) 2018 ARM Limited. All rights reserved. +* Copyright (c) 2019 ARM Limited. All rights reserved. * * SPDX-License-Identifier: Apache-2.0 * @@ -83,11 +83,7 @@ static void check_initial_attestation_get_token() uint8_t exported[sizeof(public_key_data)]; enum psa_attest_err_t attest_err = PSA_ATTEST_ERR_SUCCESS; uint32_t token_size; - const psa_key_id_t key_id = 17; - psa_key_handle_t handle = 0; - status = psa_crypto_init(); - status = psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); - status = psa_destroy_key(handle); + status = psa_attestation_inject_key(private_key_data, sizeof(private_key_data), PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1), @@ -119,7 +115,7 @@ utest::v1::status_t case_teardown_handler(const Case *const source, const size_t psa_key_handle_t handle = 0; psa_open_key(PSA_KEY_LIFETIME_PERSISTENT, key_id, &handle); psa_destroy_key(handle); - // mbedtls_psa_cr/ypto_free(); + mbedtls_psa_crypto_free(); return greentea_case_teardown_handler(source, passed, failed, reason); } diff --git a/components/TARGET_PSA/inc/psa/psa_attest_inject_key.h b/components/TARGET_PSA/inc/psa/psa_attest_inject_key.h index ae91a01b64..38e53bd0a2 100644 --- a/components/TARGET_PSA/inc/psa/psa_attest_inject_key.h +++ b/components/TARGET_PSA/inc/psa/psa_attest_inject_key.h @@ -16,13 +16,6 @@ * limitations under the License. */ -/***************************************************************************/ -/* DRAFT UNDER REVIEW */ -/* These APIs are still evolving and are meant as a prototype for review.*/ -/* The APIs will change depending on feedback and will be firmed up */ -/* to a stable set of APIs once all the feedback has been considered. */ -/***************************************************************************/ - #ifndef __PSA_INJECT_KEY_H__ #define __PSA_INJECT_KEY_H__ diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_EMUL/psa_initial_attestation_api.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_EMUL/psa_initial_attestation_api.c index 24ea6c174d..c4eb0171c0 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_EMUL/psa_initial_attestation_api.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_EMUL/psa_initial_attestation_api.c @@ -65,10 +65,6 @@ psa_initial_attest_get_token_size(uint32_t challenge_size, psa_outvec out_vec[1] = { { token_size, sizeof(*token_size) } }; err = initial_attest_get_token_size(in_vec, 1, out_vec, 1); - if (err != PSA_ATTEST_ERR_SUCCESS) - { - return err; - } return err; } diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_boot_status_loader.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_boot_status_loader.c index 2bfb661f4a..06505041f9 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_boot_status_loader.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_boot_status_loader.c @@ -22,20 +22,21 @@ #include "attestation_bootloader_data.h" #include "tfm_boot_status.h" +/*! + * \def SHARED_DATA_INITIALZED and SHARED_DATA_UNNITIALZED + * + * \brief Indicates that shared data was already initialized. + */ +#define SHARED_DATA_UNNITIALZED (0u) +#define SHARED_DATA_INITIALZED (1u) + /*! * \var shared_data_init_done * * \brief Indicates whether shared data area was already initialized. * */ -static uint32_t shared_data_init_done; - -/*! - * \def SHARED_DATA_INITIALZED - * - * \brief Indicates that shared data was already initialized. - */ -#define SHARED_DATA_INITIALZED (1u) +static uint32_t shared_data_init_done = SHARED_DATA_UNNITIALZED; enum psa_attest_err_t attest_get_boot_data(uint8_t major_type, void *ptr, uint32_t len) { @@ -61,12 +62,10 @@ attest_get_boot_data(uint8_t major_type, void *ptr, uint32_t len) { if (len < SHARED_DATA_HEADER_SIZE) { return PSA_ATTEST_ERR_INIT_FAILED; - } else - { - ptr_tlv_header = (struct shared_data_tlv_header *)ptr; - ptr_tlv_header->tlv_magic = SHARED_DATA_TLV_INFO_MAGIC; - ptr_tlv_header->tlv_tot_len = SHARED_DATA_HEADER_SIZE; } + ptr_tlv_header = (struct shared_data_tlv_header *)ptr; + ptr_tlv_header->tlv_magic = SHARED_DATA_TLV_INFO_MAGIC; + ptr_tlv_header->tlv_tot_len = SHARED_DATA_HEADER_SIZE; ptr += SHARED_DATA_HEADER_SIZE; /* Iterates over the TLV section and copy TLVs with requested major @@ -79,6 +78,9 @@ attest_get_boot_data(uint8_t major_type, void *ptr, uint32_t len) { memcpy(ptr, (const void *)tlv_entry, tlv_entry->tlv_len); ptr += tlv_entry->tlv_len; ptr_tlv_header->tlv_tot_len += tlv_entry->tlv_len; + if (len < ptr_tlv_header->tlv_tot_len) { + return PSA_ATTEST_ERR_INIT_FAILED; + } } } diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c index 3ed4a57ba2..dc890d0792 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c @@ -22,9 +22,10 @@ #include "tfm_plat_crypto_keys.h" #include -static psa_hash_operation_t hash_handle; #define PSA_ATTESTATION_PRIVATE_KEY_ID 17 +static psa_hash_operation_t hash_handle = {0}; + enum t_cose_err_t t_cose_crypto_pub_key_sign(int32_t cose_alg_id, int32_t key_select, @@ -84,7 +85,7 @@ t_cose_crypto_get_ec_pub_key(int32_t key_select, enum tfm_plat_err_t err; enum ecc_curve_t cose_curve; struct ecc_key_t attest_key = {0}; - uint8_t key_buf[ECC_P_256_KEY_SIZE]; + uint8_t key_buf[ECC_P_256_KEY_SIZE] = {0}; (void)key_select; diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_attest_inject_key.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_attest_inject_key.c index 702b6986ee..3e64d64342 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_attest_inject_key.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_attest_inject_key.c @@ -38,7 +38,7 @@ psa_attestation_inject_key(const uint8_t *key_data, in_vec[0] = (psa_invec) { &type, - sizeof(psa_key_type_t) + sizeof(type) }; in_vec[1] = (psa_invec) { key_data, key_data_length diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_initial_attestation_api.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_initial_attestation_api.c index 35911d90a0..f5982a3941 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_initial_attestation_api.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_initial_attestation_api.c @@ -50,8 +50,6 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, err_call = PSA_ATTEST_ERR_GENERAL; } - *token_size = out_vec[0].len; - return ((enum psa_attest_err_t) err_call); } diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c b/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c index 4e41ecaaf0..5e34c79610 100755 --- a/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c +++ b/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c @@ -1,3 +1,21 @@ +/* +* Copyright (c) 2018-2019 ARM Limited. All rights reserved. +* +* SPDX-License-Identifier: Apache-2.0 +* +* Licensed under the Apache License, Version 2.0 (the License); you may +* not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an AS IS BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + // ---------------------------------- Includes --------------------------------- #include "psa/service.h" #include "psa/client.h"