ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update TFM attestation code to latest version 

The latest and greatest version is:
c43181daf54f69f53de58593a50dd6a9c233eecd

- Add new header file and implement tfm_memcpy (used in
attetstaion_core c file)
pull/9668/head
Moran Peker 2019-02-25 12:48:59 +02:00
parent 2810d369f9
commit c97cecc273
3 changed files with 83 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attestation_core.c
View File

@ -18,6 +18,7 @@
#include "attest_token.h" #include "attest_token.h"
#include "attest_eat_defines.h" #include "attest_eat_defines.h"
#include "t_cose_defines.h" #include "t_cose_defines.h"
#include "tfm_memory_utils.h"
#define MAX_BOOT_STATUS 512 #define MAX_BOOT_STATUS 512
@ -41,10 +42,7 @@
* the service related data from shared area. * the service related data from shared area.
*/ */
/* FixMe: Enforcement of 4 byte alignment can be removed as soon as memory type /* Enforcement of 4 byte alignment, which is checked by TF-M SPM */
* is configured in the MPU to be normal, instead of device, which
* prohibits unaligned access.
*/
__attribute__ ((aligned(4))) __attribute__ ((aligned(4)))
static uint8_t boot_status[MAX_BOOT_STATUS]; static uint8_t boot_status[MAX_BOOT_STATUS];
@ -84,6 +82,11 @@ error_mapping(enum attest_token_err_t token_err)
* \brief Static function to convert a pointer and size info to unsigned * \brief Static function to convert a pointer and size info to unsigned
* integer number. Max 32bits unsigned integers are supported. * integer number. Max 32bits unsigned integers are supported.
* *
* This implementation assumes that the endianness of the sender and receiver
* of the data is the same because they are actually running on the same CPU
* instance. If this assumption is not true than this function must be
* refactored accordingly.
*
* \param[in] int_ptr Pointer to the unsigned integer * \param[in] int_ptr Pointer to the unsigned integer
* \param[in] len Size of the unsigned integers in bytes * \param[in] len Size of the unsigned integers in bytes
* \param[in] value Pointer where to store the converted value * \param[in] value Pointer where to store the converted value
@ -94,15 +97,20 @@ static inline int32_t get_uint(const void *int_ptr,
size_t len, size_t len,
uint32_t *value) uint32_t *value)
{ {
uint16_t uint16;
switch (len) { switch (len) {
case 1: case 1:
*value = (uint32_t)(*(uint8_t *)(int_ptr)); *value = (uint32_t)(*(uint8_t *)(int_ptr));
break; break;
case 2: case 2:
*value = (uint32_t)(*(uint16_t *)(int_ptr)); /* Avoid unaligned access */
tfm_memcpy(&uint16, int_ptr, sizeof(uint16));
*value = (uint32_t)uint16;
break; break;
case 4: case 4:
*value = (uint32_t)(*(uint32_t *)(int_ptr)); /* Avoid unaligned access */
tfm_memcpy(value, int_ptr, sizeof(uint32_t));
break; break;
default: default:
return -1; return -1;
@ -134,7 +142,7 @@ static int32_t attest_get_tlv_by_module(uint8_t module,
uint8_t **tlv_ptr) uint8_t **tlv_ptr)
{ {
struct shared_data_tlv_header *tlv_header; struct shared_data_tlv_header *tlv_header;
struct shared_data_tlv_entry *tlv_entry; struct shared_data_tlv_entry tlv_entry;
uint8_t *tlv_end; uint8_t *tlv_end;
uint8_t *tlv_curr; uint8_t *tlv_curr;
@ -144,25 +152,26 @@ static int32_t attest_get_tlv_by_module(uint8_t module,
} }
/* Get the boundaries of TLV section where to lookup*/ /* Get the boundaries of TLV section where to lookup*/
tlv_end = boot_status + tlv_header->tlv_tot_len; tlv_end = (uint8_t *)boot_status + tlv_header->tlv_tot_len;
if (*tlv_ptr == NULL) { if (*tlv_ptr == NULL) {
/* At first call set to the beginning of the TLV section */ /* At first call set to the beginning of the TLV section */
tlv_curr = boot_status + SHARED_DATA_HEADER_SIZE; tlv_curr = (uint8_t *)boot_status + SHARED_DATA_HEADER_SIZE;
} else { } else {
/* Any subsequent call set to the next TLV entry */ /* Any subsequent call set to the next TLV entry */
tlv_entry = (struct shared_data_tlv_entry *)(*tlv_ptr); tfm_memcpy(&tlv_entry, *tlv_ptr, SHARED_DATA_ENTRY_HEADER_SIZE);
tlv_curr = (*tlv_ptr) + tlv_entry->tlv_len; tlv_curr = (*tlv_ptr) + tlv_entry.tlv_len;
} }
/* Iterates over the TLV section and returns the address and size of TLVs /* Iterates over the TLV section and returns the address and size of TLVs
* with requested module identifier * with requested module identifier
*/ */
for (; tlv_curr < tlv_end; tlv_curr += tlv_entry->tlv_len) { for (; tlv_curr < tlv_end; tlv_curr += tlv_entry.tlv_len) {
tlv_entry = (struct shared_data_tlv_entry *)tlv_curr; /* Create local copy to avoid unaligned access */
if (GET_IAS_MODULE(tlv_entry->tlv_type) == module) { tfm_memcpy(&tlv_entry, tlv_curr, SHARED_DATA_ENTRY_HEADER_SIZE);
*claim = GET_IAS_CLAIM(tlv_entry->tlv_type); if (GET_IAS_MODULE(tlv_entry.tlv_type) == module) {
*tlv_ptr = (uint8_t *)tlv_entry; *claim = GET_IAS_CLAIM(tlv_entry.tlv_type);
*tlv_len = tlv_entry->tlv_len; *tlv_ptr = tlv_curr;
*tlv_len = tlv_entry.tlv_len;
return 1; return 1;
} }
} }
@ -294,16 +303,20 @@ attest_add_single_sw_measurment(struct attest_token_ctx *token_ctx,
uint8_t *tlv_address, uint8_t *tlv_address,
uint32_t nested_map) uint32_t nested_map)
{ {
struct shared_data_tlv_entry *tlv_entry = struct shared_data_tlv_entry tlv_entry;
(struct shared_data_tlv_entry *) tlv_address; uint16_t tlv_len;
uint16_t tlv_len = tlv_entry->tlv_len; uint8_t tlv_id;
uint8_t tlv_id = GET_IAS_CLAIM(tlv_entry->tlv_type);
uint8_t *tlv_ptr = tlv_address; uint8_t *tlv_ptr = tlv_address;
int32_t found = 1; int32_t found = 1;
struct useful_buf_c claim_value; struct useful_buf_c claim_value;
enum psa_attest_err_t res; enum psa_attest_err_t res;
QCBOREncodeContext *cbor_encode_ctx; QCBOREncodeContext *cbor_encode_ctx;
/* Create local copy to avoid unaligned access */
tfm_memcpy(&tlv_entry, tlv_address, SHARED_DATA_ENTRY_HEADER_SIZE);
tlv_len = tlv_entry.tlv_len;
tlv_id = GET_IAS_CLAIM(tlv_entry.tlv_type);
cbor_encode_ctx = attest_token_borrow_cbor_cntxt(token_ctx); cbor_encode_ctx = attest_token_borrow_cbor_cntxt(token_ctx);
/* Open nested map for SW component measurement claims */ /* Open nested map for SW component measurement claims */
@ -357,16 +370,20 @@ attest_add_single_sw_component(struct attest_token_ctx *token_ctx,
uint32_t module, uint32_t module,
uint8_t *tlv_address) uint8_t *tlv_address)
{ {
struct shared_data_tlv_entry *tlv_entry = struct shared_data_tlv_entry tlv_entry;
(struct shared_data_tlv_entry *) tlv_address; uint16_t tlv_len;
uint16_t tlv_len = tlv_entry->tlv_len; uint8_t tlv_id;
uint8_t tlv_id = GET_IAS_CLAIM(tlv_entry->tlv_type);
uint8_t *tlv_ptr = tlv_address; uint8_t *tlv_ptr = tlv_address;
int32_t found = 1; int32_t found = 1;
uint32_t measurement_claim_cnt = 0; uint32_t measurement_claim_cnt = 0;
struct useful_buf_c claim_value; struct useful_buf_c claim_value;
QCBOREncodeContext *cbor_encode_ctx; QCBOREncodeContext *cbor_encode_ctx;
/* Create local copy to avoid unaligned access */
tfm_memcpy(&tlv_entry, tlv_address, SHARED_DATA_ENTRY_HEADER_SIZE);
tlv_len = tlv_entry.tlv_len;
tlv_id = GET_IAS_CLAIM(tlv_entry.tlv_type);
/* Open map which stores claims belong to a SW component */ /* Open map which stores claims belong to a SW component */
cbor_encode_ctx = attest_token_borrow_cbor_cntxt(token_ctx); cbor_encode_ctx = attest_token_borrow_cbor_cntxt(token_ctx);
QCBOREncode_OpenMap(cbor_encode_ctx); QCBOREncode_OpenMap(cbor_encode_ctx);

39
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_memory_utils.h Normal file
View File

@ -0,0 +1,39 @@
/*
* Copyright (c) 2018-2019 ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an AS IS BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __TFM_MEMORY_UTILS_H__
#define __TFM_MEMORY_UTILS_H__
#include <stdint.h>
#include <string.h>
#ifdef __cplusplus
extern "C"
{
#endif
void *tfm_memcpy(void *dest, const void *src, size_t num)
{
return (memcpy(dest, src, num));
}
#ifdef __cplusplus
}
#endif
#endif /* __TFM_MEMORY_UTILS_H__ */

4
components/TARGET_PSA/services/attestation/attestation.h
View File

@ -84,7 +84,7 @@ enum psa_attest_err_t attest_init(void);
*/ */
enum psa_attest_err_t enum psa_attest_err_t
initial_attest_get_token(const psa_invec *in_vec, uint32_t num_invec, initial_attest_get_token(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec); psa_outvec *out_vec, uint32_t num_outvec);
/** /**
* \brief Get the size of the initial attestation token * \brief Get the size of the initial attestation token
@ -100,7 +100,7 @@ initial_attest_get_token(const psa_invec *in_vec, uint32_t num_invec,
*/ */
enum psa_attest_err_t enum psa_attest_err_t
initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec, initial_attest_get_token_size(const psa_invec *in_vec, uint32_t num_invec,
psa_outvec *out_vec, uint32_t num_outvec); psa_outvec *out_vec, uint32_t num_outvec);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif